, , , , , , , , , , , ,

SORM = ”System of Operative Search Measures”

Profanity over the phone, say it ain’t so….  One would think that senior officials anywhere would know better than to say things in the clear, over unencrypted phones – especially in the Russian/Ukraine regions.

You would think correctly that for a sensitive discussion, the sensitive language laced conversation would have taken place over STE III (or higher tech) phones with encryption capabilities.

NOTE: None of this is classified content, you can find this info all over the ‘Net but here is a bit of that info.

Many folks do not realize it but Russia has SORM (a) laws that are far more pervasive and incredibly invasive than anything the NSA is doing. Take a look at the Wired article (b) that talks about SORM and another write up (c) on Russia Surveillance Communications highlighting the fact that all ISPs must install a “box” that connects to FSB headquarters.  Talk about backdoors eh? Look at this section of the SORM law:

=== In Russia, an FSB operative is also required to get an eavesdropping warrant, but he is not obliged to show it to anyone. Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes. ===

Unlike the U.S. where it is illegal (right?) to perform massive unwarranted monitoring, Russia has laws in place where they monitor everything – voice, data, Internet. It is ‘highly’ likely in my own small opinion that some enterprising soul at FSB made a MP3 copy of that profane conversation and posted it via some covert method.

Supposedly, Russian law enforcement has to gain court approval first (under Putin, right…) but I sometimes wonder about that, for all cases, especially when Russian LE is ‘not’ obligated

In the past, some have made comparisons of SORM to the FBIs Carnivore (before it garnered all the controversy and was ditched, replaced by another system) and the British Government Technical Assistance Centre (GTAC) systems.

So, folks, would you take your laptops and smartphones to Russia and use them anywhere, at any time – knowing that all of your conversations and web traffic is monitored? As the senior officials at State should have known…

And that hackers most likely can access those FSB connected devices to steal your PII for identity theft or to empty your bank accounts… I do not know if they can access the FSB SORM devices but we ‘do’ know that the Russian hackers are prodigious and prolific throughout Russia – and they will hack your stuff if you do not harden them as best you can (but don’t click on unknown links or download strange stuff while in Russia…).

(a) SORM https://www.privacyinternational.org/blog/lawful-interception-the-russian-approach

SORM-1 intercepts telephone traffic, including mobile networks – imagewww.wired.com/images_blogs/dangerroom/2012/12/SORMovich_E1T.png

SORM-2 is responsible for intercepting internet traffic, including VoIP

SORM-3 gathers information from all communication media, and offers long-term storage (three years), providing access to all user data

(b) Wired article for the Russian approved spying on Maxim Petlin via the SORM laws www.wired.com/dangerroom/2012/12/russias-hand/all/ In Ex-Soviet States, Russian Spy Tech Still Watches You  By Andrei Soldatov and Irina Borogan – December 2012

SORM - watching U

(c) RUSSIA – Surveillance of communications  www.statewatch.org/news/jun00/rip3.htm SORM-2 and the EU — SORM-2 allows the automatic transmission of all communications to the law enforcement agencies.   (Not my italicization…)

One more if you want some more info:  March 2010 – Emerging Cyber Threats And Russian Views On Information Warfare And Information Operations www.highseclabs.com/Corporate/foir2970.pdf – FOI Swedish Defence Research Agency

Besides everything else, Russia (along with China) want their own cyber security rules & regulations for the ‘Net – one site to check out for their U.N. proposal: China, Russia seek greater control of Internet: U.S. – Mar 2013      www.reuters.com/article/2013/03/07/net-us-internet-usa-idUSBRE92617220130307

PII – Personally Identifiable Information   (medical, financial, personal, etc.)