Surveillance at the Sochi Olympics 2014
Andrei Soldatov, Irina Borogan
Stories in The Guardian:
The story of FSB's system of metadata collection during the Olympics was published in The Moscow Times:
The main role in providing security for the Olympics was handed over to the country's all-powerful Federal Security Service, FSB. In May 2010 an FSB general Oleg Syromolotov, has been appointed the chairman of the interdepartmental operations staff to provide security at the Games. Remarkably, inside of the FSB Oleg Syromolotov is not in charge of counterterrorism operations, as it might be expected, but a long-standing chief of the counter-intelligence department, and has spent his entire career at the KGB and then FSB hunting down foreign spies.
In September 2010 at a conference in Sochi, a presentation that had been ordered by the FSB was given on security in Sochi. The presentation, which we have obtained, was mostly about cyber threats, but it also said that SORM, Russia’s main system for intercepting communications, should be significantly updated in Sochi, and it also specified that this should be done in secret.
SORM’s tactical and technical foundations were developed by a KGB research institute in the mid-1980s, and recent technological advances have updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations.
In most Western nations, law enforcement or intelligence agencies must receive a court order before wiretapping (in the UK a warrant signed by a Secretary of State, usually the Home Secretary). That warrant is sent to phone operators and Internet providers, which are then required to intercept the requested information and forward it to the respective government agencies. In Russia, FSB officers are also required to obtain a court order to eavesdrop, but once they have it, they are not obliged to show it to anybody except their superiors in the FSB.
Telecom providers have no right to demand that the FSB show them the warrant. The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes. The FSB does not even need to contact the ISP’s staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network.
Since 2010 Russian authorities have been busy making sure that SORM equipment is properly installed in the Sochi region – and several local ISPs were fined when it was discovered they had failed to install Omega – the SORM device recommended by the FSB (see this court decision, as example).
The Russian authorities made sure that visitors of the Olympics will have no trouble with wireless high-speed Internet. Special efforts were made to turn Sochi into the wireless area. In November 2012 it was announced that there will be free Wi-Fi access at all the competition venues «for the first time in Olympic history», as well as in the media centers and media hotels. It’s also promised that the free Internet package will provide Wi-Fi access at a speed of up to 10 Mb guaranteed in all media-zones of all the competition venues, Main and Gorki Media Centers as well as on the territory of the Olympic stadium. This free solution «has superior speed parameters to similar paid-for services that were offered to the public at previous Games in London» (speeds of up to 8Mb, Sochi – 10Mb), and will be 5 times quicker than the paid-for solution in Vancouver. The task to launch the Greater Sochi WiFi public access network with over 57 WiFi areas was handed over to Rostelecom, Russia’s national telecommunications operator.
What was not so widely announced is that by April 2011 most of telecom equipment suppliers to Russia modified their WiFi equipment according to new Russian rules introduced by the FSB. According to the rules, all means of encryption in the wireless controllers should be disabled, if sent to wired network segments. It means customers could use wireless encryption in public to secure their communications against casual eavesdropping by hackers but the FSB would still be able to intercept the traffic.
Mobile networks in Sochi have been also significantly updated. In June, Rostelecom, Russia’s national telecom operator, launched a 4G LTE network in the area around Sochi, and there is a promise that visitors will have access to the fastest Wifi networks in Olympic history, for free. But simultaneously, according to documents seen by our investigation team, Rostelecom is installing DPI (Deep Packet Inspection) systems on all its mobile networks, a worrying technology which will allow the FSB not only to monitor all traffic, but to filter it.
Those who are determined to take their laptops and smartphones with them to Sochi anyway could be under the impression that their communications will be relatively safe, due to the sophisticated encryption provided by most of the Internet giants such as Google, Facebook and so on. They are likely to be wrong.
In March, Russia’s Communications Ministry introduced new SORM Regulations for Internet Service Providers. The regulations are the first document where major servers based in the West, such as gmail.com and yahoo.com are specifically mentioned as services that should be able to be intercepted. The decree is not yet signed, but the intention is clear.
On November 8th, 2013 Russia's Prime Minister Dmitry Medvedev signed the decree which expressly authorizes the government to collect data on telephone calls and Internet contacts made by the Olympic Games' organizers, athletes and foreign journalists.
The decree provides for the creation of a database for the users of all types of communication, including Internet services at public Wi-Fi locations "in a volume equal to the volume of information contained in the Olympic and Paralympic identity and accreditation cards." That is, the database will contain not only each subscriber's full name, but also detailed information guaranteed to establish his identity. What's more, the database will contain "data on payments for communications services rendered, including connections, traffic and subscriber payments."
That is called "gathering metadata" in the language of intelligence agencies.
Which individuals will be included in the database authorized by Medvedev's decree? According to the text of that document, Russian authorities will be monitoring the organizers and participants of the Games, including members of the International Olympics and Paralympics Committees, the World Anti-Doping Agency, the Court of Arbitration for Sport, national Olympics committees, as well as athletes, team doctors and technical assistants and even referees and event judges.
But that's not all. A separate clause lists foreign news agencies and media services, and one paragraph lower, accredited journalists and photographers are mentioned a second time just in case.
What's more, the information collected during the Olympic Games will be stored for three years and the Federal Security Service will have "round-the-clock remote access to the subscriber database." That means the FSB, operating from a remote location, will have three years to explore to whom, when and how often athletes, judges and journalists attending the Games made calls.
The video surveillance project was launched as a part of the bigger “Safe Sochi” project. Main contractor of the project is mobile operator Megafon (planning and development of the system). The person in charge – Tigran Pogosian, Deputy General Director of Strategy Projects at MegaFon OJSC. According to the contract documentation and media reports, there are more than 5500 videocameras in Sochi installed because of the project. 309 cameras out of 5500 are manned by the FSB with the 90 days period of keeping records (others cameras should keep 10 days records).
Surveillance analysis equipment provided by the Israeili company NICE Systems. In September 2012 NICE announced that the city of Sochi got the complete NICE Surveillance portfolio as part of «Safe Sochi» initiative.
The FSB and the Interior Ministry both deployed drones for the Olympics. The regional Krasnodar's aviation section of special purpose of the Interior Ministry have a number of Zala 421 drones (a small plane with a wingspan of just over 1.5m, weighing about 5kgs and able to fly at 3000m for 90 minutes. The Zala is equipped with thermal vision, can plot map grid references of objects below and transmits video- and photographic images live to an operator’s screen (first used by the Russian police during G8 Summit in Saint-Petersrburg in 2006). The designer and manufacturer of the drone is a group of companies called Zala Aero, set up at the beginning of the 2000s in Izhevsk. The police reported to get the drones because of the Olympics.
The FSB also acquired drones for the Olympics. The drones, known as Gorisont-Air S-100, developed by the the Austrian company Schibel, but made on the plant of the Russian Gorisont company in Rostov-on-Don. The drones bought by the local branch of the Border service of the FSB, but the FSB reported that the drones are to be used during the Olympics.
Detection of submarines
From two contracts published in May and July 2013 it became clear that the Defence Ministry was to deploy the system of sonars to detect and identify submarines. The Ministry acquired the “Amga-M” system (Autonomous submarines sonar system, made by JSC Aquamarin, Saint-Petersburg) The system of 20 sonars could cover 80 kilometers, and the radio-sonar complex “Anapa”, described in the documentation as “antidiversionary” equipment, usually installed on military ships. The contract documentation made clear that both systems were to be deployed because of the Olympics.
In six years, Russia’s use of SORM has skyrocketed. According to Russia’s Supreme Court, the number of intercepted telephone conversations and email messages has doubled in six years, from 265,937 in 2007 to 539,864 in 2012. These statistics do not include counterintelligence eavesdropping on Russian citizens and foreigners.
Agentura.Ru. October 2013
Joint investigation of Agentura.Ru, Privacy International and CitizenLab