A Massive 1.7 Terabytes of Russian Telco Information Was Exposed

Last updated May 26, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

UpGuard disclosed a security incident which involves the exposure of a storage device containing 1.7 terabytes of data. The information concerned telecommunications installation throughout the Russian Federation, full with details like schematics, administrative credentials, email archives, photographs, installation instructions for SORM, details about the FSB data interception system, backups, and many more. The device that was exposed has now been secured, so UpGuard can safely share all of the details with the public. While the incident affects all Russian telco firms, the companies that were affected the most by it are Nokia and Mobile TeleSystems.

schematic_2

Source: upguard.com

Nokia has responded to a request for comment sent by UpGuard, clarifying that the data set that was exposed as part of a “hand-over folder” passed from one of their employees to an undisclosed third party. After the hand-over was completed, the third party allegedly failed to protect the shared information as they deviated from the provided instructions and guidelines that underpin the company’s security policies. Nokia also clarified that they never had any direct relation with the exposed Rsync server, they didn’t host it, manage it, or were ever asked to implement protection measures onto it.

schematic_1

Source: upguard.com

As for Mobile TeleSystems, they have had their “System for Operative Investigative Activities” (SORM) exposed, with all that this entails about the security of the system in the future. Russian authorities use SORM to monitor, log and enforce domain blocking on all internet traffic passing through. The SORM can see user IDs, email messages, IP addresses, phone numbers, text messages, and more. The exposed data concerns SORM hardware installation details from 2014 to 2016. The installation was undertaken by Nokia Siemens Networks in coordination with Mobile TeleSystems, and this activity doesn’t look good on the portfolio of the Finish telecommunication company. Remember, Nokia carried out similar projects in Bahrain and Iran in 2011, helping oppressive regimes there.

schematic_3

Source: upguard.com

The implications of this leak are numerous, but the most significant one is the chance of having telco facilities physically harmed. There are details about power stations, distribution units, battery locations, etc., so if anyone decided to take down SORM locally, they could act more targeted thanks to the leaked data. Moreover, there are VPN login credentials for remote access, which will now have to be reset. UpGuard discovered the data on September 9, 2019, and the Rsync server was closed to public access on September 13, 2019. How many people may have gotten their hands to this data is unknown, but this was one of the worst nation-wide security incidents in Russia.

Do you feel that Nokia is acting unethically to help governments install surveillance and censorship systems, or do you consider it all part of the business a firm has to do? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: