06/19/2013, Wed, 12:06, Moscow time, Text: Igor Korolev

The FSB was able to obtain correspondence on Facebook between the owner of the Chronopay payment system Pavel Vrublevsky and a witness in the case of a Ddos attack against Aeroflot. The special service provided access to personal messages of users of the social network without contacting an American company.

As part of the consideration of the criminal case on a Ddos attack against Aeroflot, the Information Security Center (TSB) of the FSB submitted to the court data on electronic correspondence between the main accused - the owner of the Chronopay payment system Pavel Vrublevsky- and a witness Anastasia Kurochkina. Earlier, the Tushinsky District Court of Moscow granted the corresponding petition of the prosecutor and issued a sanction to the CIB to remove information from technical communication channels and “extract data from the Facebook resource” about these persons.

The CIB managed to find the profiles of Vrublevsky and Kurochkina on Facebook, while correspondence between them was also found on the latter's page. However, as noted in the response of the CIB (available to CNews), “Facebook is located in the United States and does not have a representative office in Russia, and therefore it is not possible to extract correspondence from the official position of this company.”

In this regard, the CIB, in accordance with the Law "On Investigative Activities", carried out the removal of information from the communication channels of these persons and recorded it on a DVD. The correspondence thus obtained was read out by the prosecutor at the court session. In the correspondence, Kurochkina asked Vrublevsky if it was safe to communicate via Facebook. The defendant answered in the affirmative, although he added that "I cannot give a 300% guarantee."

The other accused Dmitry Artimovich(according to the FSB, he, along with his brother Igor was the perpetrator of the hacker attack) - during his speech at the court, he expressed surprise at the very fact that the FSB had received this correspondence. “Facebook is accessed via the encrypted https protocol, and therefore it is impossible to receive correspondence in this way,” Artimovich said. “Besides, it is not clear how it was possible to collect data from Vrublevsky’s communication channel at all, if the court issued the appropriate permission simultaneously with the decision to detain him (, - approx. CNews).”

After studying the materials presented by the prosecutor, the defense of the accused asked the court not to attach them to this case. “The court gave permission for the seizure of data, but the response of the bodies of inquiry directly states that this was not possible,” said Dmitry Artimovich’s lawyer. Igor Feldman.

“There are international agreements that would allow Russian law enforcement agencies to obtain legal access to these materials,” said Igor Artimovich’s lawyer. Pavel Zaitsev. - Instead, a server in another country was hacked. Thus, the decision of the court cannot be executed.” Vrublevsky also added that he did not understand who and from what communication channels removed this information.

prosecutor Sergey Kotov in response, he quoted Ostap Bender: “Maybe you should also give the keys to the apartment, where the money is.” “Who will tell you how and who carries out operational activities,” the prosecutor said. “As for treaties on mutual legal assistance, they exist with Ukraine, Azerbaijan and other countries, but not with the United States.” The representative of the victim - "Aeroflot" - supported the prosecutor.

Judge Natalia Lunina decided to attach the materials presented by the prosecutor, since they were received in accordance with her decision. In this decision, the judge also asked the CIB to find the profile of the FSB investigator on Facebook Sergei Dadinsky, who led this case, and his correspondence with Kurochkina. The CIB did not find such a questionnaire, but Vrublevsky's defense believes that this happened due to a deliberate mistake by the judge, who indicated in his decision the incorrect spelling of the surname - "Dodinsky".

Recall that the FSB accuses Vrublevsky and other defendants of organizing a Ddos attack against the competing Assit payment system, as a result of which in the summer of 2010 it was impossible to purchase electronic tickets on the Aeroflot website (at that time it was serviced by Assist ). The defendants initially confessed to the crime, but now they intend to withdraw their testimony.

In addition, the defense questioned the legality of many investigative actions. In particular, the aforementioned attesting witness Anastasia Kurochkina was summoned to court as a witness, who, according to the protocols, was present at the investigative department of the FSB during the examination of material evidence. Kurochkina stated that she did not participate in these events, her signatures were forged, and, moreover, she was a close friend of the investigator Dadinsky.

Attaching the correspondence from Facebook, prosecutor Sergei Kotov questioned the objectivity of Kurochkina's testimony. In particular, in the correspondence, Vrublevsky promised to get her “a job at Finansovaya Gazeta or another publication or bank for the salary she wants.”

It should be noted that in the course of the investigation of this case, the CIB FSB demonstrated, not for the first time, the possibility of gaining access to the content of encrypted data by retrieving information from technical communication channels. During the preliminary investigation in the summer of 2010, the CIB, by analyzing the traffic log of the Artimoviches' Internet channel, found the login and password for the control panel of the Topol-Mailer botnet, which was allegedly used to attack Assist. At the same time, access to this panel, according to the investigative materials, was also carried out using the encrypted https protocol.

Corporate subscribers can read all team messages, including those written in personal and secret chats. Companies read the correspondence of employees even now, using DLP solutions for this. These are information leakage prevention technologies, with their help you can monitor what a person is doing, as well as automatically analyze his correspondence by keywords. The Village learned from an information security expert which chats a boss can easily read, whether it's legal, and where confidential conversations can be held.

How do companies read employee emails?

Kirill Kerzenbaum

director of business development Group-IB

There are several technical ways to track the correspondence of employees in the office. For example, by installing a special agent on each workstation. It can be built into the browser or the chat application itself, or it can intercept and decrypt traffic at the level of network equipment. Both methods mean the use of the so-called Man-in-the-middle technique (“man in the middle”).

Some messaging services that store conversation history locally, such as Skype for Business, allow the IT service to view message logs without installing additional software. Interception of traffic from social networks and instant messaging services, in particular the web version of the Telegram messenger, is available in some DLP solutions.

Which messages are harder to read?

Intercepting information from smartphones is more difficult. On Android, you can also install a special DLP agent, but if the device belongs to an employee, and not a company, then this can be done legally only with his consent. It is impossible to install such a program on the iOS platform if the device has not been jailbroken.

Access to correspondence in a legal way cannot be obtained on any platform that uses end-to-end encryption. This applies to mobile messengers WhatsApp, Telegram and Viber. But again, in the case of using the web version of Telegram, access to the current correspondence is possible. It is also worth remembering that most messaging services allow you to store or archive your message history locally or to cloud services such as Apple iCloud or Google Drive. Having access to these archives, you can read the history of the correspondence of a particular person. But this is more likely to be done by a cybercriminal than by an employer, since it is illegal.

Is it legal?

The legislation looks at this in two ways, in particular, judicial practice in Russia has examples when the courts took the side of both the employer and the employee. The most reliable way to avoid legal claims is to prescribe this possibility in the employment contract and obtain the employee's explicit consent to access, if necessary, his official correspondence. At the same time, the employer does not have the right to monitor personal correspondence.

It is very important to note that such consent gives the employer the right to automated control of correspondence by keywords, but not total control of all messages and their manual processing. The court may interpret this as a violation of the right to privacy of correspondence, telephone conversations, postal, telegraphic and other communications (Article 23 of the Russian Constitution).

There are countries, in particular Germany, where it is legally prohibited for an employer to monitor any correspondence, even official ones, even if the employee consents to this in the employment contract. This or that message can be read only with the permission of the employee and with his assistance.

Where is the best place to conduct correspondence in order to keep it a secret from superiors?

Correspondence must be conducted from personal mobile devices and only using services that use end-to-end encryption, in particular Telegram, WhatsApp, Viber. It is also better to do this without connecting to a corporate Wi-Fi network.

To protect correspondence from third party access, including hackers, it is better to use secret or private chats. First, they usually have an additional layer of encryption. In addition, their history is not stored on the device, nor on the servers of the service provider, nor in backups.

https://www.site/2017-08-12/fsb_mvd_i_drugie_budut_chitat_vashu_perepisku_i_eto_narushaet_konstituciyu

Digital emergency

The FSB, the Ministry of Internal Affairs and others will read your correspondence

Pravda Komsomolskaya/Russian Look

The Ministry of Communications has published a draft order on the requirements for "organizers of the dissemination of information" on the Internet. This seems to be a purely departmental document, rather low in its status (not a law, not a presidential decree, not a government order) made a lot of noise. It has been compared to the imposition of a state of emergency, when civil liberties are severely curtailed for the sake of security. The order lists in detail the data that the "information dissemination organizers" must store for 6-12 months and, most importantly, provide the special services conducting operational-search activities (ORD).

There are no fundamental innovations in the document. Let me remind you that the obligation to store and provide data on our correspondence to the special services was enshrined in the law "On Information" back in May 2014. It was then that the very “register of organizers of information distributors” appeared, into which everyone who conducts "activities to ensure the functioning of information systems and (or) programs for electronic computers that are designed and (or) used for receiving, transmitting, delivering and (or) processing electronic messages of Internet users."

Agree, this is a rather vague definition. It is not surprising that in this registry, in addition to Yandex, Rambler, VKontakte, Mail.Ru and other services, there are such items as a site about the outstanding Tatar singer Sara Sadykova or the World of Digital Photography site. According to this definition, any Internet forum, any site with comments, any simple program or service for exchanging messages over the Internet should be included in the registry. Even online games about tanks, orcs or zombies - you can also exchange messages there! But, of course, first of all, these are instant messengers, social networks and mail services.

For brevity, we will refer to these “information dissemination operators” as DSOs.

That law immediately stated that it was the ORS that was obliged to store on the territory of the Russian Federation and transfer for operational-search activities:

information about the facts of reception, transmission, delivery and (or) processing of voice information, written text, images, sounds, video or other electronic messages of Internet users and information about these users within one year from the date of completion of such actions;

But the fact of receiving and transmitting information is not the information itself. And in 2016, another norm was added. DSO is required to keep

text messages of Internet users, voice information, images, sounds, video, other electronic messages of Internet users up to six months from the moment of their acceptance, transmission, delivery and (or) processing.

It was also said there that the procedure, terms and volume of storage of the information specified in this subparagraph are established by the government of the Russian Federation.

Just a new document of the Ministry of Communications, as far as one can judge, establishes this procedure. It follows from the minister's order that operators of special services will be able to receive all the information listed quickly through their own interface. That is, they do not have to go to Yandex with a request to read your letter sent last week: they can simply remotely enter your mailbox, see everything they want, and leave. Or they will be able to set filters so that when you mention the word “explosion”, “bomb”, “jihad” or, for example, “Navalny”, your letter or message immediately gets into the monitoring.

Most of all, citizens were frightened by the list of information that operational services can receive. If the ORS concludes an agreement with the user, then the special services will be able to obtain all personal data in general: full name, birth data, passport data, and so on. Now, when registering on social networks, they do not ask for passport data, but proposals that Whatsapp and VKontakte should be allowed only with a passport are often heard, and it can be assumed that the state will take such steps.

However, according to the current rules, until such contracts are concluded, the operatives will receive your phone number, IP address, date and time of sessions, location, payment information, and, most importantly, the content of messages.

It turns out that we are finally entering the era of forced digital transparency, when all our correspondence, all our personal lives are potentially available to special services, including political investigation.

Of course, there are reservations in the laws that such information can only be obtained in the course of operational-investigative activities, and such activities cannot be carried out illegally, infringe on civil rights and freedoms, blah blah blah. But let's face it.

Firstly, we know that any citizen whom the state considers unreliable easily becomes the object of operational-search activity, becoming a defendant in a criminal case or even just a subject of development. Moreover, the law on investigative activities explicitly states: wiretapping can be applied both to persons suspected of committing crimes (starting from moderate severity) and to those who may “have information” about such crimes. This wording can be interpreted very broadly. Can I have information about a crime? Theoretically, I can, at least, according to the investigator. And who will check it?

Let me remind you right away that a “crime” today is not necessarily a murder or a terrorist attack. A “crime” may well be inciting hatred or insulting the feelings of believers, that is, your careless statement, or your friend, is enough to officially become the object of an ORD.

Secondly, and even more terrible, there are cases when supposedly classified information obtained in the course of a search operation "leaks" from operational bodies and falls into the wrong hands.

Let me remind you the Yekaterinburg policeman Artem Pismenny. The court found him guilty of selling information about wiretaps of the Ural politician Yevgeny Roizman through an intermediary. And he sold it not to anyone, but to a former employee of the prosecutor's office, Alexei Karpov, who was later convicted of organizing contract killings. This man was an enemy of Roizman and had motives for killing the Ural politician. In his hands were data on the conversations and movements of Roizman: a good tip for the killer! Through his wife, he paid 300 thousand rubles for this. This is official information, the verdict was confirmed by the Supreme Court. The case was relatively loud, as it came to the surface. And what remains in the shadows? How much ORD data is sold and outsourced each day? Now it will be not only wiretapping, but also your mail, correspondence, communication with an accountant, even messages to friends or sexual partners.

You should not console yourself with the thought that your modest person is not interesting to Lubyanka. Lubyanka - yes, not interesting. A major from your Ministry of Internal Affairs may be very interesting. Maybe your competitors paid him, or maybe you had an argument with him in traffic. Or two years ago you were photographed at some rally and you ended up in the base of the "E" center. And in addition to the Ministry of Internal Affairs and the FSB, the FSO, SVR, customs and the Federal Penitentiary Service have the right to conduct operational-search activities (and access to your correspondence).

The argument “respectable citizens have nothing to hide” here, unfortunately, does not work - when the state receives broad powers, it ceases to be interested in which category of citizens you belong to. Random people are jailed for reposts on VKontakte - why not start jailing for words, pictures or videos sent in personal correspondence?

The strategy of the state is aimed at ensuring that citizens should not have secrets. Formally, the state does not interfere in the private life of citizens, but conditions are created when the possibility of such interference always exists. Now, according to the law, Internet services that are not included in the register cannot work in Russia. And all services entered in the register are required to open data for the FSB or the Ministry of Internal Affairs. Therefore, theoretically, you should not have any possibility of secret correspondence using the Internet. In fact, many services are still operating in Russia that are not included in the register (Facebook, Gmail, Twitter, and others), but we see a trend: the state will strive to keep only those services in the Russian Federation that "comply with Russian laws."

I put these words in quotation marks, because, in fact, all this violates the main law, the Constitution. It clearly states:

“Article 23. Clause 2. Everyone has the right to privacy of correspondence, telephone conversations, postal, telegraphic and other communications. Restriction of this right is allowed only on the basis of a court decision.

Indeed, according to the law, an operational-search activity in violation of the secrecy of correspondence and negotiations is possible only by a court decision. But, judging by the letter of the Ministry of Telecom and Mass Communications, we are talking about a system of prompt and constant interference in the correspondence of citizens. Obtaining judicial permission essentially remains on the conscience of intelligence officers (and, as far as we know, judges almost always agree with the requests of the authorities to conduct a search warrant, in fact this is a formality).

All this is being done, of course, in the name of the glorious goal of fighting terrorism. Both the draft order of the Ministry of Telecom and Mass Communications and those pro-government commentators who rushed to defend the idea of ​​interference in private life on social networks refer to laws on combating terrorism. They recall that now the FSB will be able to quickly identify terrorist cells, neutralize recruiters, and prevent tragedies and deaths.

Most likely, this is just a suggestion. And the very effectiveness of such a measure looks doubtful. Yes, it can be successful in the fight against recruiters who invite young people to IS, but I have little faith that real terrorists who are preparing bombs in Russia use VKontakte or Agent Mail.Ru to communicate. Rather, they will use obscure, very small services or sites and send encrypted messages to each other through them. Or they will completely refuse Internet correspondence, using the proven grandfather methods of conspiracy and encryption.

Although world terrorism is an absolute evil, and each of its victims is tragic, I would like to remind you that both in Russia and throughout the world, the powers that governments receive to protect against terror are inadequate to the statistical size of the threat. In Russia in 2016, 62 people were killed by terrorists. Yes, this is a tragedy, this is a mournful figure. But 19 thousand people died from drinking poor-quality water (official data from Rospotrebnadzor). Building a good water supply infrastructure is not so attractive from the point of view of gaining control over society, which is also why the fight against terror is given incomparably more attention. And often the real struggle is replaced by police measures aimed rather at political control.

Polina Nemirovskaya gave a good comparison in the Telegram channel: even to inspect your backpack, a police officer must introduce himself, give reasons and invite attesting witnesses. And it will be possible to get into your correspondence, your videos, your conversations anonymously, quietly, without any reason. At the same time, we live in a time when the contents of a messenger are much more important, more intimate than the contents of a backpack.

If we agree that the fight against terror is just an excuse to tightly control the Internet, then what is the real reason? Probably in the fact that the state sees a serious threat for itself in free communication, which has grown many times over thanks to the Internet. In a way, it's right. Communicating, people discuss the problems of the state, have the opportunity to exchange negative information, including criticizing the government. What kind of government would like that?

But at the same time, it runs the risk of overlooking the opportunities that the free Internet gives Russian society, the free exchange of information, knowledge, and ideas. The Internet has given a huge country the opportunity to unite and interact at a new, digital level. The Internet infrastructure directly affects the economy through human capital. The world is moving toward an economy of knowledge, an economy of ideas, and the Internet is the lifeblood of that economy. Grossly interfering in it, destroying Internet freedoms, we are slowing down our development, throwing the country back.

Mikhail Petrov, former chief engineer of the most visited Runet portal, announced a possible alternative to VKontakte.

The new social network, according to him, guarantees security and the absence of any control from the state, writes sobesednik.ru.

On your page Mikhail Petrov announced the availability of correspondence not only to FSB officers, but also to mobile operators. Among the latter, Mikhail Petrov singled out Megafon, whose quality of work has noticeably deteriorated this year.

By the way, it is worth noting yesterday's failure in the work of VKontakte. Messages, photos, posts on the “wall” disappeared from users, there were difficulties with “likes” and comments. For some time, the Vk.com website completely stopped responding to any requests. The reason, according to a spokesman for the social network Georgy Lobushkin, -abnormal heat: “According to preliminary data, the troubles began at the time of the failure of the cooling equipment in the server room of one of the VKontakte data centers in the Leningrad Region. After that, an emergency shutdown of some of the servers occurred.

Petrov promises users a safe perspective: as if his half-brothers Pavel and Nikolai Durov will launch a new social network in the fall. A former employee of VKontakte speaks emotionally and promisingly about her upcoming appearance: “From the details: there is no tracking of traces of the entry point - dedicated and static IPs, there are no links to the user's cloud and his files, the inability to read the correspondence even to the developers of the service. In general, our new social network is a prototype of the future state.”

Mikhail Petrov is not a participant in the project, but he advertises it and does not exclude further cooperation. According to Petrov, the new social network will be revolutionary: "The meaning of the network is a world revolution against the existing dictate of those in power over the people."

However, Pavel Durov himself, in a comment to Tjournal, denied information about the possible launch of the network this fall or even its development: “Mikhail has nothing to do with our team with Nikolai. As for new projects, we did not start active work on them, as serious tasks remain on the agenda within Telegram.”

After his departure from Vkontakte on April 21, 2014, Pavel Durov, in a comment for the TechCrunch blog, announced his plans to start developing a new mobile social network. Now his main project is Telegram, a messenger with the motto “Give back our right to privacy.”

On April 25, 2014, Mikhail Petrov, who previously headed the Itsvoy data center, where the video and photo content of VKontakte users was located, announced his departure from Vkontakte.

How the law did not take into account the features of encryption in the messenger and why it is so difficult to create a technical solution for special services.

To bookmarks

On the second day after the presidential election, Telegram FSB in the Supreme Court: the department’s order to provide decryption keys for correspondence in the messenger was recognized as legal. One of the main questions at the end of the meeting was the very understanding of the “keys” and how, in theory, cooperation between Telegram and the FSB could look like.

Why Telegram is threatened with blocking again

The issue of blocking Telegram is not discussed for the first time. Until the end of June 2017, Roskomnadzor blocked Telegram for not registering in the register of information dissemination organizers. That conflict was unexpected: Durov gave a link to open information about the messenger, and the department itself entered it into the register.

In September, the founder of Telegram Pavel Durov for the first time about the demand of the FSB to provide keys to decrypt user correspondence ( "information necessary to decode received, transmitted, delivered and processed messages"). Telegram cooperate with the FSB and received an administrative fine of 800 thousand rubles from the court of the Meshchansky district of Moscow. Then the company's appeal. In the Supreme Court (SC), Telegram representatives (Agora lawyers) demanded that the FSB order be invalidated due to abuse of authority.

The FSB insists that it is acting within the law, demanding to receive "the information necessary to decode" the correspondence in Telegram. After all, according to the position of the department, the use of decryption keys is illegal, only if there is no court decision on this. But at the moment it is not known about the Russian courts making such decisions on any Telegram user (at least publicly).

Why it will be difficult for the FSB to read correspondence even with encryption keys

The FSB cannot access Telegram correspondence without message decryption keys. However, back in June 2017, in a dispute with Roskomnadzor, Durov that it was technically impossible to provide keys for decrypting “secret” chats: “The owners of instant messengers do not and cannot have decryption keys. These keys are stored only on the devices of the users themselves.

The difficulty lies in the fact that the decryption keys in "secret" chats are constantly changing. Telegram uses the MTProto 2.0 protocol with the Perfect Forward Secrecy function, which provides automatic key change for each user after every 100 messages or once a week.

In standard, "cloud" chats, an authorization key is used to encrypt each message - it is created for each user when the application is first launched and "almost never changes," the protocol description says. However, this is not the only factor used in encrypting cloud chats - part of the key that encrypts each message is the hash of the message itself.

Why is it difficult to create a solution for reading correspondence in Telegram

The FSB will not be able to decrypt messages in Telegram without actual decryption keys. Even if we take only “secret” chats, it is not known whether the agency will have time to process the data before the keys are changed.

If we imagine that Telegram still agrees to comply with the FSB order and regularly transfer up-to-date keys, then the special service and the messenger will need to somehow automate this work. In this case, Telegram must provide a technical solution, but it is not clear whether the company will make this solution convenient for the FSB and whether it wants to do this in principle.