Documents on an unprotected, network-connected drive owned by an employee of Nokia shed light on the inner workings of Russia's networked surveillance system known as SORM (Russian: COPM).
SORM (COPM) is an acronym for the government's "system for operative investigative activities," The network was first developed in 1995 as a way for the Federal Security Services (FSB, formerly KGB) to access any communications data it wanted on Russian citizens.
The data leak exposes SORM surveillance activity inside Russia's top telco, and illustrates clearly how Russian authorities get access to phone calls, text messages, and internet browsing data of people who are customers of Russia's top phone carrier, Mobile TeleSystems (MTS) .
The documents Techcrunch published today were discovered on an unprotected backup drive owned by an employee of Nokia Networks (formerly Nokia Siemens Networks), "which through a decade-long relationship maintains and upgrades MTS's network — and ensures its compliance with SORM," reports Techcrunch:
The documents show that between 2016 and 2017, Nokia planned and proposed changes to MTS's network as part of the telecom giant's "modernization" effort.
Nokia planned to improve a number of local MTS-owned phone exchanges in several Russian cities — including Belgorod, Kursk and Voronezh — to comply with the latest changes to the country's surveillance laws.
TechCrunch reviewed the documents, which included several floor plans and network diagrams for the local exchanges. The documents also show that the installed SORM device on each phone network has direct access to the data that passes through each phone exchange, including calls, messages and data.
The plans contain the physical address — including floor number — of each phone exchange, as well as the location of each locked room with SORM equipment in large bold red font, labeled "COPM." One document was titled "COPM equipment installation [at] MTS' mobile switching center," a core function for handling calls on a cell network.