The Russia-Ukraine Cyber Front Takes Shape

Anti-Government Protest in Kiev, Ukraine

In the wake of Kiev protester deaths, Crimea’s occupation, and claimed cyber attacks on the Ukrainian telecommunications systems, the battlefronts in the Russia/Ukraine crisis have taken shape.

Ukraine Turmoil Timeline

Click image for live view

Of particular note, Russia has already exerted a measure of control over Ukrainian telecommunication systems. This control is derived from a mix of direct access to equipment and intimate knowledge of Ukrainian lawful intercept systems which are modeled after Russian FSB SORM systems.

What is SORM?

Russia’s SORM (Система Оперативно-Розыскных Мероприятий, literally “System for Operative Investigative Activities”) is a lawful intercept system operated by the Federal Security Service (or FSB – the Russian successor to the KGB).

Russia SORM Timeline

Click image for live view

SORM came to light recently during the Sochi Olympic Games where reports claimed that “all communications” were monitored. SORM differs from the US lawful intercept system, as once the FSB receives approval for access to a target’s communications they are able to unilaterally tap into the system without provider awareness.

Further, SORM is also lawfully used to target opposition parties within Russia. According to the World Policy Institute, on November 12, 2012, Russia’s Supreme Court upheld the right of authorities to eavesdrop on the opposition.

  • SORM-1 intercepts telephone traffic (including both landline (analog) and mobile networks).
  • SORM-2 targets internet traffic (including VoIP calls).
  • SORM-3 has the ability to target all forms of communication providing long-term storage of all information and data on subscribers, including actual recordings and locations.

Former Soviet States (Kazakhstan, Belarus, Uzbekistan and Ukraine) have installed SORM-standard equipment. According to research by Wired Magazine, Ukraine’s SORM is more advanced as the SBU (Ukraine’s Security Service) has the ability to interrupt a target’s communications.

In April 2011, Iskratel – which provides Ukraine’s sole telephone company Ukrtelekom with broadband equipment – announced its SORM device was tested successfully under the new requirements and had been approved by the SBU.

Analyzing SORM manufacturers within Recorded Future identified equipment suppliers including Juniper Networks (US), Cisco Systems (US), Huawei (China) and Alcatel-Lucent (France).

SORM Reference

With local Ukrainian media sources reporting Ukrtelekom outages, it is unclear what reach Russia has into the Ukraine due to its use of the SORM standard.

While multiple additional pieces of information are necessary to definitively conclude Russia has a backdoor into the Ukrainian telecom system, it is clear the telecom equipment and layout are quite familiar to Russian military and intelligence officials operating in the cyber arena.