Awful interception: misadventures of the russian surveillance machinery

This talk is a multidisciplinary tale about Awful Interception. One foot in network measurements and network scanning, other in sociology of technologies, it draws a very detailed portrait of the russian surveillance industry. Our small team from the Citizen Lab (University of Toronto) and the Center for Internet and Society of the CNRS (France) have been looking at the so-called SORM systems since 2017. SORM is the abbreviation used to describe the set of hardware and software solutions designed to mirror, store and transmit user traffic from ISPs to the FSB. By the time of writing of this proposal, the usage of SORM has been also extended to the occupied territories of Ukraine. We wanted to really understand what kinds of data SORM can see, how it stores and transmits data, but also how it is implemented at the ISP level and how it is used in courts (well, it was supposed to help "prevent crime" after all). To do so, we deployed a mixed methods approach, from network scanning and reverse engineering to sociology, conducting in-depth interviews with ISPs and former employees of SORM vendors. Of course there was a lot of OSINT and even court cases analysis. And of course, we found a bunch of those devices out there on the web, open and accessible, leaking large amounts of user data in real time. We could connect to them and observe them for several years. We could identify vendors behind those leaking boxes. Document the SORMification of the occupied territories of Ukraine and measure the effect of SORM on the Internet service providers community.