Russian authorities can intercept and access mobile communications and customers' data through a system called System for Operative Investigative Activities, which Russian telecom companies are mandated to install, U.S. security company UpGuard Inc. found.
The hardware, also known as SORM, allows the Russian law enforcement agencies, such as the Federal Security Service, to access forms of communications, such as emails and text messages, as well as other details, including user IDs, IP addresses and phone numbers.
SORM serves as a "special gateway to monitor, log, and enforce blacklist censorship on traffic passing through the service provider's network," UpGuard explained.
The security company's revelation comes after it gained access to about 1.7 terabytes of data sets, which were exposed to the public through an rsync server. The data includes photos of inventory of Russian infrastructure hardware, email archives and telecom agreements. The exposed data is said to be a "hand-over folder" by a Nokia Corp. employee to an unnamed third party, who failed to secure the information.
The leak happened after a Nokia employee connected a USB drive, which contained the data to a home computer, and the storage device was connected to the internet without authentication, TechCrunch.com reported, citing a statement from Nokia spokesperson Katja Antila.
Most of the data sets showed Nokia Siemens Networks' installation of SORM from 2014 to 2016 in coordination with Mobile TeleSystems PJSC. UpGuard also saw SORM installations are present in 16 Russian cities. Installation of SORM had been a requirement for telecom operators since 1995.
