By Charles Leaver

SORM sparks need for endpoint data protection

Americans traveling to Russia for the Winter Olympics in February will need increased endpoint data protection to safeguard their mobile communications against the surveillance of the System of Operative-Investigative Measures (SORM).

According to the World Policy Institute, SORM has the legal ability to intercept messages and transmissions on all electronic devices in the country. The aim of this capability is to prevent individuals from using telecommunications to oppose the government. The Guardian stated that a dossier established by a team of Russian investigative journalists has show the communication monitoring efforts will include all transmissions between competitors and spectators at the event.

“[G]overnment procurement documents and tenders from Russian communication companies indicate that newly installed telephone and Internet spying capabilities will give the FSB free rein to intercept any telephony or data traffic and even track the use of sensitive words or phrases mentioned in emails, webchats and on social media,” The Guardian stated.

The source stated that controversial technology including deep packet inspection will allow Russian intelligence agencies to filter for certain keywords. The system is being installed throughout the country’s networks as part of efforts to modernize local arrangements. The majority of these surveillance efforts will be focused on Sochi due to the large number of foreign visitors expected as part of the Olympic celebrations.

The Bureau of Diplomatic Security at the U.S. State Department recently issued a warning to Americans planning to travel to the region for the Winter Olympic Games, which includes a list of “Travel Cyber Security Best Practices.”

Best practices for traveling cyber security
Among the suggestions issued by the State Department is encouragement to travel with “clean” devices, and refrain from bring along extraneous hardware. Those that do need to travel with their hardware should ensure that all personal identifying information is protected against data leakage by removing or sanitizing this data. Users should also turn off Wi-Fi capabilities and avoid connecting to local ISPs and locations in Russia.

The Bureau’s announcement also urges American travelers to change passwords before and after their trip.

“Assume any electronic device you take can be exploited,” the announcement stated according to World Policy. “If you must utilize a phone during travel consider using a ‘burn phone’ that uses a SIM card purchased locally with cash. Sanitize sensitive conversations as necessary.”

The Guardian also noted that the State Department warned business travelers to be especially careful, as sensitive information like trade secrets and negotiating positions could be snooped or stolen by Russian groups, competitors or counterparts. Users who do not choose to utilize temporary devices will need boosted endpoint data protection to prevent communications from being intercepted.

Journalists recently discovered that the plan to monitor transmissions during the Games has been part of modernization efforts for the past few years. Upgrades to the local telecommunications system began in 2010, which included regulations that all telephone and ISP providers had to install SORM boxes on their technology to give FSB data access. This hardware provides the means to log every phone call or Internet communication. The group can also select specific endpoints to monitor by entering a command into its control center at FSB headquarters, World Policy stated.


By: Chuck Leaver

Get the Blog Here