“The FSB wants to decipher traffic in real-time and analyze it according to key parameters."AFP / East News
Russia’s security services and government are discussing a whole series of technical solutions that would help the authorities decode internet communication and thus give them access to all internet traffic in Russia, reports the Kommersant newspaper.
Analyzing traffic according to keywords such as "bomb" will be done with the help of the DPI system, which is already used by communication operators to infiltrate prohibited sites. Operators are obliged to preserve records of internet traffic in accordance with the recently introduced “Yarovaya law,” although without decryption the controversial legislation is useless.
Experts believe that the scheme being discussed will eventually not only help prevent potential threats but will also build internet user profiles and even make it possible to evaluate the user's psychological condition and tastes.
To implement the Yarovaya law the Federal Security Service (FSB), the Communications Ministry and the Ministry of Industry and Trade are discussing not only issues related to the withdrawal of data and its preservation but also the decryption and analysis of internet traffic, said a senior manager at one manufacturer of IT equipment. His statement was confirmed by a Kommersant source in the presidential administration and another one in an IT company.
"It is meaningless to preserve exabytes of encrypted internet traffic – you won't find anything there,” said Kommersant's source from the presidential administration.
“The FSB wants to decipher traffic in real-time and analyze it according to key parameters, for example, according to the word ‘bomb,’ while the ministries insist that only the traffic coming from users that concern the law enforcement organs should be deciphered," said the source.
According to the Yarovaya law, organizers of information dissemination, that is, owners of internet platforms that help transfer electronic communications (e.g. Google, Yandex, the Mail.ru Group, WhatsApp, Telegram, Viber, Facebook, VKontakte, etc.) have been obliged to give their encryption keys to the FSB since July 20, 2016.
"Foreign companies will not submit to this requirement while Russian ones may give the keys after multiple requests,” explained one of Kommersant's sources, adding that there is an “enormous number of sites” on the internet that are not “organizers of information dissemination” and that use protected https connections.
“Without deciphering the traffic it is not always possible to understand which site the user viewed, not to mention what they were doing there," said the source.
Both Kommersant sources confirm that one of the decryption options being discussed is the installation of equipment in operators' networks that is capable of conducting an MITM (“man-in-the-middle”) attack as the information is transmitted.
"For the user the equipment pretends to be the requested site and for the site it pretends to be a user. It works like this: The user will install an SSL connection with this equipment and it will connect to the server that the user will use,” explained one of the Kommersant sources.
“The equipment will decipher the intercepted traffic from the server and before it sends it to the user it will again encrypt it with the SSL certificate provided by the Russian Certification Center. In order for the user's browser not to inform the user of an unsafe connection, the Russian Certification Center must be added to the trusted Root Certification Centers in the user's computer," said the source.
IT experts interviewed by Kommersant say that this system for internet traffic decryption is not ideal.
"When the authorities' intention becomes known, the certificate from the certification center will be removed with the first update from all the software that deals with encrypted traffic,” said Denis Neshtun, general director of Moscow telecommunications company Arsientek.
“And this is correct because the possibility of creating ‘false’ certificates discredits electronic commerce: All bank cards, all the users' credentials in all the systems can be intercepted," he continued.
According to Alexei Lukatsky, an internet security consultant at U.S. multinational Cisco Systems, MITM works well and legally for client-server technologies based on SSL.
“But more and more people are moving away from this and are switching to TLS, for which MITM cannot be done today. And concerning end-to-end encryption, which most messaging services are based on, an MITM is completely unrealizable," he said.
This article has been abridged. The full version in Russian can be read at Kommersant.
All rights reserved by Rossiyskaya Gazeta.