Telegram 開始跟俄羅斯政府合作

雖然路透社的標題寫的像是俄羅斯政府是因為放棄封鎖 Telegram,不過讀一下內文就會發現完全不一樣:「Russia lifts ban on Telegram messaging app after failing to block it」。

報導上看起來是俄羅斯政府說 Telegram 會與政府合作打擊恐怖份子,所以解封 (先不要管「恐怖主義」之類的詞,這常常是打擊異己時用的詞彙):

Some Russian media cast the move as a capitulation, but communications watchdog Roskomnadzor said it had acted because the app’s Russian founder, Pavel Durov, was prepared to cooperate in combating terrorism and extremism on the platform.

“Roskomnadzor is dropping its demands to restrict access to Telegram messenger in agreement with Russia’s general prosecutor’s office,” it said in a statement.

現在的重點會在於 Telegram 會不會解釋,以及解釋的內容 (目前是還沒有):

There was no immediate reaction from Telegram or Durov.

因為劇本有可能是 1) Telegram 根本沒跟俄羅斯政府接觸,純粹是俄羅斯政府想搞 Telegram,或是 2) 有接觸,但談的跟報導的差很多,或是 3) 就是 Telegram 放棄掙扎了。

後續的 Telegram 回應會是重點,另外 end-to-end encryption (E2E Encryption) 的承諾會有什麼樣的變化也會是重點。

我猜測比較可能的應該是有合作,但控制權在 Telegram 手上,並不是直接讓俄羅斯政府碰 Telegram 的內部系統,不過一切都還得等後續的消息才能確認...

摸進俄羅斯的外包廠商,意外發現的專案:降低 Tor 匿名性的工具

俄羅斯政府的外包廠商 SyTech 被摸進去後,被發現裡面有些「有趣」的軟體:「Hackers breach FSB contractor, expose Tor deanonymization project and more」。

這次被放在標題的軟體叫做 Nautilus-S,透過被加過料的 Tor server 與 ISP traffic 交叉分析,試著找出俄羅斯內的 Tor 使用者:

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

這不是新東西,之前就有被提出來,但並沒有這次直接給整包軟體出來:

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

而且看起來有不少節點正在運行:

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

不知道 Tor 會不會有行動...

俄羅斯的 BGP traffic reroute...

前幾天 (12 號) BGPmon 發現有很多知名的網段被導去俄羅斯:「Popular Destinations rerouted to Russia」。

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

可以看到相當多知名的網段都被導走:

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

從圖中也可以看出來 AS39523 透過 AS31133 發出這些 routing,然後主要是透過 AS6939 (Hurricane Electric) 擴散:

這幾年俄羅斯在網路上的動作多很多...

俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件

這下知道為什麼美國政府要直接禁用 Kaspersky 了:「Russian Hackers Stole NSA Data on U.S. Cyber Defense」。如果看不到 WSJ 的文章,可以看「Russia reportedly stole NSA secrets with help of Kaspersky—what we know now」這邊。

最近的事件被發現與 Kaspersky 的漏洞有關:

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

加上 Kaspersky 有濃厚的俄羅斯官方色彩 (關係良好),以及法令上與技術上都有可能性要求 Kaspersky 協助。雖然這次事件是合約工家裡電腦用 Kaspersky 造成的,但已經有足夠的風險讓美國政府決定開鍘下令完全禁用了:

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

CloudFlare 的莫斯科機房啟用

如同之前 CloudFlare 預告的,在莫斯科機房啟用了:「Moscow, Russia: CloudFlare’s 83rd data center」。

先前大多都是透過瑞典或是德國的機房服務,現在變成在當地直接交換:

Previously, delivery of nearly four million Internet applications on CloudFlare to over 100 million Internet users in Russia occurred mostly from our Stockholm and Frankfurt data centers. By now localizing that delivery, we are helping shave latency down by over 20ms for a majority of Russian users.

這樣整個歐洲的據點算完整了... 接下來應該是非洲與看對北美機房了。