Tag Archives: russia

Kaspersky VPN Now Blocks ‘Pirate’ Sites in Russia

Post Syndicated from Andy original https://torrentfreak.com/kaspersky-vpn-now-blocks-pirate-sites-in-russia-190703/

In order to prevent citizens from accessing objectionable content, from pirate sites through to extremist material, Russia operates a national blacklist.

This centralized database of domains, known locally as FGIS (Federal State Information System), is checked by Internet service providers which then block their subscribers from accessing forbidden sites. Of course, services like VPNs, Tor and various anonymizers, are able to circumvent these measures, a point not lost on the authorities.

In 2017, a new bill was signed into law aiming to close the loophole. As a result, if tools with the ability to circumvent the blacklist don’t play ball by respecting its contents, they also face being blocked by ISPs.

This proposal came to head earlier this year when telecoms watchdog Roscomnadzor wrote to several major VPN providers – NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN – demanding compliance.

The VPN services above were given 30 days to respond but most either ignored or flat-out rejected the demands. Only Russia-based Kaspersky offered to cooperate and it now appears the security company is censoring websites as ordered.

According to digital rights group Roskomsvoboda, Kaspersky is now fully respecting the contents of the FGIS database and actively blocking domains, including the many ‘pirate’ sites that are permanently blocked in Russia after repeatedly failing to respond to copyright complaints.

Citing tests carried out by various users of Kaspersky Secure Connection, the group says that attempts to access banned domains now result in a warning that the material is inaccessible via the service.

Credit: Roskomsvoboda.org

Users of Kaspersky’s mobile application are reportedly less-well-informed. Rather than the blocking page above which appears in desktop-based browsers, users are greeted with an ‘ERR CONNECTION RESET’ message when they attempt to access a ‘banned’ site.

It’s unclear whether Kaspersky decided to comply simply because it’s based in Russia or whether being blocked itself would be a step too far for the company. It’s likely that both played a role but fresh news coming out of the country suggests that earlier claims that non-compliant VPN providers would be blocked themselves may have been a little premature.

At the start of June, telecoms watchdog Roscomnadzor indicated that the blocking of nine previously-contacted VPN providers was imminent but now, less than a month later, authorities might be pulling back from the brink.

“We have the right to block VPN services that do not comply with the law, but there is no obligation to do so at any specific time,” said the head of Roskomnadzor, Alexander Zharov.

“There are nine services that do not execute the law. We may wait for fines under a new law. We are not ready to discuss a specific plan for our actions.”

Last week, Library Genesis (Libgen), a huge online repository of free books and academic articles, became the latest ‘pirate’ addition to Russia’s national blacklist.

Following a lawsuit filed by Springer Nature in 2018, the platform has now been labeled a repeat infringer, meaning that the domains libgen.io and lgmag.org are now permanently blocked by the country’s ISPs.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Rightsholders Want to Completely Delist ‘Pirate’ Domains From Search Results

Post Syndicated from Andy original https://torrentfreak.com/rightsholders-want-to-completely-delist-pirate-domains-from-search-results-190621/

The anti-piracy wars are fought on many fronts, from plugging leaks to issuing millions of takedown notices to both sites and search engines.

Despite no deliberate role in piracy, the latter are often described as facilitators of piracy who could do more, by making pirate sites less visible in search results, for example.

While companies like Google have taken such steps both voluntarily (UK) and in response to legal requirements (Australia 1,2), rightsholders would like more. In Russia, where new anti-piracy legislation is currently being debated, there’s an opportunity to set the standard.

Last year, several rightsholders and Internet platforms signed a memorandum of understanding which set out a basic framework for cooperation moving forward. The terms of that agreement are now the subject of negotiations before being turned into law sometime in the next few months.

During a closed-door meeting this week, held at telecoms watchdog Roscomnadzor and reported by a Kommersant source, rightsholders set out new tough demands. In order to limit traffic being sent to pirate sites by search engines, they want companies like Yandex (and ultimately Google) to completely delist ‘pirate’ domains from search results.

Under the current terms of the memorandum, signatory companies delist search results (typically URLs) when they appear in a centralized database populated with links provided by content companies and their anti-piracy partners. The new proposals demand that sites considered as repeat infringers should disappear altogether.

Alexei Byrdin, General Director of the Internet Video Association, said that his group had identified a number of measures taken by pirate sites to limit the effectiveness of current measures. This means a more aggressive approach is needed.

“Our response is a draft rule on the removal of the entire domain of a site that systematically violates copyrights [from search results],” he told Kommersant.

While not all sites that receive multiple complaints will be affected (social networks and video hosting platforms would be excluded, for example), Internet companies are said to be opposed to the proposals. Among them Yandex, Russia’s largest search engine.

“It is necessary that any measures that entail inaccessibility to users of entire sites are based on a court decision. We are sure that such a solution will be found,” the company’s press office commented.

Channel One, the National Media Group, Gazprom-Media, the Internet Video Association, the Association of Film and Television Producers, Yandex, Rambler Group, Mail.Ru Group, vKontakte, and RuTube, are all signatories of the current memorandum.

The framework is set to expire on September 1, 2019, but could be extended if consensus isn’t reached by that date. However, aside from the deletion of entire domains from search results, it’s reported that the parties are largely in agreement, meaning that Russia is on course to expand its anti-piracy laws significantly, once again.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Russia Says it Will Soon Begin Blocking Major VPNs

Post Syndicated from Andy original https://torrentfreak.com/russia-says-it-will-soon-begin-blocking-major-vpns/

When it comes to site-blocking, Russia is one of the most aggressive countries in the world.

Thousands of pirate sites are blocked on copyright grounds while others are restricted for containing various types of “banned information”, such as extremist material.

The domains of these platforms are contained in a national blacklist. Service providers of many types are required to interface with this database, in order to block sites from being accessible via their systems. This includes VPN providers, particular those that ordinarily provide censorship workarounds.

Back in March, telecoms watchdog Roscomnadzor wrote to ten major VPN providers – NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN – ordering them to connect to the database. Many did not want to play ball.

NordVPN, for example, flat-out refused to comply, stating that doing so would violate service agreements made with its customers. IPVanish also rejected any censorship, as did VPN Unlimited, VyprVPN and OpenVPN.

The VPN services in question were given a limited time to respond (30 days) but according to Roscomnadzor, most are digging in their heels. In fact, of the companies contacted with the demands, only one has agreed to the watchdog’s terms.

“We sent out ten notifications to VPNs. Only one of them – Kaspersky Secure Connection – connected to the registry,” Roscomnadzor chief Alexander Zharov informs Interfax.

“All the others did not answer, moreover, they wrote on their websites that they would not comply with Russian law. And the law says unequivocally if the company refuses to comply with the law – it should be blocked.”

And it appears that Roscomnadzor is prepared to carry through with its threat. When questioned on the timeline for blocking, Zharov said that the matter could be closed within a month.

If that happens, the non-compliant providers will themselves be placed on the country’s blacklist (known locally as FGIS), meaning that local ISPs will have to prevent their users from accessing them. It is not yet clear whether that means their web presences, their VPN servers, or both.

In the case of the latter, it’s currently unclear whether there will be a battle or not. TorGuard has already pulled its servers out of Russia and ExpressVPN currently lists no servers in the country. The same is true for OpenVPN although VyprVPN still lists servers in Moscow, as does HideMyAss.

Even if Roscomnadzor is successful in blocking any or all of the non-compliant services, there are still dozens more to choose from, a fact acknowledged by Zharov.

“These ten VPNs do not exhaust the entire list of proxy programs available to our citizens. I don’t think there will be a tragedy if they are blocked, although I feel very sorry about it,” Zharov concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Pirate ‘CAM King’ 1XBET Becomes Russia’s 3rd Largest Online Advertiser

Post Syndicated from Andy original https://torrentfreak.com/pirate-cam-king-1xbet-becomes-russias-3rd-largest-online-advertiser-190604/

Since 2018, it’s likely that Internet users searching for the latest pirate ‘cam’ copies of Hollywood movies will have been exposed to the brand 1XBET.

1XBET is an online gambling company based in Russia that currently has more than 140 of its URLs blocked by the Russian government after being declared illegal. However, it is still managing to attract eyeballs all around the world via online advertising, including via ads placed in pirated copies of movies.

In a TF report published last month, we covered some of the activities being associated with the company, along with thoughts from local anti-piracy sources. Interestingly, 1XBET is now making headlines in Russia for being one of the most prolific online advertisers in the entire region.

The information comes from a new study, published by research company Mediascope, ranking the companies that placed the greatest volume of advertising online in Russia during the first quarter of 2019.

At the top of the pile with 3.3% market share is Google, which doesn’t comes as a huge surprise. The search giant is followed by PepsiCo in second position with 3.1%. In a remarkable third place sits 1XBET, with a significant 2.4% of the market.

To give some perspective, food giant Danone claims 2.3% of the market while Universal Pictures Russia has even less with 1.9%.

Mediascope data (credit: RBC)

What makes this achievement even more bewildering is that last year, another ‘sponsor’ of piracy releases was also making headlines for similar reasons.

Azino 777, another gambling company closely connected to ‘pirate’ releases, previously took the top spot for advertising online in Russia with 6.7% of the market. This year the company was ranked just 60th. It’s believed that the anti-piracy memorandum signed last year is at least partly responsible for the decline since participants are able to delete ‘pirate’ sites from search results.

Mediascope data published by local news outlet RBC shows that during the first quarter of 2018, researchers found Azino 777 adverts on 670 sites but during the same period in 2019, that had fallen to just 143. Additionally, the volume of ad impressions for Azino 777 in videos delivered via Yandex’s video service was 11 times smaller during the same period.

Russia’s Internet Video Association, which represents legal online video operators, has been filing complaints with telecoms watchdog Roscomnadzor against sites where Azino 777 ads can be viewed. Of around 500 complaints filed in 2019, around half – which include streaming sites and torrent indexes – have been blocked.

But despite the progress against Azino 777, the job still isn’t finished. The rise of 1XBET indicates there are still problems with gambling advertising connected with piracy.

“This indirectly indicates that piracy is still flourishing,” Maxim Ryabyko, director general of the Association for the Protection of Copyright on the Internet, told RBC.

According to Mediascope, in the first quarter of 2018, 1XBET ads appeared on 59 sites that were monitored. In the same period during 2019, that had risen to 447. In addition, advertising on Yandex video players grew 27 times over the volumes observed during the first three months of 2018.

During the past week alone, 1XBET-branded ‘cams’ have continued to hit the Internet. Among them copies of Ma, Rocketman, and Godzilla: King of the Monsters. 1XBET and/or its affiliates are clearly not yet done with their mission to grab the eyes and wallets of pirate consumers, in Russia and around the world.

Godzilla, 1XBET style….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Media & Telecoms Companies Reveal “Self-Learning” Anti-Piracy System

Post Syndicated from Andy original https://torrentfreak.com/media-telecoms-companies-reveal-self-learning-anti-piracy-system-190529/

Last November, major media and tech companies in Russia signed a landmark memorandum in order to tackle the rise of pirated content on the Internet.

Central to the agreement was the creation of a database populated with links to material deemed copyright-infringing by entertainment industry groups

Operators of search platforms agreed to query the database every five minutes and then, within six hours, remove links to the content from their search results. The same applies to sites that actually host content, such as Yandex.video and RuTube, for example.

Population of the database got quickly underway and according to the Media Communication Union (MKC), which represents the interests of major media and telecoms companies, now contains around 300,000 links. However, the companies involved feel that the system can be much improved with the addition of custom software.

To that end, this week the MKC revealed that it has begun testing a new anti-piracy system that will allow content to be added to the database more quickly and efficiently. The tool not only allows URLs to be entered manually but also accepts input from “specialized search systems” that are able to identify illegal content.

“An automated solution based on specially trained neural networks is used to analyze the content of sites specified in the rights holders’ reports,” MKC announced.

MKC says that manual testing is also used in a number of cases, with the results being sent to the neural network for “additional training.” As the project develops, the aim is to require the intervention of human operators on much fewer occasions.

“A modern software solution based on self-learning systems will significantly increase the effectiveness of the fight against Internet piracy and will further increase the consumption of legal video services,” said MKS President Mikhail Demin.

An almost fully-automated anti-piracy seems like a big ask, particularly when machines are often blamed for erroneous takedowns. However, for the head of Russian telecoms watchdog Roskomndazor, removing humans from the equation where possible will make the system more effective.

“This is a significant event for both sides of the Memorandum,” Alexander Zharov says.

“An automated solution for interaction within the framework of the Memorandum will help to increase the reaction times and reduce the risks associated with the ‘human factor’.”

It is not yet clear whether the system under development represents anything drastically new in the anti-piracy space, or whether the “self-learning” component will amount to anything more than scraping allegedly-infringing URLs and then sending these to the registry.

Nevetherless, beta tests are already underway and it’s expected that the finished product will be with rightsholders before the end of July.

The memorandum and supporting technical efforts are currently in operation voluntarily until the terms of the agreement run out November 1, 2019. However, given the level of commitment being shown by the parties involved, it’s expected to continue until the terms of the memorandum can be written into local law.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

1XBET: The Bizarre ‘CAM’ Brand That Movie Pirates Love to Hate

Post Syndicated from Andy original https://torrentfreak.com/1xbet-the-bizarre-cam-brand-that-movie-pirates-love-to-hate-190526/

For several decades, movie pirates have visited cinemas with cameras to record the latest movies.

In the early 80s, for example, pirate copies of E.T. the Extra-Terrestrial made their way all over the planet, mainly for consumption via VHS and Betamax tapes. The quality was always dire but back then, beggars certainly couldn’t be choosers.

Since the early 2000s, things have changed dramatically. With the advent of high-quality cameras, sometimes operated by near-professional volunteers, the act of ‘camming’ turned into an artform.

Now-defunct groups including Centropy and maVen graced the web with outstandingly good copies of the latest titles, driven in part by a desire to create the best possible products and with them a lasting legacy. If these groups had a voice in 2019, they’d be horrified at the ‘camming’ state of play.

For reasons that appear to be entirely motivated by money, large numbers of cam copies hitting the web today are doing so in a defaced fashion. While studios have been watermarking their content for close to 20 years to defeat piracy, pirates are now disfiguring videos themselves in order to promote big business.

1XBET in-movie advertising watermark

While they are not the only culprit (some streaming sites also carry out the practice), online betting site 1XBET has its brand stamped all over dozens of pirate releases.

Indeed, it seems that most of the big ‘cammed’ movies these days can’t avoid the clutches of 1XBET advertising. From Avengers: Endgame and John Wick 3, to Hellboy and Pokémon Detective Pikachu, 1XBET ‘sponsored’ releases are an incredibly invasive species.

A small sample from The Pirate Bay

In addition to the kind of watermarks shown above, downloaders of 1XBET-labeled releases are now being ‘treated’ to full-blown ads for the gambling platform in the middle of movies. And there’s no escaping them.

For example, the recent release of ‘Shazam’ doesn’t even get six minutes into the movie before a glaring 30-second advert for the platform kicks in, complete with promo codes in several different languages. If pirates thought that downloading movies from pirate sites was a convenient way to avoid intrusive advertising, 1XBET releases are not a good option.

Less than six minutes into Shazam? Have an ad break

Dmitry Tyunkin, Deputy Director of Anti-Piracy and Brand Protection at cyber-security firm Group-IB, says that cam watermarking is a cost-effective way to promote the gambling platform.

“1XBET is a gambling company originating from Russia that uses cam copies to advertise itself internationally. The strategy became popular and widespread because it is a relatively cheap way to promote their services – a raw cam copy would cost 300-400 USD, 600-700 USD after editing,” Tyunkin informs TF.

“According to our data, usually those who film cam copies sell them to camcording piracy groups, who offer to integrate the ads to gambling companies, such as 1XBET. [They then upload] the pirated copies to torrent websites, which spread [them] very fast across the Internet with watermarks and ads included in the pirated film.”

Many surprising things have happened in the piracy world over the past couple of decades but this recent phenomenon ranks up there with the most outlandish.

These are pirate releases, of some of Hollywood’s biggest titles, carrying advertising for a multi-million dollar gambling company. Group-IB says 1XBET has been involved in the practice since 2018, primarily targeting developing English-speaking countries, such as India.

But at least as far as we can see, little is being done about it.

Hollywood itself hasn’t made any public statement. The USTR, which ordinarily attempts to protect the interests of US companies, hasn’t complained about the advertising in its piracy reports calling out other nations.

That is puzzling, to say the least. But it’s nothing short of bewildering when one considers that 1XBET is the ‘International Presenting Partner’ of Italy’s ‘Serie A’, a soccer league that has been very vocal about the threats presented by online piracy.

“As part of the agreement, 1xBet will be featured in all match graphics, idents and virtual goal mat advertising across every live Serie A game, on all platforms that are broadcast in the regions covered in the terms of the deal,” a report on the partnership reads.

It’s important to note that there’s no overwhelming evidence available to the general public that 1XBET itself is driving camming ‘sponsorship’ directly. Some have suggested that overenthusiastic affiliates may have taken this upon themselves but it’s so unorthodox that few explanations would come as a surprise.

Either way, it doesn’t just look bad for 1XBET.

The horrible watermarks and intrusive advertising are making many of the big releases look bad when viewed by pirates too. Never in the history of camming have cammed copies of movies been made to look deliberately worse before being uploaded online.

Pirate sites are littered with negative comments in respect of 1XBET ‘releases’. Pirates love getting the movies early but absolutely hate the ads. For now, however, there doesn’t appear to be much of an opportunity to get away from them.

When everything is considered it’s one of the most puzzling developments to come out of the piracy world, not just recently, but ever. The big question is how long it will continue. Until it stops paying off, perhaps.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Visiting the NSA

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/visiting_the_ns.html

Yesterday, I visited the NSA. It was Cyber Command’s birthday, but that’s not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT — get it? We have a web page, but it’s badly out of date.)

It was a full day of meetings, all unclassified but under the Chatham House Rule. Gen. Nakasone welcomed us and took questions at the start. Various senior officials spoke with us on a variety of topics, but mostly focused on three areas:

  • Russian influence operations, both what the NSA and US Cyber Command did during the 2018 election and what they can do in the future;
  • China and the threats to critical infrastructure from untrusted computer hardware, both the 5G network and more broadly;

  • Machine learning, both how to ensure a ML system is compliant with all laws, and how ML can help with other compliance tasks.

It was all interesting. Those first two topics are ones that I am thinking and writing about, and it was good to hear their perspective. I find that I am much more closely aligned with the NSA about cybersecurity than I am about privacy, which made the meeting much less fraught than it would have been if we were discussing Section 702 of the FISA Amendments Act, Section 215 the USA Freedom Act (up for renewal next year), or any 4th Amendment violations. I don’t think we’re past those issues by any means, but they make up less of what I am working on.

Join Cloudflare & Yandex at our Moscow meetup! Присоединяйтесь к митапу в Москве!

Post Syndicated from Andrew Fitch original https://blog.cloudflare.com/moscow-developers-join-cloudflare-yandex-at-our-meetup/

Join Cloudflare & Yandex at our Moscow meetup! Присоединяйтесь к митапу в Москве!
Photo by Serge Kutuzov / Unsplash

Join Cloudflare & Yandex at our Moscow meetup! Присоединяйтесь к митапу в Москве!

Are you based in Moscow? Cloudflare is partnering with Yandex to produce a meetup this month in Yandex’s Moscow headquarters.  We would love to invite you to join us to learn about the newest in the Internet industry. You’ll join Cloudflare’s users, stakeholders from the tech community, and Engineers and Product Managers from both Cloudflare and Yandex.

Cloudflare Moscow Meetup

Tuesday, May 30, 2019: 18:00 – 22:00

Location: Yandex – Ulitsa L’va Tolstogo, 16, Moskva, Russia, 119021

Talks will include “Performance and scalability at Cloudflare”, “Security at Yandex Cloud”, and “Edge computing”.

Speakers will include Evgeny Sidorov, Information Security Engineer at Yandex, Ivan Babrou, Performance Engineer at Cloudflare, Alex Cruz Farmer, Product Manager for Firewall at Cloudflare, and Olga Skobeleva, Solutions Engineer at Cloudflare.

Agenda:

18:00 – 19:00 – Registration and welcome cocktail

19:00 – 19:10 – Cloudflare overview

19:10 – 19:40 – Performance and scalability at Cloudflare

19:40 – 20:10 – Security at Yandex Cloud

20:10 – 20:40 – Cloudflare security solutions and industry security trends

20:40 – 21:10 – Edge computing

Q&A

The talks will be followed by food, drinks, and networking.

View Event Details & Register Here »

We’ll hope to meet you soon.

Разработчики, присоединяйтесь к Cloudflare и Яндексу на нашей предстоящей встрече в Москве!

Cloudflare сотрудничает с Яндексом, чтобы организовать мероприятие в этом месяце в штаб-квартире Яндекса. Мы приглашаем вас присоединиться к встрече посвященной новейшим достижениям в интернет-индустрии. На мероприятии соберутся клиенты Cloudflare, профессионалы из технического сообщества, инженеры из Cloudflare и Яндекса.

Вторник, 30 мая: 18:00 – 22:00

Место встречи: Яндекс, улица Льва Толстого, 16, Москва, Россия, 119021

Доклады будут включать себя такие темы как «Решения безопасности Cloudflare и тренды в области безопасности», «Безопасность в Yandex Cloud», “Производительность и масштабируемость в Cloudflare и «Edge computing» от докладчиков из Cloudflare и Яндекса.

Среди докладчиков будут Евгений Сидоров, Заместитель руководителя группы безопасности сервисов в Яндексе, Иван Бобров, Инженер по производительности в Cloudflare, Алекс Круз Фармер, Менеджер продукта Firewall в Cloudflare, и Ольга Скобелева, Инженер по внедрению в Cloudflare.

Программа:

18:00 – 19:00 – Регистрация, напитки и общение

19:00 – 19:10 – Обзор Cloudflare

19:10 – 19:40 – Производительность и масштабируемость в Cloudflare

19:40 – 20:10 – Решения для обеспечения безопасности в Яндексе

20:10 – 20:40 – Решения безопасности Cloudflare и тренды в области безопасности

20:40 – 21:10 – Примеры Serverless-решений по безопасности

Q&A

Вслед за презентациям последует общение, еда и напитки.

Посмотреть детали события и зарегистрироваться можно здесь »

Ждем встречи с вами!

Cryptanalyzing a Pair of Russian Encryption Algorithms

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/cryptanalyzing_.html

A pair of Russia-designed cryptographic algorithms — the Kuznyechik block cipher and the Streebog hash function — have the same flawed S-box that is almost certainly an intentional backdoor. It’s just not the kind of mistake you make by accident, not in 2014.

Leaked NSA Hacking Tools

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/leaked_nsa_hack.html

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own cyberweapons seriously into question.

Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.

Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don’t think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA — or US Cyber Command — to hoard zero-day vulnerabilities.

Russia Is Testing Online Voting

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/russia_is_testi.html

This is a bad idea:

A second innovation will allow “electronic absentee voting” within voters’ home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital’s city council in September. The details of how the experiment will work are not yet known; the State Duma’s proposal on Internet voting does not include logistical specifics. The Central Election Commission’s reference materials on the matter simply reference “absentee voting, blockchain technology.” When Dmitry Vyatkin, one of the bill’s co-sponsors, attempted to describe how exactly blockchains would be involved in the system, his explanation was entirely disconnected from the actual functions of that technology. A discussion of this new type of voting is planned for an upcoming public forum in Moscow.

Surely the Russians know that online voting is insecure. Could they not care, or do they think the surveillance is worth the risk?

Cybersecurity Insurance Not Paying for NotPetya Losses

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/cybersecurity_i_2.html

This will complicate things:

To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile or warlike action in time of peace or war” exemption.

I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing.

Cell Phone Security and Heads of State

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/10/cell_phone_secu_1.html

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump’s personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potential security vulnerabilities in Trump’s cell phone use since he became president. And President Barack Obama bristled at — but acquiesced to — the security rules prohibiting him from using a “regular” cell phone throughout his presidency.

Three broader questions obviously emerge from the story. Who else is listening in on Trump’s cell phone calls? What about the cell phones of other world leaders and senior government officials? And — most personal of all — what about my cell phone calls?

There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cell phone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet’s major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing “target selectors”: phone numbers the NSA searches for and records. These included senior government officials of Germany — among them Chancellor Angela Merkel — France, Japan, and other countries.

Other countries don’t have the same worldwide reach that the NSA has, and must use other methods to intercept cell phone calls. We don’t know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a US congressman’s phone live on camera in 2016. Back in 2005, unknown attackers targeted the cell phones of many Greek politicians by hacking the country’s phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company.

Alternatively, an attacker could intercept the radio signals between a cell phone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don’t think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.

The other way to eavesdrop on a cell phone is by hacking the phone itself. This is the technique favored by countries with less sophisticated intelligence capabilities. In 2017, the public-interest forensics group Citizen Lab uncovered an extensive eavesdropping campaign against Mexican lawyers, journalists, and opposition politicians — presumably run by the government. Just last month, the same group found eavesdropping capabilities in products from the Israeli cyberweapons manufacturer NSO Group operating in Algeria, Bangladesh, Greece, India, Kazakhstan, Latvia, South Africa — 45 countries in all.

These attacks generally involve downloading malware onto a smartphone that then records calls, text messages, and other user activities, and forwards them to some central controller. Here, it matters which phone is being targeted. iPhones are harder to hack, which is reflected in the prices companies pay for new exploit capabilities. In 2016, the vulnerability broker Zerodium offered $1.5 million for an unknown iOS exploit and only $200 for a similar Android exploit. Earlier this year, a new Dubai start-up announced even higher prices. These vulnerabilities are resold to governments and cyberweapons manufacturers.

Some of the price difference is due to the ways the two operating systems are designed and used. Apple has much more control over the software on an iPhone than Google does on an Android phone. Also, Android phones are generally designed, built, and sold by third parties, which means they are much less likely to get timely security updates. This is changing. Google now has its own phone — Pixel — that gets security updates quickly and regularly, and Google is now trying to pressure Android-phone manufacturers to update their phones more regularly. (President Trump reportedly uses an iPhone.)

Another way to hack a cell phone is to install a backdoor during the design process. This is a real fear; earlier this year, US intelligence officials warned that phones made by the Chinese companies ZTE and Huawei might be compromised by that government, and the Pentagon ordered stores on military bases to stop selling them. This is why China’s recommendation that if Trump wanted security, he should use a Huawei phone, was an amusing bit of trolling.

Given the wealth of insecurities and the array of eavesdropping techniques, it’s safe to say that lots of countries are spying on the phones of both foreign officials and their own citizens. Many of these techniques are within the capabilities of criminal groups, terrorist organizations, and hackers. If I were guessing, I’d say that the major international powers like China and Russia are using the more passive interception techniques to spy on Trump, and that the smaller countries are too scared of getting caught to try to plant malware on his phone.

It’s safe to say that President Trump is not the only one being targeted; so are members of Congress, judges, and other senior officials — especially because no one is trying to tell any of them to stop using their cell phones (although cell phones still are not allowed on either the House or the Senate floor).

As for the rest of us, it depends on how interesting we are. It’s easy to imagine a criminal group eavesdropping on a CEO’s phone to gain an advantage in the stock market, or a country doing the same thing for an advantage in a trade negotiation. We’ve seen governments use these tools against dissidents, reporters, and other political enemies. The Chinese and Russian governments are already targeting the US power grid; it makes sense for them to target the phones of those in charge of that grid.

Unfortunately, there’s not much you can do to improve the security of your cell phone. Unlike computer networks, for which you can buy antivirus software, network firewalls, and the like, your phone is largely controlled by others. You’re at the mercy of the company that makes your phone, the company that provides your cellular service, and the communications protocols developed when none of this was a problem. If one of those companies doesn’t want to bother with security, you’re vulnerable.

This is why the current debate about phone privacy, with the FBI on one side wanting the ability to eavesdrop on communications and unlock devices, and users on the other side wanting secure devices, is so important. Yes, there are security benefits to the FBI being able to use this information to help solve crimes, but there are far greater benefits to the phones and networks being so secure that all the potential eavesdroppers — including the FBI — can’t access them. We can give law enforcement other forensics tools, but we must keep foreign governments, criminal groups, terrorists, and everyone else out of everyone’s phones. The president may be taking heat for his love of his insecure phone, but each of us is using just as insecure a phone. And for a surprising number of us, making those phones more private is a matter of national security.

This essay previously appeared in the Atlantic.

EDITED TO ADD: Steven Bellovin and Susan Landau have a good essay on the same topic, as does Wired. Slashdot post.

Russian Censorship of Telegram

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/06/russian_censors.html

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today’s Internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the technology landscape. This new centralization radically tips the balance between those who want to censor parts of the Internet and those trying to evade censorship. When the profitable answer is for a software giant to acquiesce to censors’ demands, how long can Internet freedom last?

The recent battle between the Russian government and the Telegram messaging app illustrates one way this might play out. Russia has been trying to block Telegram since April, when a Moscow court banned it after the company refused to give Russian authorities access to user messages. Telegram, which is widely used in Russia, works on both iPhone and Android, and there are Windows and Mac desktop versions available. The app offers optional end-to-end encryption, meaning that all messages are encrypted on the sender’s phone and decrypted on the receiver’s phone; no part of the network can eavesdrop on the messages.

Since then, Telegram has been playing cat-and-mouse with the Russian telecom regulator Roskomnadzor by varying the IP address the app uses to communicate. Because Telegram isn’t a fixed website, it doesn’t need a fixed IP address. Telegram bought tens of thousands of IP addresses and has been quickly rotating through them, staying a step ahead of censors. Cleverly, this tactic is invisible to users. The app never sees the change, or the entire list of IP addresses, and the censor has no clear way to block them all.

A week after the court ban, Roskomnadzor countered with an unprecedented move of its own: blocking 19 million IP addresses, many on Amazon Web Services and Google Cloud. The collateral damage was widespread: The action inadvertently broke many other web services that use those platforms, and Roskomnadzor scaled back after it became clear that its action had affected services critical for Russian business. Even so, the censor is still blocking millions of IP addresses.

More recently, Russia has been pressuring Apple not to offer the Telegram app in its iPhone App Store. As of this writing, Apple has not complied, and the company has allowed Telegram to download a critical software update to iPhone users (after what the app’s founder called a delay last month). Roskomnadzor could further pressure Apple, though, including by threatening to turn off its entire iPhone app business in Russia.

Telegram might seem a weird app for Russia to focus on. Those of us who work in security don’t recommend the program, primarily because of the nature of its cryptographic protocols. In general, proprietary cryptography has numerous fatal security flaws. We generally recommend Signal for secure SMS messaging, or, if having that program on your computer is somehow incriminating, WhatsApp. (More than 1.5 billion people worldwide use WhatsApp.) What Telegram has going for it is that it works really well on lousy networks. That’s why it is so popular in places like Iran and Afghanistan. (Iran is also trying to ban the app.)

What the Russian government doesn’t like about Telegram is its anonymous broadcast feature­ — channel capability and chats — ­which makes it an effective platform for political debate and citizen journalism. The Russians might not like that Telegram is encrypted, but odds are good that they can simply break the encryption. Telegram’s role in facilitating uncontrolled journalism is the real issue.

Iran attempts to block Telegram have been more successful than Russia’s, less because Iran’s censorship technology is more sophisticated but because Telegram is not willing to go as far to defend Iranian users. The reasons are not rooted in business decisions. Simply put, Telegram is a Russian product and the designers are more motivated to poke Russia in the eye. Pavel Durov, Telegram’s founder, has pledged millions of dollars to help fight Russian censorship.

For the moment, Russia has lost. But this battle is far from over. Russia could easily come back with more targeted pressure on Google, Amazon and Apple. A year earlier, Zello used the same trick Telegram is using to evade Russian censors. Then, Roskomnadzor threatened to block all of Amazon Web Services and Google Cloud; and in that instance, both companies forced Zello to stop its IP-hopping censorship-evasion tactic.

Russia could also further develop its censorship infrastructure. If its capabilities were as finely honed as China’s, it would be able to more effectively block Telegram from operating. Right now, Russia can block only specific IP addresses, which is too coarse a tool for this issue. Telegram’s voice capabilities in Russia are significantly degraded, however, probably because high-capacity IP addresses are easier to block.

Whatever its current frustrations, Russia might well win in the long term. By demonstrating its willingness to suffer the temporary collateral damage of blocking major cloud providers, it prompted cloud providers to block another and more effective anti-censorship tactic, or at least accelerated the process. In April, Google and Amazon banned­ — and technically blocked­ — the practice of “domain fronting,” a trick anti-censorship tools use to get around Internet censors by pretending to be other kinds of traffic. Developers would use popular websites as a proxy, routing traffic to their own servers through another website­ — in this case Google.com­ — to fool censors into believing the traffic was intended for Google.com. The anonymous web-browsing tool Tor has used domain fronting since 2014. Signal, since 2016. Eliminating the capability is a boon to censors worldwide.

Tech giants have gotten embroiled in censorship battles for years. Sometimes they fight and sometimes they fold, but until now there have always been options. What this particular fight highlights is that Internet freedom is increasingly in the hands of the world’s largest Internet companies. And while freedom may have its advocates — ­the American Civil Liberties Union has tweeted its support for those companies, and some 12,000 people in Moscow protested against the Telegram ban­ — actions such as disallowing domain fronting illustrate that getting the big tech companies to sacrifice their near-term commercial interests will be an uphill battle. Apple has already removed anti-censorship apps from its Chinese app store.

In 1993, John Gilmore famously said that “The Internet interprets censorship as damage and routes around it.” That was technically true when he said it but only because the routing structure of the Internet was so distributed. As centralization increases, the Internet loses that robustness, and censorship by governments and companies becomes easier.

This essay previously appeared on Lawfare.com.

Router Vulnerability and the VPNFilter Botnet

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/06/router_vulnerab.html

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it’s a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming years.

VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. (For a list of specific models, click here.) It’s an impressive piece of work. It can eavesdrop on traffic passing through the router ­ specifically, log-in credentials and SCADA traffic, which is a networking protocol that controls power plants, chemical plants and industrial systems ­ attack other targets on the Internet and destructively “kill” its infected device. It is one of a very few pieces of malware that can survive a reboot, even though that’s what the FBI has requested. It has a number of other capabilities, and it can be remotely updated to provide still others. More than 500,000 routers in at least 54 countries have been infected since 2016.

Because of the malware’s sophistication, VPNFilter is believed to be the work of a government. The FBI suggested the Russian government was involved for two circumstantial reasons. One, a piece of the code is identical to one found in another piece of malware, called BlackEnergy, that was used in the December 2015 attack against Ukraine’s power grid. Russia is believed to be behind that attack. And two, the majority of those 500,000 infections are in Ukraine and controlled by a separate command-and-control server. There might also be classified evidence, as an FBI affidavit in this matter identifies the group behind VPNFilter as Sofacy, also known as APT28 and Fancy Bear. That’s the group behind a long list of attacks, including the 2016 hack of the Democratic National Committee.

Two companies, Cisco and Symantec, seem to have been working with the FBI during the past two years to track this malware as it infected ever more routers. The infection mechanism isn’t known, but we believe it targets known vulnerabilities in these older routers. Pretty much no one patches their routers, so the vulnerabilities have remained, even if they were fixed in new models from the same manufacturers.

On May 30, the FBI seized control of toknowall.com, a critical VPNFilter command-and-control server. This is called “sinkholing,” and serves to disrupt a critical part of this system. When infected routers contact toknowall.com, they will no longer be contacting a server owned by the malware’s creators; instead, they’ll be contacting a server owned by the FBI. This doesn’t entirely neutralize the malware, though. It will stay on the infected routers through reboot, and the underlying vulnerabilities remain, making the routers susceptible to reinfection with a variant controlled by a different server.

If you want to make sure your router is no longer infected, you need to do more than reboot it, the FBI’s warning notwithstanding. You need to reset the router to its factory settings. That means you need to reconfigure it for your network, which can be a pain if you’re not sophisticated in these matters. If you want to make sure your router cannot be reinfected, you need to update the firmware with any security patches from the manufacturer. This is harder to do and may strain your technical capabilities, though it’s ridiculous that routers don’t automatically download and install firmware updates on their own. Some of these models probably do not even have security patches available. Honestly, the best thing to do if you have one of the vulnerable models is to throw it away and get a new one. (Your ISP will probably send you a new one free if you claim that it’s not working properly. And you should have a new one, because if your current one is on the list, it’s at least 10 years old.)

So if it won’t clear out the malware, why is the FBI asking us to reboot our routers? It’s mostly just to get a sense of how bad the problem is. The FBI now controls toknowall.com. When an infected router gets rebooted, it connects to that server to get fully reinfected, and when it does, the FBI will know. Rebooting will give it a better idea of how many devices out there are infected.

Should you do it? It can’t hurt.

Internet of Things malware isn’t new. The 2016 Mirai botnet, for example, created by a lone hacker and not a government, targeted vulnerabilities in Internet-connected digital video recorders and webcams. Other malware has targeted Internet-connected thermostats. Lots of malware targets home routers. These devices are particularly vulnerable because they are often designed by ad hoc teams without a lot of security expertise, stay around in networks far longer than our computers and phones, and have no easy way to patch them.

It wouldn’t be surprising if the Russians targeted routers to build a network of infected computers for follow-on cyber operations. I’m sure many governments are doing the same. As long as we allow these insecure devices on the Internet ­ and short of security regulations, there’s no way to stop them ­ we’re going to be vulnerable to this kind of malware.

And next time, the command-and-control server won’t be so easy to disrupt.

This essay previously appeared in the Washington Post

EDITED TO ADD: The malware is more capable than we previously thought.

An Example of Deterrence in Cyberspace

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/06/an_example_of_d.html

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US.

I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump, by Michael Isikoff and David Corn. Here’s the quote:

The principals did discuss cyber responses. The prospect of hitting back with cyber caused trepidation within the deputies and principals meetings. The United States was telling Russia this sort of meddling was unacceptable. If Washington engaged in the same type of covert combat, some of the principals believed, Washington’s demand would mean nothing, and there could be an escalation in cyber warfare. There were concerns that the United States would have more to lose in all-out cyberwar.

“If we got into a tit-for-tat on cyber with the Russians, it would not be to our advantage,” a participant later remarked. “They could do more to damage us in a cyber war or have a greater impact.” In one of the meetings, Clapper said he was worried that Russia might respond with cyberattacks against America’s critical infrastructure­ — and possibly shut down the electrical grid.

The second is from the book The World as It Is, by President Obama’s deputy national security advisor Ben Rhodes. Here’s the New York Times writing about the book.

Mr. Rhodes writes he did not learn about the F.B.I. investigation until after leaving office, and then from the news media. Mr. Obama did not impose sanctions on Russia in retaliation for the meddling before the election because he believed it might prompt Moscow into hacking into Election Day vote tabulations. Mr. Obama did impose sanctions after the election but Mr. Rhodes’s suggestion that the targets include President Vladimir V. Putin was rebuffed on the theory that such a move would go too far.

When people try to claim that there’s no such thing as deterrence in cyberspace, this serves as a counterexample.

ЕСПЧ: Най-лошото решение за 2017

Post Syndicated from nellyo original https://nellyo.wordpress.com/2018/06/02/echr-24/

Strasbourg Observers традиционно обявяват най-добро и най-лошо решение на ЕСПЧ всяка година.   За най-лошо решение от 2017 г. е обявено особеното мнение по делото Bayev v. Russia  относно закона за  анти-гей-пропагандата в Русия: “Хомофобският характер на несъгласието на съдията от Русия  относно така наречения гей пропаганден закон  беше толкова шокиращ  за нашите читатели, че спечели наградата за най-лошото решение, въпреки че технически не е самостоятелно решение, а само особено мнение”.

Това е добра причина да се представи решението на ЕСПЧ от 2017, така както е представено от Strasbourg Observers:

Делото се отнася до молбите на  руски активисти за правата на хомосексуалните, всеки от които е признат за виновен за административното нарушение на “обществени дейности, насочени към насърчаване на хомосексуалността сред малолетните и непълнолетните”. Първият жалбоподател е провел демонстрация пред средно училище с две знамена, на които пише “Хомосексуализмът е нормален” и “Гордея се с моята хомосексуалност”. Вторият и третият кандидат  демонстрират  пред детска библиотека с банери, на които е написано, че “Русия има най-високата степен на тийнейджърско самоубийство в света, вкл. хомосексуалисти  предприемат тази стъпка поради липсата на информация. Депутатите са убийци на деца. Хомосексуализмът е добър! ”  и  “Децата имат право да знаят. Големите хора също са понякога хомосексуални. Хомосексуалните  също стават страхотни. Хомосексуалността е естествена и нормална “.

Жалбоподателите твърдят пред ЕСПЧ, че руското законодателство нарушава член 10 от ЕКПЧ и е дискриминационно, тъй като не се прилагат подобни ограничения по отношение на хетеросексуалното мнозинство.

Решението

Намеса в свободата на изразяване съществува, чл.10.2 ЕКПЧ предвижда възможност за намеса поради причини, свързани с морала и здравето, ЕСПЧ прави оценка дали в случая намесата има легитимна цел.

ЕСПЧ не вижда причина социалното приемане на хомосексуалността да е несъвместимо с поддържането на семейни ценности. Както е посочено в решението по делото Kozak v Полша,  няма приет правилен начин за лицата да водят личния си семеен или личен живот.

Неприемливи са опитите да се правят паралели между хомосексуалността и педофилията. Дори мнозинството от руснаците да имат отрицателно мнение за хомосексуалността, би било несъвместимо с основните ценности на Конвенцията, ако упражняването на права от малцинствена група е   обусловено от приемането й от мнозинството.

Правителството твърди, че насърчаването на взаимоотношения между лица от един и същ пол трябва да бъде забранено, тъй като отношенията между тях са  риск за общественото здраве и демографското развитие. ЕСПЧ не вижда как подобен закон би могъл да помогне за постигането на желаните демографски цели или как  липсата на такъв закон би ги засегнала неблагоприятно.

Правителството не е доказало и как педофилията и порнографията сред малолетните и непълнолетните (независимо от сексуалната ориентация на засегнатите лица) са свързани с хомосексуалността и с този закон.

Въпросните правни разпоредби не служат за постигане на легитимната цел на защитата на морала,   защита на здравето и защита на правата на другите.  Чрез приемането на такива закони властите засилват стигмата и предразсъдъците и насърчават хомофобията, която е несъвместима с понятията за равенство, плурализъм и толерантност, присъщи на едно демократично общество. Нарушение на  член 10 от ЕКПЧ.

Особеното мнение може да се прочете на сайта на ЕСПЧ. Според него децата трябва да се консултират предимно с родителите си или близки членове на семейството, вместо да получават информация за секса от плакати  на улицата, а също се твърди, че ЕСПЧ   не е взел сериозно предвид факта, че личният живот на децата е по-важен от свободата на изразяване на хомосексуалистите.

 

Putin Asked to Investigate Damage Caused By Telegram Web-Blocking

Post Syndicated from Andy original https://torrentfreak.com/putin-asked-to-investigate-damage-caused-by-telegram-web-blocking-180526/

After a Moscow court gave the go-ahead for Telegram to be banned in Russia last month, the Internet became a battleground.

On the instructions of telecoms watchdog Roscomnadzor, ISPs across Russia tried to block Telegram by blackholing millions of IP addresses. The effect was both dramatic and pathetic. While Telegram remained stubbornly online, countless completely innocent services suffered outages as Roscomnadzor charged ahead with its mission.

Over the past several weeks, Roscomnadzor has gone some way to clean up the mess, partly by removing innocent Google and Amazon IP addresses from Russia’s blacklist. However, the collateral damage was so widespread it’s called into question the watchdog’s entire approach to web-blockades and whether they should be carried out at any cost.

This week, thanks to an annual report presented to President Vladimir Putin by business ombudsman Boris Titov, the matter looks set to be escalated. ‘The Book of Complaints and Suggestions of Russian Business’ contains comments from Internet ombudsman Dmitry Marinichev, who says that the Prosecutor General’s Office should launch an investigation into Roscomnadzor’s actions.

Marinichev said that when attempting to take down Telegram using aggressive technical means, Roscomnadzor relied upon “its own interpretation of court decisions” to provide guidance, TASS reports.

“When carrying out blockades of information resources, Roskomnadzor did not assess the related damage caused to them,” he said.

More than 15 million IP addresses were blocked, many of them with functions completely unrelated to the operations of Telegram. Marinichev said that the consequences were very real for those who suffered collateral damage.

“[The blocking led] to a temporary inaccessibility of Internet resources of a number of Russian enterprises in the Internet sector, including several banks and government information resources,” he reported.

In advice to the President, Marinichev suggests that the Prosecutor General’s Office should look into “the legality and validity of Roskomnadzor’s actions” which led to the “violation of availability of information resources of commercial companies” and “threatened the integrity, sustainability, and functioning of the unified telecommunications network of the Russian Federation and its critical information infrastructure.”

Early May, it was reported that in addition to various web services, around 50 VPN, proxy and anonymization platforms had been blocked for providing access to Telegram. In a May 22 report, that number had swelled to more than 80 although 10 were later unblocked after they stopped providing access to the messaging platform.

This week, Roscomnadzor has continued with efforts to block access to torrent and streaming platforms. In a new wave of action, the telecoms watchdog ordered ISPs to block at least 47 mirrors and proxies providing access to previously blocked sites.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.