Hundreds of Russian video-surveillance methods utilized by Ukrainian cities, infrastructure, personal firms, and strange houses can relay footage to Moscow-based servers owned by huge Russian firms that service the Russian authorities and navy, Schemes, the investigative unit of RFE/RL’s Ukrainian Service, has realized.
The State Service of Particular Communications and Info Safety informed Schemes it had warned the federal government that TRASSIR video-surveillance methods, that are bought by the Moscow-based agency DSSL, pose a safety menace.
Technical specialists, together with a TRASSIR specialist, and one former senior Safety Service of Ukraine (SBU) officer echoed that evaluation.
“If this digicam was positioned on some vital infrastructure facility, there could also be a query about what the workers on the opposite facet and the house owners of that server see, and the way they use that data for navy functions,” mentioned Serhiy Denysenko, government director of the Ukrainian information-security firm CyberLab’s Digital Forensics Laboratory. By “the opposite facet,” he meant Russia.
Russia launched its full-scale invasion of Ukraine in February 2022. So far, the Ukrainian authorities has issued no public warning towards utilizing the TRASSIR video-surveillance methods. Nevertheless, after Schemes revealed a report on the outcomes of its investigation, on December 7, Inside Affairs Minister Ihor Klymenko vowed that state authorities would conduct a “thorough verify” of the journalists’ findings.
“After all, it’s unacceptable when any digicam, even hypothetically, will be related and transmit data, particularly throughout wartime, to any [foreign] nation,” Klymenko mentioned on nationwide tv the next day.
The shuttered Chernobyl nuclear energy plant, which was occupied by Russian forces for over a month at first of the invasion, is among the many delicate government-run websites which have used TRASSIR video-surveillance methods, in keeping with the import-export database ImportGenius and a letter from a Chernobyl consultant to DSSL. Others embrace the Ukrainian Sea Ports Authority and the Maritime Search and Rescue Service within the Black Sea port metropolis of Odesa, in keeping with the general public procurement database Prozorro.
Purchases had been made each earlier than and after Russia occupied the Black Sea peninsula of Crimea and fomented struggle within the japanese Donbas area in 2014.
The strategically necessary southern metropolis of Kherson, which Russian forces occupied for months in 2022 earlier than retreating that November, and which they proceed to bombard continuously, purchased TRASSIR for video surveillance of public areas, the database exhibits. Different purchasers embrace the economic cities of Nikopol, Poltava, and Slavutych, all of which have confronted Russian assaults.
Schemes discovered no proof that the Russian navy or safety providers are utilizing TRASSIR-system footage to focus on these particular places. Lower than every week into the full-scale invasion, Kyiv blocked entry to the Russia-based Web servers that TRASSIR makes use of. A lot of the Ukrainian firms or services which have used TRASSIR and responded to questions from Schemes mentioned that they used the Russian software program in a closed native community, to scale back the chance of information leakage, or that that they had stopped utilizing it.
But Schemes and digital-security specialists decided that the TRASSIR methods nonetheless can entry these servers through digital personal networks (VPNs), which conceal a consumer’s location and are broadly utilized in Ukraine.
The Kremlin’s Digicam Connection
TRASSIR, owned by DSSL, is a longtime model title for digicam surveillance in Russia: The printed hub for Russian nationwide TV channels, Moscow’s Ostankino Tower, the Tomsk area’s authorities headquarters, and a St. Petersburg bridge all use the TRASSIR CCTV system, in keeping with the DSSL web site. Altogether, the corporate claims 150 companions in Belarus, Bulgaria, Kazakhstan, Kyrgyzstan, Moldova, Romania, and Russia.
The system, which TRASSIR claims can be utilized at websites starting from “a small retailer to an airport,” largely makes use of cameras from the Chinese language firm Hikvision, however the software program that transmits the cameras’ footage is TRASSIR’s personal.
The import-export database ImportGenius exhibits that Ukrainian firms imported over 10,000 cameras and video recorders from the TRASSIR surveillance system from 2016 till Kyiv ended all Russian imports in February 2022. These numbers don’t take potential unlawful imports under consideration.
Digital safety activists informed Schemes that cameras geared up with the TRASSIR software program can transmit video to Russian servers. Individually, a 2019 promotional article mentioned that a lot of government-run services and personal firms had been among the many Ukrainian entities utilizing TRASSIR’s digicam methods.
To substantiate the activists’ findings, Schemes collaborated with the Digital Forensics Laboratory and the Digital Safety Laboratory, a Kyiv-based nonprofit, to check the TRASSIR video-surveillance system. Schemes purchased one of many cameras on-line; the activists, who requested anonymity, offered a number of cameras from the TRASSIR surveillance system and a video recorder.
Utilizing a VPN to skirt Ukraine’s block on Russian servers, Digital Safety Laboratory specialist Natalia Onishchenko decided that, apart from different locations, corresponding to Google in the USA, the digicam sends data-transfer requests to a Russia-based subdomain of TRASSIR’s web site,, m30.ru.cloudtrassir.com.
A domain-name tracer revealed that this subdomain‘s Web Protocol (IP) tackle, the string of numbers that identifies it on-line, belongs to a Moscow firm known as Digital Community.
Digital Community is an Web service supplier (ISP) that’s a part of a massive Russian company and is understood by the model title msm.ru. Its shoppers embrace the Web firm Yandex, whose merchandise embrace Russia’s dominant search engine, and the Russian Protection Ministry’s TV channel, Zvezda.
Information from Russia’s portal for presidency contracts, EIS Zakupki, present that Digital Community offered Web entry to “navy unit 43753,” in any other case often known as the Heart for Info Safety and Particular Communication, between 2015 and 2017. The Heart, a part of the Federal Safety Service (FSB), Russia’s primary intelligence company, screens and evaluates software program and assists the FSB with decryption.
The TRASSIR system’s software program additionally despatched a information request to a server that belongs to the huge personal Russian IT firm VK, one other of the Kremlin’s company comrades, which, in keeping with one German researcher, is “state-controlled and pursues ideological and intelligence targets” for the Kremlin. VK based the favored social-media networks VK and Odnoklassniki, and owns the broadly used e-mail system Mail.ru.
Beneath Russia’s 2019 Sovereign Web Legislation, Russian IT firms are obliged to put in tools that permits the federal communications company Roskomnadzor to observe their Web site visitors. An earlier regulation, a part of the so-called Yarovaya amendments, stipulates that IT firms protect information, together with video footage, for six months and switch it over to Russian state buildings upon demand.
Such laws implies that “entry to all assets saved in Russia is feasible for the particular providers and regulation enforcement companies even with out court docket choices,” mentioned Ukrainian counterintelligence specialist Viktor Yahun, a reserve SBU main normal who previously labored on counterintelligence operations towards the FSB.
“Every part associated to data, the Web, communication — all that is united on this middle,” he mentioned.
A Blocked Buy
Yury Shyhol, a former director of Ukraine’s State Service of Particular Communications and Info Safety, which oversees cybersecurity, informed Schemes in a written response that the company had warned “safety and protection sector ministries” in Could 2022, some three months into Russia’s full-scale invasion, that DSSL and TRASSIR cooperate with Russian safety ministries and providers.
Shyhol didn’t elaborate concerning the Ukrainian ministries’ response, however Schemes might discover no indication that the federal government has issued a public warning concerning the TRASSIR video-surveillance methods or tried to cease their sale inside Ukraine.
In response to Schemes’ question about TRASSIR, the SBU mentioned that it couldn’t focus on counterintelligence actions. It talked about a 2020 case, nevertheless, during which it blocked the 8-million-hryvnya ($280,000) buy of TRASSIR video-surveillance methods by the administration of the Lviv area in western Ukraine.
The methods might be used to “get hold of details about the motion of navy tools by rail transportation and public highways,” the SBU mentioned in a publication explaining the choice to dam the acquisition.
A ‘Harmful’ Know-how
A technician at one of many former primary Ukrainian distributors of the TRASSIR system, TRASSIR EU, conceded that the truth that the cameras’ information travels first to Russian servers is “harmful.”
“However that’s the way in which the know-how is,” mentioned TRASSIR EU technical specialist Vitaliy Fedorenko. “The entire world works like this.”
The methods will be redirected to ship their information to Ukrainian servers, however it’s “unrealistic” for house owners to try this for every of the “a whole lot of 1000’s” of TRASSIR cameras in Ukraine, Fedorenko mentioned.
Most reported TRASSIR shoppers who responded to Schemes’ questions confused that they use or have used the system inside a neighborhood community inaccessible to outdoors entities.
The performing normal director of the Chernobyl plant, Serhiy Martinov, mentioned that it had stopped utilizing TRASSIR in 2023. A letter from the plant on the DSSL website states Chernobyl had used it since 2011.
Within the east-central metropolis of Poltava, the place TRASSIR is used as a part of a municipal security program, First Deputy Mayor Valeriy Parkhomenko mentioned he had “had no official appeals or warnings that this technique has any dangers.”
The top of town’s Housing and Communal Providers Division’s emergency response crew, Mykola Yosipenko, conceded, although, that he couldn’t be “100-percent certain” that the digicam’s data-transfers are fully protected.
An engineer from the corporate that put in TRASSIR for Poltava, Yavir-2000, suggested towards utilizing the system, saying that it may be hacked and that Russia might use it for monitoring. The engineer, who didn’t know he was chatting with a journalist, advised that it could make sense to make use of the system “if you should be monitored from Russia.”
Plans For The Future
TRASSIR EU’s founder, Oleh Kiyashko , a local of Ukraine who has Ukrainian and Russian citizenship and is listed on one enterprise registry website as a co-owner of a sales-focused DSSL affiliate known as DSSL-Pyervy (DSSL-First), couldn’t be reached for remark concerning the surveillance methods’ software program.
TRASSIR EU Director Larysa Osadcha claims that the corporate ended its contract and contacts with DSSL in April 2023.
Ukraine’s patent registry exhibits, nevertheless, that the agency nonetheless holds the copyright to the TRASSIR software program in Ukraine.
Osadcha mentioned that the corporate is now working with new software program for video-surveillance methods known as AZIGUARD — this time from Romania, which is a member of NATO and the European Union. Nevertheless, the web site of AziTrend, the corporate that owns AZIGUARD, nonetheless accommodates quite a few references to TRASSIR software program, which, in keeping with the commercial, is a part of the system from the Romanian producer.
Later, after Schemes made inquiries and reported on TRASSIR, references to this Russian software program started to vanish from the AziTrend web site, however a few of them haven’t been eliminated.