Data from Nokia's interception kit for Russian telcos exposed

Nokia has been left red-faced after an employee handed over 1.7 terabytes of sensitive infrastructure data for telcos the company works with in the Russian Federation to an unnamed third-party, who the left the information unprotected and openly accessible over the internet.

SORM hardware.

Security vendor UpGuard which specialises in locating insecure cloud storage discovered an open remote sync (rsync) server earlier this month that contained documents from Nokia and Russian telcos, including the country's largest operator, Mobile TeleSystems (MTS) with over 100 million customers.

The massive trove of data contained sensitive information such as login credentials for administrative platforms that could provide outside access, UpGuard said.

Nokia has acknowledged the data breach, saying it was hand-over folder provided by a company employee to an unnamed third-party.

Said third-party "failed to follow his company's business processes, security policies and his personal responsibility to protect it [the sensitive data]", Nokia told UpGuard.

Documents shedding light on the upgrade for MTS's implementation of the System for Operative Investigative Activities (SORM) interception infrastructure that telcos in Russia are legally mandated to install on their networks were also discovered on the rsync server.

Russian government agencies including the FSB federal police use SORM to intercept and log telecommunications, capturing user names, email and text messages, internet protocol addresses and phone numbers.

UpGuard said the documents included details on Nokia's installation of new SORM-3 hardware during 2014-2016, and its 64 subcontractors for the large project.

Nokia has sold lawful intercept systems similar to SORM to Middle Eastern and North African nations over the years, and been accused of aiding repressive regimes' crack-downs on protesters and activists, leading to their imprisonment and torture.

The Finnish company maintains offices in Iran since 2004, but said this year that new United States sanctions meant it will no longer accept new business in that country, although it will complete existing contractual obligations.

Beyond details on Nokia's SORM surveillance hardware and software for MTS and the Russian cities the systems are installed in, UpGuard found some 578,000 photos of data centre interiors, and tops of tall aerials.

Other images of telco equipment were high-resolution enough to reveal barcodes, serial numbers and locale-specific engineering documentation, UpGuard said.

Further details on Russian telco infrastructure could be found in computer assisted design schematics and drawing files of antennae and facility floorplans.

UpGuard also discovered email archives and individual messages, PDF and word files with contracts, Excel spreadsheets with network equipment inventories, and databases with contractor details.

Nokia was informed of the data breach by UpGuard on September 9 but dismissed the notification at first.

It was not until UpGuard reported the data breach to a US government regulator who in turn contacted Nokia's American legal representatives, that the company's head of information security arranged for the rsync server to be closed off to the public access.