> The Federal Service for Supervision of Communications, Information Technology and Mass Media, abbreviated as Roskomnadzor (Russian: Роскомнадзор), is the Russian federal executive agency responsible for monitoring, controlling and censoring Russian mass media. Its areas of responsibility include electronic media, mass communications, information technology and telecommunications, supervising compliance with the law, protecting the confidentiality of personal data being processed, and organizing the work of the radio-frequency service.
a nice thought, but the people physically present at the broadcast sites and russian censorship facilities have the upper hand. if you broadcast something the government doesn't like, men with guns literally come to shut down your studio and arrest you.
Just very recently http/port 80 traffic in russia is now being redirected to a page trying to get people to download and trust a government run root CA for TLS, which would enable MITM of TLS1.2/TLS1.3 traffic.
I think in the past when governments tried this route the response was browsers explicitly distrusting the certificate. I'll be getting my popcorn out to see if they have a spine because last time it was just Kazakhstan.
mozilla is generally good about these things, but what about browsers that use the operating system root CA trust storage?
Mozilla is the only browser vendor that maintains their own root CA list independently.
If you can get the operator of a windows 10/11 or MacOS device, or ios or android client device to insert a root CA into the OS trust store, then edge, chrome, and safari will trust it.
This is a dump from Republic of Bashkortostan [1], a Russian republic. This initially confused me because I though of the republics as used in Soviet Union.
Another interesting tidbit from Russian internet. Municipal services in Moscow are suggesting that folks move over to Russian browsers [2, in russian]. Some claim it's because Roskomnadzor is planning to sniff all traffic, even SSL. Some are saying it's because CAs are revoking Russian keys.
They are related, the Soviet Union had a 'top level' administrative division, the
(eventually) 15 'Soviet Republics' which became independent countries after the dissolution of the union. Some of these republics (mostly Russia) also contained internal 'Autonomous Republics', among other administrative divisions of their own. Bashkorostan was once of those 'ASSR's. This is a bit of an over-simplification since some of these definitions changed over time as did the status of some of the regions in question but the main thing is, there were several kinds of 'republic'.
That's because some CAs are revoking certificates for some Russian websites. Of course they'll have technical ability for Major-in-the-Middle attack, so that's not something I'd exclude.
I wonder if there's rule which disallows CAs to revoke certificates without reason. It seems that those actions undermine the whole web security model.
Kazakhstan was wise to introduce national root certificates.
Cite for CA revocations? I hadn't heard that, and a quick google shows just one McClatchy story about a pretty obvious (and English language) propaganda site.
I'm not sure if it was discussed on English websites. I know about revocation of one bank certificate: VTB bank. You can check certificate here: https://crt.sh/?id=5201004735
Section 4.9.11 of the CAB Baseline Requirements[0] puts "No Stipulations" on "Other forms of revocation advertisements available" so it's probably something that CAs are allowed to add in their agreements.
Otherwise, the list of revocation reasons otherwise (4.9.1.1 Reasons for Revoking a Subscriber Certificate) doesn't seem to cover anything that would apply here.
Yes, that's exactly because Russia is preparing for coordinated attempts to revoke government websites certificates, so there's no other way but manually add root certificates to foreign browsers as Russia tried to get sovereign CA for years but was denied.
Vigilante warfare is very dangerous. What happens when there is a ceasefire or peace agreement, and some vigilante violates it? What if a vigilante unwittingly interferes with an actual operation by their side (e.g., by exposing an exploit their side was using), or ignorantly destroys a resource the good guys needed? What happens if a vigilante crosses the line and conducts what the Russians think is an attack, requiring a military response? For example, what if a vigilante finds an exploit at a Russian nuclear weapons facility (maybe without even realizing what they are attacking)? NATO intelligence agencies can claim it wasn't them, but of course they would - why would the Russians believe that?
Warfare is coordinated, controlled violence, not indiscriminate violence. The vigilante stuff is very dangerous and probably achieves little. Leave it to the NSA, CIA, etc.
I don't know that anyone suggested finger-wagging, and there have always been independent actors in wars. Authorities can persuade vigilantes, including with some of the points I made above ('you don't want to be responsible for people - including allied soldiers or private citizens - dying'), deter them ('it's illegal, a threat to national security, and we'll prosecute you; also, you will never work professionally again', which will deter anyone with a family, serious career, etc.), co-opt them, and also not encourage them, which Zelensky did.
Of course. Desperation moves - like engaging vigilantes - do more harm to Zelensky's purpose than good; it's a signal of failing, panicked leadership (though most signals demostrate otherwise for Zelensky). For example, when engaging independent soldiers Zelensky did not engage them as vigilantes: the Ukrainian government requires volunteers to have prior military service, to serve in uniform in the Ukrainian military and under Ukrainian command, and to use weapons issued by the Ukrainian military. Zelensky didn't say, 'whoever wants to help, start shooting!'.
It's a mistake to think that Internet cyber operations are different.
These two “secret raw databases” are consultant.ru and garant.ru, publicly available legal information and reference software used by all legal departments over the country.
This leak is probably made up by FSB.
It seems so! I'm unsure why, this seems like the perfect type of content for HN as it's focus on technology and would be interesting for most hackers. One minute it was at the top of frontpage, next one it was close to the bottom and now it's on the second page...
Escaping a virtual machine isn't unheard of. If I were a betting man then I would place good money that this, being a data dump of a state, could contain state-sponsored 0-days designed to escape such things.
> Users are advised to be extra careful as some directories, like ПОЧТА Приемная, appear to contain large numbers of email attachments. Email attachments are often a vector of malware and phishing attempts, so use caution and tools like Dangerzone (https://dangerzone.rocks/) and others.
> This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data.
Kind of need to ask. Does this giant data dump from a censorship organization also include gathered personal data from private citizens? In which case this probably should not be made public.
I take it that you're also willing to condemn Snowden for releasing his trove of documents without looking at them either, with the result being that 95% of them weren't related to his stated purpose (domestic surveillance programs on Americans)?
At this point, any damage done to Russia is either morally good, or at least neutral. Literally anything. In the worst case it’s just collateral damage.
Interestingly, that is not at all the view of real soldiers, involved in life-and-death, existential conflict. Damage to enemy civilians must be minimized and be proportional to the purpose. You can't nuke a town because someone threw a rock at you, for example. Remember that goes for both sides: If you nuke their town, then your civilians are likely to suffer the same or worse. Among real soldiers, the 'anything goes' mentality is the mindset of war criminals.
This is warfare. If the actions of the Russian military deny them all humanity and rights, then that is true of every side in every war. Morality and laws of war mean nothing; they will never apply by that standards. If they only apply to saints, what good are these rules?
What about the US and what they did in Iraq, such as at Abu Ghraib, or during the war on terror? Who meets your standards?
During World War 2, did anyone think about those poor Germans thrown in jails for protesting the war?
I mean, sure, those aren’t the offenders. But because Russia is a terrorist state, targeting civilians instead of opponent’s military, any act against them - anything that hurts Russia - would be morally justified. It’s just a lesser evil.
Then giving out personal information unlimited to that well-defined scope is not justified nor well defended by this argument. You can't have it both ways.
I don't think the privacy of citizens of a country actively involved in a hostile and unjustified military action against Ukraine is where our focus should be here.
I mean I don't think that forgetting our principles and indiscriminately screwing with everything inside Russia's borders because it's all fair game is the way to go either. So for example in this case if we want to damage the censorship agency we ideally remove PII of anyone who is innocent within the leak. I.e. anyone that doesn't actually work for the agency at least.
By analogy, if you hate the prison system, make sure you are punishing jailors rather than prisoners
Whose moral high ground? As an American who worked in the middle east I have seen with my own eyes the devastation and ruin which American war crimes have wrought. I'm sure if we were forced to choose between a unitary superpower of USA, China, or Russia that the vast majority of anglophones would choose USA to "rule the world" -- myself included.
But the wars in Iraq/etc were atrocities whose primary positive outcome was to fatten the owners of defense companies. That's a hell of a reason to kill as many people as we did.
Again, I'm not saying "USA is as bad as Russia", I much prefer the USA being the world superpower. But I think we have very limited moral high ground as it is. I would like us to earnestly try building a bit more of it!
> I have seen with my own eyes the devastation and ruin which American war crimes have wrought.
No doubt those things have happened and are very serious, especially to the victims, but morality is a property of sinners; it's not meaningful for saints. What makes morality special and meaningful is that we have it and use it despite our sins, despite having the free will to chose evil. Saints don't exist anyway - we would have no morality if it required them.
The world is rallying around Ukraine because of morality, because of a belief in freedom, self-determination, and justice. That is why the United States has so many allies, and countries like China and Russia have very few - it is possibly the great realist, geopolitical advantage of the US: we have allies who trust us, welcome our bases, invite our intervention, because of the (limited, human, very flawed) morality.
> I would like us to earnestly try building a bit more of it!
You’re probably overestimating the network effects of perceived morality and underestimating the effects of being by far the most powerful nation since 1945.
If China doesn’t implode and becomes way more powerful than the United States, we will lose most of our allies regardless of popular opinion.
> You’re probably overestimating the network effects of perceived morality and underestimating the effects of being by far the most powerful nation since 1945.
I am? What basis do you have for saying that? Do you have expertise in this field? Do you know more about it than I do?
The US has been the sole superpower only since the Soviet Union imploded in the early 1990s. The US led and leads an alliance based on shared values; NATO is arguably the strongest, largest, and IIRC the longest-lasting military alliance in history. Note that the US is a great ally even of the countries it defeated in war, Japan and Germany, probably because it gave them their freedom rather than pillage and destroy them. There is zero threat of betrayal and war between NATO allies - France and Germany will never fight, something that never happened before.
The people with expertise say that shared values create strong, long-lasting alliances that can change and move relatively rapidly and with flexibility. For example, imagine the response to Ukraine if there weren't shared values about democracy, soveriegnty, and appeasement of dictators - those baseline beliefs enabled a rapid response. It's the people without expertise who like to imagine that amorality is more 'hardcore' and 'real'; somehow it's trendy to insist that humans must be sociopaths, despite abundent evidence to the contrary.
> If China doesn’t implode and becomes way more powerful than the United States, we will lose most of our allies regardless of popular opinion.
That's not how international relations typically work. Usually, if one country becomes much more powerful, the others ally with each other against the power in order to balance it. The US is unusual in that the other powers allied with them.
Just as one example as there are numerous others - October 3rd, 2015 US Air Force AC-130U gunship struck a trauma hospital in Kunduz in Northern Afghanistan, killing 42 and injuring 30 others.
I wouldn't think Russian politicians called for hospitals and Ukrainian schools to be hit, but that's just not how war works. Certainly, US politicians weren't calling for an Afghan hospital to be struck with missile fire.
> I wouldn't think Russian politicians called for hospitals and Ukrainian schools to be hit
Russia is admitting to intentionally attacking the hospital.
Their claim is that the hospital was long abandoned by patients and has been used by the Ukrainian military. Ukraine says the hospital was in use by patients and that 3 were killed and 17 were injured. There are photos of injured pregnant women walking away from the debris. Russia claims these photos are staged. Speculation from the West is that Russia is attacking civilians like this intentionally to break the Ukrainian people's spirit.
Now you know both sides. Do with it what you will.
Well, so far they've said, officially, about this one bombing, in order (I may have missed some other explanations):
(1) We didn't do it. (I think this story also had “Ukraine bombed it themselves”, but that may have been added by unofficial proxies and not part of the official explanation.)
(2) We did it, intentionally, but it is long out of use as a maternity hospital and is instead an Azov base and so part of our legitimate war against Ukrainian Nazis, and the pregnant women shown are crisis actors.
Are you making an equivalence between bombing hospitals and releasing private information as a side-effect of leaking a censorship organization's data?
I mean, this is some really low hanging fruit and I don't really expect a lot of shocking revelations to come from this.
Censorship? In Russia? Why, I never.
And it's just, OK now for us to be releasing stolen files from foreign governments ? We are not at war with Russia (yet).
I'm not really onboard with this kind of thing. Flip the switch and imagine some Russian hackers doing it to your country, you would be annoyed.
(I'm not pro-russian or anything; fuck Putin and the horse he rode in on -- I just think this is largely pointless, some script kiddie trying to show how j33t he is, and will just escalate things further for zero gain.)
This war can be stopped by russia and russia only. Public opinion in russia is shaped and controlled by this organization. A large proportion of the population is believing the bs that this organization is providing. I think anything that can be done to undermine this organization inside of russia to shift public opinion can potentially help stop this war and I am all for it. Russia hacks other countries without regard to sovereignty of other countries, playing nice with them will do nothing but encourage them to keep being assholes.
> And it's just, OK now for us to be releasing stolen files from foreign governments ? We are not at war with Russia (yet).
There are plenty of discussions of stolen files originating from the American government (and others!) on Hacker News all the time. Wikileaks, NSA dumps etc.
Wikileaks publishes everything that is material and verifiable. To claim otherwise is ridiculous - show me something that was material and verifiable, was denied publication by Wikileaks, and was later published somewhere else reputable. It would be pointless for Wikileaks to deny something because it's not like they have a monopoly on publishing.
> And it's just, OK now for us to be releasing stolen files from foreign governments ? We are not at war with Russia (yet).
Who are "us" in this context? This was released by individuals, not a entity acting for a foreign governments. Leaks happen when your security is poor. For all we know, this hack could have been done by a Ukrainian individual, who very much is at war with Russia now, would that make you feel better?
> And it's just, OK now for us to be releasing stolen files from foreign governments ?
It's generally okay to release files stolen from our own government, though it is often illegal to steal them in the first place. But, yes, generally the main exceptions to that generality don't apply to foreign government files, so it's even more okay to release them.
> We are not at war with Russia (yet)
So? The New York Times wasn't at war with the United States when it published the Pentagon Papers, either.
War is 50% propaganda, regardless of how strongly we feel about our stance.
This might be a historical first glimpse into how that part of the machine ticks.
This may be your personal reaction, and though valid according to your (and my) personal experiences, it is not necessarily the reaction of others. Some people might need direct, firsthand evidence to be swayed. And still others would never accept any evidence whatsoever.
Besides, this may reveal exactly how and where Russia censors, particularly in instances that may be unexpected. Perhaps it will even reveal their thought processes and goals.
Well, if we let our "leaders" run amok with the powers of warfare I'd expect some serious repercussions to the citizenry. "I didn't vote for him" won't get us much sympathy with our brothers and sisters elsewhere if our government is out killing people en masse.
Who "Roskomnadzor" is:
> The Federal Service for Supervision of Communications, Information Technology and Mass Media, abbreviated as Roskomnadzor (Russian: Роскомнадзор), is the Russian federal executive agency responsible for monitoring, controlling and censoring Russian mass media. Its areas of responsibility include electronic media, mass communications, information technology and telecommunications, supervising compliance with the law, protecting the confidentiality of personal data being processed, and organizing the work of the radio-frequency service.
https://en.wikipedia.org/wiki/Roskomnadzor