What is the issue?
A Russian security researcher named Leonid Evdokimov uncovered that SORM hardware equipment used by Russian law enforcement authorities to intercept internet traffic had been exposing surveillance data of hundreds of Russians.
The big picture
SORM (System for Operative Investigative Activities) devices are hardware equipment that allows Russian law enforcement agencies to log details such as IP addresses, IMEI and IMSI codes, MAC addresses, ICQ usernames, and email addresses spotted in POP3, SMTP or IMAP4 traffic, or in connections to various webmail providers.
Evdokimov at the Chaos Constructions security conference said that he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password. He also published his presentation on his website.
He added that he discovered the leaky devices in April 2018 and started working with ISPs to secure them in June 2018. However, as of August 25, 2019, six IP addresses remained unclosed and were closed only after his presentation from the Chaos Constructions conference being published.
What information was exposed?
The unprotected FTP servers contained traffic logs from past law enforcement surveillance operations, which include: