Various governments in Central Asia and Latin America have acquired the System for Operative Investigative Activities (SORM) wiretapping technology from Russian providers, expanding their capabilities in intercepting communications. The technology involves monitoring equipment placed within a telecommunications provider’s facility, which then provides information to the client government’s intelligence agency. This information includes mobile numbers, phone identifiers, geolocation data, names, email addresses, and IP addresses. According to an analysis by threat intelligence firm Recorded Future, countries such as Belarus, Kazakhstan, Kyrgyzstan, Uzbekistan, Cuba, and Nicaragua have likely obtained this technology to monitor their citizens.
Recorded Future’s Insikt threat intelligence group emphasized the importance for Western companies and citizens to safeguard their communications and understand the surveillance risks when traveling to countries with weak civil protections against wiretapping. The group highlighted that even in Western countries without SORM-like systems, surveillance frameworks can still be susceptible to abuse. However, the presence of Russian-manufactured surveillance technologies in countries with a history of state surveillance operations raises concerns, especially for human rights defenders, activists, journalists, and members of civil society who could potentially be targets.
The expansion of Russia’s SORM technology is reflective of the global trend towards digital surveillance tools. Companies such as NSO Group’s Pegasus and Intellexa Consortium’s Predator have gained traction worldwide, despite facing obstacles in selling their products to sanctioned nations. According to a comprehensive report by the Atlantic Council, approximately 41% of countries globally have licensed commercial spyware, including 14 out of the 27 European Union countries. While wiretapping technology and spyware can serve legitimate purposes like law enforcement investigations or intelligence gathering, the lack of civil liberties protections in certain countries or inadequate regulation of surveillance technologies can lead to abuses by governments.
The Atlantic Council’s research identified 435 entities linked to commercial spyware, with two-thirds of them originating from Israel, Italy, and India. Russia has also emerged as a predominant provider of surveillance technology, following laws stipulating the installation of monitoring devices that comply with SORM regulations in the country. Nations within Russia’s sphere of influence have enforced similar mandates, likely granting Russia access to intercepted communications. Citadel, Norsi-Trans, Protei, and several other technology firms are identified as major providers of SORM technology, exporting their products to numerous telecommunications companies globally.
Vitor Ventura, the manager for EMEA and Asia at Cisco’s Talos threat intelligence group, highlighted the increasing risks associated with illicit digital surveillance. He noted a surge in surveillance technology adoption globally, driven by a growing appetite for such capabilities and a decline in prices, making them more accessible to interested parties. Companies operating in countries with limited civil liberty protections should consider utilizing privacy and encryption tools to mitigate risks, as telecommunications providers and VPN services may be subject to government laws mandating information sharing with intelligence agencies.
The comparison drawn between telecom companies accessing vast data similar to Kaspersky, a Russian cybersecurity firm whose products were banned due to security concerns, underscores the potential risks involved with Russian SORM providers. Companies are advised to stay informed about the proliferation of such technologies, with Russian provider Protei actively promoting SORM at trade shows in Africa, the Middle East, and Latin America, hinting at potential future adoption of the wiretapping platform in these regions.