Security News > 2021 > June > Adventures in Contacting the Russian FSB

Adventures in Contacting the Russian FSB
2021-06-07 13:35

The reason I contacted the FSB - one of the successor agencies to the Russian KGB - ironically enough had to do with security concerns raised by an infamous Russian hacker about the FSB's own preferred method of being contacted.

"Think well before contacting the FSB for any questions or dealing with them, and if you nevertheless decide to do this, it is better to use a virtual machine," Horohorin wrote.

While Horohorin seems convinced the FSB is disseminating malware, it is not unusual for a large number of security tools used by VirusTotal or other similar malware "Sandbox" services to incorrectly flag safe files as bad or suspicious - an all-too-common condition known as a "False positive."

KrebsOnSecurity installed the FSB's software on a test computer using a separate VPN, and straight away it connected to an Internet address currently assigned to the FSB. The program prompted me to click on various parts of the screen to generate randomness for an encryption key, and when that was done it left a small window which explained in Russian that the connection was established and that I should visit a specific link on the FSB's site.

Still, James said, a number of things just don't make sense about the way the FSB has chosen to deploy its one-time VPN software.

Unlike the FSB's clear web site, the agency's Tor site does not ask visitors to download some dodgy software before contacting them.


News URL

https://krebsonsecurity.com/2021/06/adventures-in-contacting-the-russian-fsb/