Category Archives: Countersurveillance

Russian student accused of penetrating state systems on the orders of FSB

This past weekend, Estonian Internal Security Service agents at the border checkpoint in Narva arrested a man on his way to Russia suspected of acting as an agent for the Federal Security Service of the Russian Federation (FSB). The Russian citizen is suspected of non-violent activities against the Republic of Estonia and the preparation of computer-related crime. The targets in his activities against Estonia were Estonian state agencies.

The suspect is a young man with a very high IT skills proficiency. He arrived in Estonia «some time ago» with a valid visa. This was supposed to dispel all suspicions. The Estonian Internal Security Service (KAPO) believes the man was instructed by the FSB on what to do and take interest in while still in Russia. The young man was supposed to use his skills to find weaknesses in the computer networks of Estonian state agencies. Because KAPO needed proof of the agents actions, and because there was no direct and acute threat to the state, the agency placed the spy under surveillance and allowed him to continue his activities. Postimees has been told that all attempts by the IT specialist to penetrate Estonian networks failed. The man was apprehended a few hundred yards from the Russian border in Narva while on his way back during the weekend.

Story by the Russian news agency

On suspicion of cyber espionage, the special services of Estonia detained a 20-year-old student from Kingisepp – Aleksei Vasilev. He was called an agent of the FSB. And 47news believes that so treacherous neighbors want to humiliate our State security.

As far as it is currently known, Aleksei from age 16 to 19 studied in the Estonian college (Ida-Virumaa Vocational Education Centre). Then a year he worked in Russia, at age 19 he returned to Estonia and started studies (in Virumaa College of TUT) as a programmer. In Estonia he resided on the basis of student’s residence permit.

With the Aleksei’s 38-year-old mother, Elena Pesovets, the embassy already talked. She is also a resident of Kingisepp. The 47news also talked with Elena.
– Aleksei graduated from some kind of a specialized class?
No, the usual Kingisepp school. Nine classes. Then he went to Sillamäe College (Ida-Virumaa Vocational Education Centre) to study as a programmer. Then for the higher education in Kohtla-Jarve (Virumaa College of TUT). He planned to work in profession.
– But why he did not try to study in Petersburg?
In St. Petersburg, tuition fees must be paid, but in Estonia it is free.
– But to work, to build a career he planned in Russia?
He did not think about it yet, he wanted to get the higher education, and after that to choose.
– Did he had any problems with the Estonian language?
He does not know Estonian well. But in Sillamäe and Kohtla-Järve studies are in Russian. It was not required to know Estonian to study.
– Computers are his main hobby?
Yes, he was fond of computers. But his friends, like for every guy – classmates. He does not smoke, does not drink alcohol, does not rove. Every weekend he came home. He has two brothers. All the time at home with them.
– And he lived on a scholarship or worked part-time somewhere?
He got a scholarship, and I gave him money. Like all students.
– Did you spoke with your son?
There is no connection. No possibilities to meet. I am preparing the documents. I only know one thing: my son is not a criminal.

In this story there is an incomprehensible or unpleasant yet nuance. When, after detention, an employee of the Russian embassy arrived at the detention center, instead of Aleksei, a police officer came out. He acquainted our diplomat with the paper signed by the detainee. In it, Aleksei says that he is acquainted with his rights, but he does not need the services of the embassy. But most likely, this is a childish step.


Estonian Internal Security Service (KaPo) Yearbook 2016

KaPo annual review 2016 discusses cyber security on page 21:

In 2016, Estonia also saw some attempts to access the information of the state’s high-level decision-makers. The attacks were extremely skilfully executed from the technical point of view with the use of credible fake e-mails and previously unknown technical methods. In view of the functioning mechanisms of the abovementioned APTs, it is clear that attacks cannot be avoided entirely, but they need to be identified, and major damage needs to be mitigated.
As far as Estonia is concerned, we forecast that cyber threats will increase in 2017 due to the EU presidency and the arrival of NATO units.

The section “Protection of state secrets” covers the case of Alexander Goncharov and Ivo Jurak on which we reported before.


Russian special forces operated fake GSM base station in Pärnu


In April 2015 NATO brought their special forces to Estonia for a secret NATO exercise. In the days that followed Russia unleashed a series of aggressive counter measures to monitor their exercises.

Estonian signals intelligence quickly discovered an IMSI-catcher – a false cell phone tower in the local cellular network. NATO believes that the Russians attempted to identify the key NATO personnel.

Classified NATO report: “The ghost tower came online briefly twice during the day. It overtook all local towers and hijacked all the local recipients before it dropped offline.”


Estonian Internal Security Service (KaPo) Yearbook 2015


In providing cyber security, the objective of the Internal Security Service is to identify cyber-attacks that could have been initiated by a foreign state or may threaten national security. The Information System Authority, the Estonian Information Board and the Police and Border Guard Board play an important role in the national cyber security community.

ISS doesn’t have much to inform us about. The section “Cyber Security” on page 22 and 23 contains mainly compilation of cyber security best practices.

Defacement and denial-of-service attacks can also become parts of sending a message to the enemy, i.e. influence operations. Some Estonian websites were defaced with Daesh symbols and messages in 2015. Although this was part of a global marketing campaign, it could also be regarded as a message to Estonian society.


GSM jammer found on the table of deputy mayor of Tallinn


An unique device was noticed on the table of Tallinn deputy mayor Kalle Klandorf during a interview which took place on Thursday. It is probably a jammer. Jammer is an electronic device which fills specific frequencies with electromagnetic noise. Other devices using the same frequencies are unable to transmit.

Even though the exact inscription is not seen, it may be [this device, costing USD 208]. The device blocks frequencies 925-960 MHz, 1805-1880 MHz and 1930-1990 Mhz used for mobile phones. It also blocks WiFi connection on 2.4GHz and UHF frequencies 400-470 MHz.

Klandorf laughed at the question if there is an jammer on his table. “I haven’t noticed. Maybe it’s not mine? I haven’t bough. I don’t know” he replied. He suggested that it may be a handheld radio. Ten of those were recently bought for the municipal police and crisis team. Klandorf thought that it could be a amplifier. Considering wiretapping, Klandorf said that he wouldn’t mind if they listen.

According to Electronic Communication Act p. 23 it is forbidden to use devices which create interference and disturbs radio communication. It is forbidden to sell, facilitate etc. and importing into EU. [According to the Technical Regulatory Authority], it is forbidden to allow such devices to the market and take into use because they do not comply with the regulations.

The use of frequency jammers is probably one of the methods how bribery allegations facing mayor of Tallinn tried to prevent eavesdropping by KAPO.

Comment by Estonian jammer vendor:

According to research director of OÜ Rantelon professor emeritus Andres Taklaja, the device in Klandorf’s office is meant to interrupt wiretapping devices. OÜ Rantelon produces commercial jamming devices for govermental agencies and defence forces. He said that most certainly it is a jammer. It looks like a cheap jammer with separate antenna for every frequency range. He suggested that if there is a jammer, then there must be bugs.

“These gentlemen should know the frequencies used by the bugs as they were former militiamen. They probably chose the device according to the potential bugs. The looks of the device depends on the frequencies it is meant to interfere. The length of the antennas depends on the wavelength of the radio-waves. It is possible to deduce the frequencies by external observation.”

“If the device is too powerful, then it may interfere with other equipment in the building, so I suspect that it is quite low-power. The device is powered from the plug and the power can be adjusted. It could have a battery but such devices take quite a lot of power. If it is unplugged, then it is probably turned off.” Rantelon produces bigger and more powerful devices as they are meant to be used in the field. The professor didn’t suggest how the deputy mayor could have obtained the jammer.


The suspected mayor of Tallinn ordered regular bug sweeps


By eavesdropping on telephone calls, the investigators were aware who and when Mr Savisaar met and what to keep in mind while collecting evidence. The investigators were aware that dark matters are not discussed over the phone, and that plain speech would be avoided if at all possible.

Here is where hidden cameras are helpful, installed by court permission. However, even these are in danger to be discovered. Especially with Mr Savisaar, as the all-suspecting Mayor of Tallinn is in the habit of asking people close to him «bug control» places linked to him from time to time. Therefore, Kapo was at pains to diligently plan where and for how long to install stuff.


US Embassy collects personal data about people in Tallinn


Postimees possesses a document proving that a secret unit at US Embassy has for years been surveying people on streets of Tallinn, collecting personal data citing security, and entering those whose behaviour causes suspicion into global terror database. All this is approved by Estonian interior ministry and happens with help by police.

The rules regarding reporting suspicious behaviour are so strict that it seemingly takes trivialities to get reported. As an example of that, there is this Tallinn housewife included who often waits long for her child at the Südalinna School. Or take the old lady walking her dog in Lembitu Park. Need some more? A report has also been filed on a man who attends Alcoholics Anonymous close by.

The activity of the unit is okayed by Estonian government. Its information reaches the police, as agreed between the two countries. Automatic inquiry reaches Central Criminal Police which, as requested by the embassy, discloses personal data – such as background of the owner of a car, the person on the picture and his/her background. These data are added to the SIMAS report. Depending on the behaviour of the people concerned, entries may remain active for 5 to 20 years – or permanently. Getting entered may affect decision by USA whether or not to grant visa for entry.

Erkki Koort of the Ministry of the Interior comments:

Why and on what basis does Estonian police hand personal data of our citizens to US Embassy as soon as they apply for it?
State agencies share data with third parties strictly pursuant to law. Suspected attack against a diplomatic representation or danger towards human lives or health is reason enough, doubtless, to exchange data. The question leaves one with the impression like Estonian state agencies would submit data upon initial request. This definitely is not the case.