Home > Technology >

The head of the Russian department responsible for identifying threats to the “stability, security and integrity” of the internet, has revealed the extent of the Kremlin’s VPN crackdown. Former FSO officer Sergei Khutortsev, a central figure in Russia’s ‘sovereign internet’ project, confirmed that 167 VPN services are now blocked along with over 200 email services. Russia is also reported as stepping up measures against protocols such as OpenVPN, IKEv2 and WireGuard.

Late March 2023, Russia augmented its long-burning VPN crackdown with a series of PSAs claiming that using a VPN for security is actually much worse than not using a VPN at all.

One of the ads warned that VPNs somehow obtain users’ passport details, plus their names, addresses, and dates of birth. Another suggested that since VPNs in Russia know everything about their users, spouses might learn about secret affairs, a high price for accessing a social network blocked in Russia, the PSA added.

Just a few months later, those fairly light-hearted ads can be seen in a whole new light.

During the summer, President Putin signed off on legal amendments that will require some internet platforms, including social networks, to verify new users’ identities, in some cases using their passports. Providing advice on the use of VPNs or similar tools to access banned internet resources, including ‘extremist’ Western social media platforms like Facebook and Instagram, was rendered a criminal offense.

Russia Tightens the Screws on VPNs

Russia’s ongoing VPN crackdown appears to be going in one direction; the end of any VPN service that refuses to play ball, consequences for those who dare to discuss them, and potentially anyone who knowingly uses them. The latter may take some time to emerge but in the meantime, Russia is attempting to remove as many as possible from the market.

According to Interfax, during a presentation to the ‘Spectrum-2023’ forum in Sochi last week, the head of the ‘Center for Monitoring and Control of the Public Communications Network’ (TsMU SSOP) revealed the extent of the Kremlin’s VPN crackdown.

Sergei Khutortsev, a former FSO officer and now a central figure in Russia’s ‘sovereign internet’ project, confirmed that 167 VPN services are now actively blocked after failing to comply with government requirements. Also subject to blocking are more than 200 email services.

Formed in 2019, TsMU SSOP is the department responsible for identifying threats to the “stability, security, and integrity” of the internet as it relates to Russia. TsMU SSOP controls compliance on routing to “minimize the transfer of data from Russian users abroad” while ensuring centralized traffic management in the event of a threat.

TsMU SSOP also plays a key role in internet blocking and censorship; it has the authority “to use technical means on communication networks” to determine the source of transmitted traffic, and then “limit access to resources carrying prohibited information” by blocking IP addresses and, more broadly, specific types of internet traffic.

VPN Blocking By IP Address and Protocol

In addition to driving out non-compliant VPN providers and using regular means to block domains and IP addresses, Russia has been developing its ability to block specific traffic protocols. For years there have been reports of sporadic interference but starting April 2023, reports began to emerge of popular VPN protocols OpenVPN and WireGuard being blocked by some ISPs.

After the interference suddenly stopped, the same protocols were blocked again in June and then again in late August. After a hiatus of a few weeks, protocol blocking resumed with force late last month.

An in-depth report published by TheIns.ru has details of the monitoring/blocking system reportedly deployed in Russia, how much it costs (4.3 billion rubles/$43 million in 2020, 24.7 billion rubles/$247 million for 2022-2024), and the names of the companies supplying the components.

• EcoFilter (a trademark owned by RDP.Ru, a subsidiary of Rostelecom) – DPI equipment. The complex includes the EcoDPIOS-DU software package developed in-house by the company and Yadro’s Vegman N110 servers. The hardware is produced by Yadro, a Skolkovo company that became part of Cherepennikov’s “IKS Holding” shortly before the adoption of the law on the “sovereign internet.”

• FusionServer 1288H servers manufactured by Huawei.

• Cross-connect equipment to connect to various telecommunication operators’ networks. A crucial part of it includes bypasses produced by Israeli company Silicom Ltd, which it directly supplies to DTsOA. Switches are supplied by the Novosibirsk-based company Elteks.

• Kontinent – remote management equipment, manufactured by a Russian company “Kod Bezopasnosti”. It utilizes software developed by “Positive Technologies”, a sanctioned Russian company.

The publication also obtained original documents that apparently show some of the protocols Russia initially intended to block. They include older VPN protocols IPSec, L2TP, and PPTP, plus the BitTorrent protocol still widely used today.

Leaked document

The full report on the system, which reveals the use of Intel chips/chipsets in 965 servers manufactured by Huawei and already purchased by Russia, plus another 2400+ servers for 2023/24, is available here.