Russian authorities could be obtaining video from surveillance cameras in Ukraine for years

Friday, 8 December 2023, 15:19

For years, Russia's secret services could have been receiving video from surveillance cameras across Ukraine that run on Russian TRASSIR software and sending data to a server in Moscow.

Source: an investigation by Skhemy (Schemes), a project of investigative journalism and analytics of the Ukrainian edition of Radio Liberty

Details: In the midst of the war and Russia's occupation of Ukrainian territories in 2014 and 2022, thousands of video surveillance cameras running on the Russian TRASSIR software developed by the Russian Digital Security Systems Lab (DSSL) were installed and operating in Ukraine.

They have been purchased by both Ukrainian state-owned enterprises, including for use at critical infrastructure facilities such as the Chornobyl Nuclear Power Plant, and civilian businesses, including the Velyka Kyshenia (lit. Big Pocket) retail chain and the Nova Poshta (Nova Post) logistics group. Ukrainians also purchased them in bulk for security purposes to protect their homes.

Activists with expertise in video surveillance technology told Schemes that TRASSIR-branded cameras and the same-name software installed in civilian businesses and the public sector, including critical infrastructure facilities, could send information from them to Russian servers.

Schemes launched an experiment with experts from two specialised organisations, the Computer Forensics Laboratory and the Digital Security Laboratory. The camera used in the experiment was made in China, but its software is entirely of Russian origin.

The Schemes' experiment revealed that the video from these cameras, before it reaches the consumer's phone or computer, is sent to Moscow-based servers belonging to companies with ties to the Russian Federal Security Service (FSB). At the same time, the video surveillance system can recognise faces and car number plates and detect the movement of people and vehicles.

"We observe that this camera is requesting the website subdomain of its manufacturer TRASSIR - m30.ru.cloudtrassir.com. We can see that this domain name corresponds to an IP address identified as a Russian IP address with geolocation in Moscow," says Nataliia Onyshchenko, a web security specialist at Digital Security Lab.

Several of these IP addresses were identified with the help of Schemes' specialists. A service that helps to identify them (i.e. link them to a physical address) revealed that these servers are located in Moscow.

This means that the video from the camera with TRASSIR software does not immediately reach the phone or other device to which the camera is connected but rather via Moscow servers.

The journalists identified two companies owning the servers. The first is the telecommunications company Digital Network, whose clients include, for example, Russia's largest search engine Yandex and the federal channel Zvezda. The second is VK company, which, among other things, owns the Russian social network Odnoklassniki and the email service Mail.ru, both banned in Ukraine.

Both companies owning the servers where the video was uploaded as part of the Schemes experiment are closely linked to the activities of the FSB and the Russian Interior Ministry.

In particular, Digital Network provided Internet connection services to one of the Russian military units from 2015 to 2017. This military unit, No. 43753 of the Russian Federal Security Service, is better known in Russia as the Centre for Information Protection and Special Communications of the Russian FSB. This department monitors and conducts state examinations of various software in Russia and decrypts information received by the FSB.

A TRASSIR video surveillance system had been installed at the Chornobyl Nuclear Power Plant, which Russia temporarily seized on the first day of the full-scale invasion, 24 February 2022, since at least 2011. The plant carried on receiving Russian TRASSIR software in April 2016, even after Russia annexed Crimea.

In response to a request from Skhemy, the Ukrainian state-owned company initially claimed that TRASSIR "was not purchased, installed or operated" but later admitted that the Russian software was there, but "TRASSIR servers and software are used in a closed hierarchical local network without access to the Internet". The TRASSIR software was finally removed in 2023, Chornobyl NPP management said.

The Safe City programme in the city of Poltava (Ukraine) also employs TRASSIR software, and the Poltava City Council is looking for funds to upgrade the video surveillance system to one without Russian software.

In Poltava, the Bezpechne Misto (Safe City) programme also uses TRASSIR software; the Poltava City Council is looking for money to update the video surveillance system without Russian software. 

TRASSIR, as a brand, was created by Russian DSSL, a company founded 20 years ago by Russian businessman Igor Oleynik. According to Importgenius, since 2016, a number of companies have imported more than 10,000 cameras and video recorders with this Russian software into Ukraine. The last deliveries took place in February 2022. 

Among those who used Russian software after 2014, in addition to the Chornobyl Nuclear Power Plant and the Poltava City Council, Schemes also noticed the Administration of Sea Ports of Ukraine, Kharkiv, Kherson and Nikopol city councils, the Maritime Search and Rescue Service in Odesa, Dniprostandartmetrolohiia and other state structures and law enforcement agencies. 

According to tenders found by journalists on Prozorro, they ordered maintenance services, including TRASSIR software. 

Private businesses also purchased Russian software and cameras after 2014, including Kernel, Interpipe, P&G, Velyka Kyshenia, Nova Poshta, 1+1 TV channel, KAN Development, Ukrbud, Allo, Citrus, Eldorado and IMAX. 

The Eldorado company did not deny that they used TRASSIR video surveillance systems but reported that they are currently absent on the premises. The Citrus reported that after a short "test drive", they decided not to use TRASSIR. 

Nova Poshta confirmed that they used video recorders with TRASSIR software until 2019, but "the video recorders were not connected to an external Internet network" and "functioned exclusively within a closed corporate network." The company reported that some locations still have old Trassir video recorders, which have not been maintained or repaired since 2019. 

Larysa Osadcha, the director of one of the key sellers of Russian equipment and software in Ukraine, TRASSIR EU, told journalists that they have not worked with the Russian company DSSL since April 2023. 

Olena Semeniuk, the company's accountant, also assured that the TRASSIR brand is registered in Ukraine and that the software belonged to Ukrainian citizen Oleh Kiiashko. He was the founder of TRASSIR EU and co-owner of the Russian company-seller of video surveillance systems TRASSIR.

Schemes have documents confirming that Oleh Kiiashko has Russian citizenship, and in 2021 he updated his passport and data as an individual entrepreneur in Moscow, as evidenced by an entry from the register of legal entities of the Russian Federation. 

The State Service of Special Communications and Information Protection of Ukraine reported that they had conducted an examination of TRASSIR equipment and software in 2019 but did not share the conclusion. In May 2022, the department warned the security and defence authorities that the company "TRASSIR/DSSL" cooperates with federal ministries and services of the security sector of the Russian Federation. 

The Security Service of Ukraine said that they could not disclose the details of their counterintelligence activities. However, after the intervention of the special services in 2020, the tender for the purchase of video cameras with TRASSIR software was cancelled in Lviv Oblast. 

According to Schemes, Russian software in Ukraine began to be abandoned mainly in 2022, with the large-scale Russian aggression.

Support UP or become our patron!