From Wikipedia, the free encyclopedia
Jump to: navigation, search

SORM (Russian: Система Оперативно-Розыскных Мероприятий, literally "System for Operative Investigative Activities") is a technical system for search and surveillance in the internet. A Russian law passed in 1995 allows the FSB to monitor telephone and internet communications.


SORM-1 system has been established in 1996 to monitor telephone communications.


In July 1998 the system was replaced by SORM‑2 to allow monitoring of the internet, in addition to telephone communications. According to some reports, under SORM‑2 Russian Internet service providers (ISPs) must install a special device on their servers to allow the FSB to track all credit card transactions, e-mail messages and web use. The device, which has been estimated to cost $10,000-$30,000, must be installed at the ISP's expense. Other reports note that some ISPs have had to install direct communications lines to the FSB and that costs for implementing the required changes were in excess of $100,000.

On July 25, 2000, Russia's Minister of Information Technology and Communications Leonid Reiman issued the order No 130 "Concerning the introduction of technical means ensuring investigative activity (SORM) in phone, mobile and wireless communication and radio paging networks" stating that the FSB was no longer required to provide telecommunications and Internet companies documentation on targets of interest prior to accessing information.[1]

In 2014 SORM-2 usage was extended to monitoring of social networks, chats and forums, requiring their operators to install SORM probes in their networks.[2]


Decision of Ministry of Telecommunications from 16 April 2014 introduces requirements for new wiretapping system SORM-3. Telecommunications operators were required to install compliant probes by 31 March 2015.[3]

According to regulations of Russian Ministry of Communications[4] SORM-3 equipment must support following selectors:

  1. single IPv4 or IPv6 address
  2. IPv4 or IPv6 networks identified with address mask
  3. user id within telecom operator's system, supporting "*" and "?" as globing symbols
  4. e-mail address, if targeted user connects via POP3, SMTP or IMAP4, connections protected with crypto are specifically excluded
  5. e-mail address, if targeted user connects to a webmail system from a predefined list of services:;;;;;;;, again, connections protected with crypto are specifically excluded
  6. user's phone number
  7. IMSI
  8. IMEI
  9. MAC address of user's equipment
  10. ICQ UIN

Network architecture for SORM deployment[edit]

In most cases SORM is deployed using port mirroring. Due to the higher bandwidth usage within providers' networks (comparing to external connectivity) many providers deploy SORM only at uplinks. In some cases trying to reduce their costs smaller providers would not implement SORM in their networks but instead would buy SORM-as-a-service from their upstream provider, which then deploys SORM installation on a specific downlink.

Such deployment limits the amount of traffic seen by SORM, i.e. the internal traffic may not be captured by the equipment.

Access by seven additional government agencies[edit]

On January 5, 2000, during his first week in office, president Vladimir Putin amended the law to allow seven other federal security agencies access to intelligence gathered via SORM. The newly endowed agencies included:[5][6]

Notification ruling[edit]

Acquisition of communications by entitled security services in general requires court warrant, but at the same time they are allowed to start wiretapping before obtaining such warrant. The warrant is also only required for communications content, but not metadata (communicating parties, time etc.), which may be obtained without the warrant.[7]

In late 2000, a Russian Supreme Court ruled that the FSB was required to inform ISPs when its agents were using the system. The case was started by a complaint filed by a 26-year-old St. Petersburg journalist who was "fed up waiting for civil rights groups and ISPs to protest".[citation needed]

2014 Winter Olympics[edit]

The FSB made secret arrangements for significant upgrades to SORM equipment in Sochi prior to the 2014 Winter Olympics. The Russian Ministry of Communications also introduced new regulations for ISPs regarding SORM in March 2013. All communication and Internet traffic by Sochi residents is now captured and filtered through deep packet inspection systems at all mobile networks. Roskomnadzor, a federal executive body responsible for media control, reported that several local ISPs were fined by the government after they failed to install FSB-recommended SORM devices.[8]

See also[edit]


External links[edit]


Official Instructions[edit]