Anonymous Germany OpRussiaEN

20 terabytes: Anonymous Germany hijacks data from Rosneft Germany

Hacktivists gained access to the servers of Rosneft Deutschland, a subsidiary of the Russian oil company

Dieser Artikel ist auf deutsch verfügbar: 20 Terabyte: Anonymous kapert Daten von Rosneft Deutschland

During the war of aggression that Russia is waging in Ukraine, a bunch of sanctions have been introduced against Russian companies in recent weeks. Among these sanctioned companies is Rosneft.

Rosneft is a Russian state-owned petroleum company, as such it explores oil and gas deposits and operates various drilling and production facilities and refineries. Former German Chancellor Gerhard Schröder is chairman of Rosneft’s supervisory board in Russia. The head of Rosneft, Igor Ivanovich Sechin, is a Russian politician and manager. He has been a close confidant of Vladimir Putin since the 1990s. According to reports, in 2003, as deputy head of the presidential administration, he was a co-initiator in the legal prosecution and eventual breakup of Yukos, once the largest oil company.

Yukos boss Khodorkovsky was arrested in October 2003, his company was forced into bankruptcy with tax demands and finally sold off in a forced auction. The most profitable parts ended up with Rosneft. A few years later, the Russian business newspaper “Vedomosti” calculated that Rosneft had paid a price far below the real market value for the former Yukos assets. Khodorkovsky was sentenced to long prison terms in two show trials and was not released until late 2013.

Source: FAZ (German Newspaper)

Sechin then became head of Rosneft in July 2004. And as such he helps his friend Putin to push Russia’s geopolitical interests: Iraq, Venezuela, Libyan warlords … Rosneft has its fingers in it, not just for oil, but for co-determination in the countries.

Initially, the sanctions against Rosneft were only in the direction of Russia. Rosneft was no longer allowed to be supplied with modern drilling equipment and with spare parts. Oil continued to be imported.

Through its subsidiary Rosneft Deutschland GmbH, Rosneft has direct stakes in Bayernoil, PCK refinery in Brandenburg and a 24% stake in Germany’s second largest refinery MiRO in Karlsruhe.

According to its own statement, Rosneft Deutschland in Germany is the

third largest petroleum refinery company, processing roughly 12.5 million tons of crude oil per year; that’s more than 12% of the Federal Republic of Germany’s total processing capacity.

Rosneft Deutschland GmbH is both responsible for supplying refineries PCK, MiRO and Bayernoil with crude oil, as well as for the distribution of petroleum products.

Rosneft Deutschland not only supplies products such as bitumen, aviation fuel and lubricants, but also organizes the refueling of aircraft at various airports.

In February, it was still said that the refineries linked to Rosneft via Rosneft Deutschland would not feel any effects of the sanctions, amazing actually. But this week, the U.S. and the U.K. stopped importing oil.

Sanctions against Rosneft and a completely untouched subsidiary abroad – evasion of sanctions has never been easier and such participations still bring foreign currency to Russia.

And the former German Chancellor Schröder?

“Schröder gives the company international reputation, credibility, respectability. That is important for Rosneft, which is not a normal company, but initially served primarily the self-enrichment of people from Putin’s entourage,” says Russia expert Stefan Meister of the Deutschen Gesellschaft für Auswärtige Politik. Schröder’s proximity to Gazprom, but also to German industrial groups, could be important for Rosneft. Rosneft, for example, wants to enter the liquefied natural gas business with plants in the Arctic and Russia’s Far East. An important supplier of liquefied natural gas plants is the German company Linde. Ultimately, Moscow is also hoping that Schröder could be important in easing the sanctions. They fulfilled their functions “only to a limited extent,” Schröder now said.

Source: FAZ (german newspaper)

For some anons from Germany, this is exactly a reason to take a closer look at Rosneft Germany. Not because of the refineries, but because of the lobbying, the sanctions.

The anons didn’t want to mess around directly with the Russian energy companies … especially the energy sector is a hot potato, because there are some sanctioning states whose energy supply is linked to Russia. You don’t want to smash any plates or turn any pipelines on and off or anything like that. Not even by accident.

But Rosneft Germany is interesting enough. This company is mainly in distribution, buying and selling, delivering to refineries … and what else? No critical infrastructure to accidentally break. No pipelines to shut down, no nuclear reactors, even the refineries would continue to operate.

In short, Anonymous hacktivists have succeeded in gaining access to Rosneft Germany’s servers and tapping large amounts of data.

In the process, they penetrated very deeply into Rosneft Deutschland’s systems. So deep, in fact, that they easily found backups of employees’ and executives’ laptops.

In addition, they had access to all of the company’s virtual machines, UPS and more.

The plan was to completely pull all available data, which was relatively easy to realize via a simple FTP connection, which transfered data at 5.5MB/s. Nevertheless, a long dwell time in the systems was to be expected, because in total one had access to almost 25 terabytes, in addition to the backups one had access to folders with documents, one had access to the iPhones and iPads of the employees.

But unfortunately, the download was stopped in between. Not because the Anons were caught, they stayed continuously and non-stop in the systems and loaded the data. But last Friday the FTP connection, which was very stable in itself, broke down because their entire system went down in the evening, suddenly no more Internet. The entry point itself was still working, but they couldn’t get any further because the system behind it was no longer connected to the Internet.

We don’t know if someone pulled the wrong plug. According to Anons, it looked like someone had miconfigured system’s firewall. You couldn’t see any other user in the system, Internet was gone, probably Rosneft and IT itself had no access anymore.

In any case, the connection broke down. And although access to their system was still working (probably only anons still had access; one should pay more attention to service accounts of printers in Active Directory), no data could be transferred because of the missing Internet connection in the internal system. That’s a bit of bad luck, but it can’t be helped, and it stayed that way until yesterday, Thursday.

On Thursday, one of the Anons found a workaround and was able to restart the download. But then the mouse pointer moved and a window closed … so out.

But not without causing a bit of confusion – and so unimportant systems were … reworked.

iPhone remote wipes are always fun. Especially when there is a security PIN …1234 … one try, one hit.

59 Apple devices …

But other devices were also “redesigned” … internally …

As far as the backed up data is concerned, one simply has to be satisfied with the nearly 20 terabytes pulled last week. Included are complete hard disk images of employee laptops and computers, hard disk images of a mail server (34GB), many archive files (ZIP, TAR.GZ and 7Z), CSV, XLSX, DOC and of course software packages, manuals, license keys for software, and – because everything is Microsoft Windows – thousands of DLLs.

oof 🤣

We’re curious to see if we learn anything about Mr. Schröder. Now that – following the article in the New York Times – he has to be quarantined for a week to be able to meet Putin … Even Rosneft boss Sechin, it is rumored, is “quarantined for two to three weeks a month” to be able to meet Putin occasionally.

Mr. Sechin is said to quarantine for two or three weeks a month, all for the sake of occasional meetings with the president.

But surely not only Schröder is interesting – politicians are generally receptive to lobbyism.

The Anons will now take a good night’s sleep, then sift through the data – and think about what to do with it. What is already certain is that this data will not be leaked publicly. Because the effect of a public leak would be less than the profit that competitors could make from it.

So … as Anonymous Germany always does: take a quiet look and get people to objectively sift through what data is there.

By the way, the website was not affected by this, it is located on a server that could not be reached according to the information of the Anons. The website has been changed by someone else.

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist image-1.png
2022-03-11, 3:30 PM (UTC)

Nice … but not from actors known to us. The last action on the internal systems took place at noon today. Probably, Rosneft’s did it themselves, because they noticed the Anons. “Hurry, connect the domain with something else …” is the first domain on the shared server where is located.

IT security at the highest level? Rosnjet!