Find Face and Internet blocking in Azerbaijan

December 3, 2019

This is how we found the presence of a server of Find Face, the Russian face recognition software, in Azerbaijan while troubleshooting the Internet blocking of a website in the country.

During the 8th of November 2019, we noticed that traffic coming from mobile operator Bakcell in Azerbaijan was no longer arriving to the website

The domain name was blocked without a court order back in July 2018.

The blocking of the website takes place inside of Azertelecom AS196925 infrastructure.

During our tests, we performed both HTTP and HTTPS requests from NetIX internet exchange in Bulgaria where Azertelecom has a peering agreement with in Sofia.

In both cases (HTTP and HTTPS), connections to are silently dropped which active traffic injection that suggest the present of DPI equipment that sits inline with the traffic.

According to NetIX information, Azertelecom runs at least 20 Gbps peering in Sofia

Other websites like peeringDB suggest that they might peer with 40 Gbps

Find Face was found

During our research we found that Azertelecom returned in the address 109.235.192{.}18 the following encoded image:

Once base64 decoded we found the logo of “Find Face”

Find Face is a technology developed by the Russian company NtechLab that specializes in neural network tools. According to the “Army Recognition” website, Rostec is currently exporting the Ntechlab technology abroad including their Face recognition solution.

According to historical data from Censys, the service was publicly online the 28th of October 2019.

Server runs one of the latest stable versions of FindFace Security 4.0.2

FindFace global presence

We reviewed the public presence of FindFace servers and we found ten installations located in Russia, Ukraine, Serbia, Singapore and Azerbaijan.

The server in Azertelecom runs version 4.0.2, one of the most recent ones.

IPProviderGeoVersionVersion LongDate
178.128.185{.}20Digital OceanUS4.0.0jenkins-universe-ffsecurity-4.0.0-712019-08-08T16:13:21.144Z
185.173.0{.}130Moscow Major OfficeRU

195.123.10{.}28Mobicom KievUA3.2.1+2.g56ed5acjenkins-universe-ffsecurity-2.2.1-72019-07-08T16:52:11.488Z

87.237.205{.}216Mcloud SerbiaRS4.0.2jenkins-universe-ffsecurity-4.0.2-172019-09-10T12:30:08.638Z
195.201.140{.}18 HetznerDE

During the review we also found that this text in the License/EULA

NTech lab LLC registered at 121205, Moscow, Skolkovo innovative centre, Bolshoi Bulvar, b.42, str. 1, pom.377, workplace 1, when article 10.1 of this EULA applies;

N-TECH.LAB LTD. registered at Archiepiskopou Kyprianou and Zakynthou, 2, Office 1, 6016, Larnaca, Cyprus, when articles 10.2 and 10.3 of this EULA applies

Looking at the information of N-TECH.LAB LTD in Cyprus in opencorporates website shows many offices associated with the company including Vasily Brovko, who acts as executive at Rostec, a known military contracting company that owns 12.5% of the shares of the face recognition company.