December 3, 2019
This is how we found the presence of a server of Find Face, the Russian face recognition software, in Azerbaijan while troubleshooting the Internet blocking of a website in the country.
During the 8th of November 2019, we noticed that traffic coming from mobile operator Bakcell in Azerbaijan was no longer arriving to the website gununsesi.org
The domain name gununsesi.info was blocked without a court order back in July 2018.
The blocking of the website takes place inside of Azertelecom AS196925 infrastructure.
During our tests, we performed both HTTP and HTTPS requests from NetIX internet exchange in Bulgaria where Azertelecom has a peering agreement with telepoint.bg in Sofia.
In both cases (HTTP and HTTPS), connections to gununsesi.org are silently dropped which active traffic injection that suggest the present of DPI equipment that sits inline with the traffic.
According to NetIX information, Azertelecom runs at least 20 Gbps peering in Sofia
Other websites like peeringDB suggest that they might peer with 40 Gbps
Find Face was found
During our research we found that Azertelecom returned in the address 109.235.192{.}18 the following encoded image:
Once base64 decoded we found the logo of “Find Face”
Find Face is a technology developed by the Russian company NtechLab that specializes in neural network tools. According to the “Army Recognition” website, Rostec is currently exporting the Ntechlab technology abroad including their Face recognition solution.
According to historical data from Censys, the service was publicly online the 28th of October 2019.
Server runs one of the latest stable versions of FindFace Security 4.0.2
FindFace global presence
We reviewed the public presence of FindFace servers and we found ten installations located in Russia, Ukraine, Serbia, Singapore and Azerbaijan.
The server in Azertelecom runs version 4.0.2, one of the most recent ones.
| IP | Provider | Geo | Version | Version Long | Date |
| 109.235.192{.}18 | Azertelecom | AZ | 4.0.2 | jenkins-universe-ffsecurity-4.0.2-17 | 2019-09-10T12:30:08.638Z |
| 178.128.185{.}20 | Digital Ocean | US | 4.0.0 | jenkins-universe-ffsecurity-4.0.0-71 | 2019-08-08T16:13:21.144Z |
| 185.173.0{.}130 | Moscow Major Office | RU | |||
| 195.123.10{.}28 | Mobicom Kiev | UA | 3.2.1+2.g56ed5ac | jenkins-universe-ffsecurity-2.2.1-7 | 2019-07-08T16:52:11.488Z |
| 212.75.210{.}222 | Elight | RU | 0.9 | ||
| 223.25.64{.}73 | Myrepublic | SG | 3.2.1+2.g56ed5ac | jenkins-universe-ffsecurity-2.2.1-7 | 2019-07-08T16:52:11.488Z |
| 78.37.70{.}221 | Rostelecom | RU | 3.1.1 | jenkins-universe-ffsecurity-2.1.1-6 | 2019-05-30T10:13:53.977Z |
| 87.237.205{.}216 | Mcloud Serbia | RS | 4.0.2 | jenkins-universe-ffsecurity-4.0.2-17 | 2019-09-10T12:30:08.638Z |
| 89.232.68{.}166 | Tattelecom | RU | 4.0.1+2.g5a380bc | jenkins-universe-ffsecurity-4.0.1-23 | 2019-08-21T15:52:57.445Z |
| 195.201.140{.}18 | Hetzner | DE |
During the review we also found that this text in the License/EULA
NTech lab LLC registered at 121205, Moscow, Skolkovo innovative centre, Bolshoi Bulvar, b.42, str. 1, pom.377, workplace 1, when article 10.1 of this EULA applies;
N-TECH.LAB LTD. registered at Archiepiskopou Kyprianou and Zakynthou, 2, Office 1, 6016, Larnaca, Cyprus, when articles 10.2 and 10.3 of this EULA applies
Looking at the information of N-TECH.LAB LTD in Cyprus in opencorporates website shows many offices associated with the company including Vasily Brovko, who acts as executive at Rostec, a known military contracting company that owns 12.5% of the shares of the face recognition company.
