The Russian Security Paradox
DNS/MX RECORDS
The subdomain ksmg.sns.am confirms the NSS uses Kaspersky Security for Mail Gateway -- a Russian cybersecurity product. The United States banned Kaspersky from federal agencies in 2017 over concerns about Russian intelligence access. Armenia's national security service uses it to filter all its email.
The same NSS that:
- Deployed Predator spyware on Armenian citizens
- Uses parents of missing soldiers as informants
- Co-authored a paper on expanding surveillance capabilities
...routes its email through Russian security software. If Russian intelligence wanted access to NSS communications, the infrastructure is already in place.
The Exposed Infrastructure
SUBDOMAIN ENUMERATION
| SUBDOMAIN | WHAT IT IS | RISK |
|---|---|---|
| ksmg.sns.am | Kaspersky Security for Mail Gateway | Russian software on NSS email |
| matrix.sns.am | Matrix encrypted chat server | Internal communications platform exposed as subdomain |
| docs.sns.am | Document management system | Internal documents portal |
| sahmanapah.sns.am | Border Guard portal | Border security system |
| old.sns.am | Legacy Joomla website | Old CMS still accessible -- potential vulnerabilities |
The Documents: 20 Files in a Public Directory
RECOVERED FROM PUBLIC SERVER
The NSS left 20+ official documents in a publicly accessible uploads directory on sns.am. These files were indexed by web archives before the directory was noticed. OWL recovered them.
| TYPE | COUNT | LARGEST |
|---|---|---|
| PDF documents | 15 | 275 pages (1.9 MB) |
| Word documents (DOCX/DOC) | 5 | Various |
| Total | 20 files | 6.4 MB |
All documents are available for download:
- 275-page document (1.9 MB PDF)
- 67-page document (529 KB PDF)
- 20-page document (1.6 MB PDF)
- 20-page document (354 KB PDF)
- 13-page document (377 KB PDF)
- 13-page document (278 KB PDF)
- 11-page document (197 KB PDF)
- 10-page document (137 KB PDF)
All metadata has been stripped from documents before publication. OWL obtained these from publicly accessible web archives.
Parliament Is Even Worse
BREACH DATABASE
While investigating the NSS, OWL also discovered that parliament.am has 13 compromised computers -- 8 employee machines infected with info-stealer malware. All had weak passwords. Internal systems exposed include webmail, inventory portal, and password reset tokens.
The parliament also has dev, staging, test, and gitlab servers publicly accessible. Anyone can probe these for vulnerabilities.
| INSTITUTION | COMPROMISED | ISSUE |
|---|---|---|
| NSS (sns.am) | Open document directory, Russian mail gateway | Infrastructure exposed |
| Parliament (parliament.am) | 13 computers with info-stealers | Weak passwords, internal systems exposed |
| Foreign Ministry (mfa.am) | 22 compromised accounts | Where Rubinyan served as Deputy FM |
The Pattern: Spy on Citizens, Can't Protect Themselves
The NSS deploys Predator spyware on Armenian citizens. It infiltrates families of missing soldiers with informants. Its deputy co-authored a paper on expanding surveillance. The government pushes for AI-powered surveillance.
But the same agency:
- Routes email through Russian Kaspersky software
- Leaves official documents in public directories
- Exposes its encrypted chat server as a subdomain
- Keeps a legacy Joomla site still accessible
The institution that surveils Armenian citizens can't secure its own servers. The agency that deployed Predator routes its email through Kaspersky. The parliament that passes surveillance laws has 13 computers infected with info-stealers. They want AI surveillance tools -- but they can't even keep their documents off the public internet. They spy on you. They can't protect themselves. And now, 20 of their documents are here for everyone to read.
Sources: DNS/MX record analysis, subdomain enumeration (Subfinder, theHarvester), Wayback Machine archived content, HudsonRock breach database. All from public sources. Documents obtained from publicly accessible web archives. All metadata stripped before publication.