2024/03/29 15:19:37

Data leaks in the public sector of countries of the world

Public authorities are one of the main targets of fraudsters specializing in data theft.

Content

Data leaks in the Russian public sector
2024
- The State Region in India has been pouring personal data and documents of citizens into the Internet for years
- German military talks to supply missiles to Ukraine leak due to Webex misconfiguration
2023
2022
2021: Hackers hacked the register of individuals in Argentina and put up for sale data of the entire population of the country
2020
- Data Base of all US voters went on sale
- Personal data 74% of the population of Israel were in the public domain
2019
2018
2017
2016: InfoWatch visualized Hillary Clinton correspondence archive
2015
2010
- Grand leaks of classified US data
- Leak of 7.4 million documents of the State Revenue Service of Latvia
See also
Notes

Main article: Data breaches

Data leaks in the Russian public sector

Main article: Data leaks in the Russian public sector

2024

The State Region in India has been pouring personal data and documents of citizens into the Internet for years

In early April 2024, it became known that the cloud of the Indian government had been leaking personal data of citizens to the Internet for years. The problem is exacerbated by the fact that search engines indexed this information. Thus, anyone can search for information about certain persons using the usual requests. Read more here.

German military talks to supply missiles to Ukraine leak due to Webex misconfiguration

German Defense Minister Boris Pistorius on March 5 published the preliminary results of an investigation into the incident with the recording of secret negotiations between German officers on the supply of Taurus missiles to Ukraine, published by the Russia Today TV channel. According to him, communication systems were not hacked, but the security configuration of the negotiation application allowed an authorized user to connect through open channels.

At the very beginning of March, Margarita Simonyan, editor-in-chief of RT, published a recording on her telegram channel^[1] and decoding the negotiations by high-ranking officers of the Bundeswehr of a possible attack on the Crimean bridge using Taurus long-range missiles. According to her, the discussion itself through the WebEx service took place on February 19, in which the head of the operations and exercises department of the Bundeswehr Air Force command Frank Grefe, BBC Bundeswehr inspector Ingo Gerhartz and employees of the air operations center of the Bundeswehr space command took part.

A recording of the negotiations of the officers of the Bundeswehr, published in the Telegram channel of Margarita Simonyan

The conversation was recorded because there was an individual case of improper use of the equipment, - explained Boris Pistorius. - Not all participants in the conversation connected via a secure connection. The data leak was led by the fact that one of the participants did not connect through a closed communication channel. The Russian spy did not connect to the conference, which was held through the Webex app.

According to preliminary data, the leak occurred due to an authorized user from Singapore, who managed to connect to a secure conference without complying with all encryption requirements, that is, through open channels. The researchers found no signs of hacking the Webex service itself and the secure communications system they use. Still, German politicians and intelligence officials believe the Russian intelligence services may have more intercepted conversations from the German leadership.

However, according to Alexei Lukatsky, a business consultant for information security Positive Technologies, "the disclosure of such facts may mean that the source is no longer available or of no interest, since as part of the investigation, the Germans will definitely strengthen security measures." Actually, the official version with an accidental error in the settings of the communication program should also approve the same fact - leaks should stop.

If you understand the problem of correct security settings, you can come to the conclusion that a high-quality service should work so that connections even from authorized users, but without the protection measures they have taken, should not be preserved in secret negotiations. It is on this principle that the Zero Trust methodology works, which in some cases can interfere with negotiations, especially international ones, and therefore it is always tempting to reduce its level of protection.

2023

In the United States, a Ukrainian was sentenced to 8 years in prison for creating an online platform that sold data from millions of Americans

On November 28, 2023, the US Department of Justice announced that District Judge Kathryn Kimball Mizelle sentenced Ukrainian citizen Vitaly Chichasov to eight years in prison for creating and managing an online platform that sold data from millions of Americans. Personal information such as names, dates of birth and social security numbers were distributed through the SSNDOB Marketplace. Read more here.

Personal data of American servicemen are sold for a penny

On the Internet, you can easily find personal data of American military personnel, and in some cases such records are sold literally for a penny - a few cents each. This is stated in a study by Duke University, the results of which were published in early November 2023.

Experts studied the availability on the network of various confidential data about US military personnel: these are names, home addresses, emails and information about specific units of the army. The researchers analyzed hundreds of different web platforms: they studied the so-called data brokers - companies selling sets of personal information. They collect data from various sources, compile a detailed picture of a person, and then offer such "dossiers" to third-party buyers.

Personal data of the US military is sold on the Internet

It turned out that the personal data of the American military are sold almost openly. The researchers found only minimal identity verification protocols when buying potentially confidential information on the Internet. In particular, the authors of the report managed to acquire medical records of military personnel, data on their financial transactions, religious views, etc. Plus, you can get information about the location of the military. The cost of records in some cases is only $0.12.

The authors of the report say that the United States lacks a federal law governing data brokers. It is emphasized that the availability of personal information about military personnel can pose a threat to national security. So, for example, in 2021, data on the military who were serving at that time were sold on the Internet. Personal information can come from a variety of sources, from phone apps and smart home devices to payment transactions and public records.^[2]

Hackers have learned to steal data from secure USB drives in state systems

On October 17, 2023, Kaspersky Lab announced the identification of a new cybercriminal campaign called TetrisPhantom, aimed at stealing data from secure USB drives in state systems. The investigation suggests that the malicious operation is targeted. Read more here.

The negligence of a Microsoft employee led to the hacking of the mail of the US Secretary of Commerce and 25 government agencies around the world

On September 6, 2023, Microsoft released the results of a cyber incident investigation, as a result of which hackers were able to hack into the email of the US Secretary of Commerce and 25 government agencies around the world. Read more here.

Hackers hacked into the mail of the American ambassador in Beijing and gained access to hundreds of thousands of letters from US officials

On July 20, 2023, it became known that hackers associated with the Chinese authorities hacked the email of the American ambassador to Beijing, Nicholas Burns. The attackers managed to gain access to thousands of letters from US officials. Read more here.

Millions of US Army emails sent to Africa by mistake for 10 years

In mid-July 2023, it became known that millions of emails for the US military for about 10 years were mistakenly sent to Africa.

According to the Financial Times, the problem is related to a typo in the domain suffix. Because of this, a huge amount of e-mail intended for the US military has reached Mali, a West African country. The fact is that the suffix for US Army mail is spelled.mil. And the Malian domain uses the.ml identifier. The similarity of these suffixes leads to incorrect writing of email addresses.

Dutch Internet entrepreneur Johannes Zurbier, whose company has been servicing Mali's national domain zone since 2013, spoke about the problem. In just a few months of 2023, he collected tens of thousands of letters that were intended for the American military. None were marked classified, but they included medical details, maps of U.S. military installations, financial records and travel planning documents, and certain diplomatic information. Some of the emails with incorrect addresses were sent by military personnel, travel agents working with the US military, US intelligence, private contractors and others.

On July 17, 2023, control of the.ml domain passed from Zurbier to the government of Mali. Thus, the authorities of this West African country will be able to access erroneously sent correspondence. The US Department of Defense said it was "aware of this issue and takes all unauthorized disclosures seriously." U.S. military communications marked "secret" and "top secret" are transmitted through separate IT systems, making their accidental disclosure unlikely, officials said.^[3]

Hacked the largest state university in Belarus. 3 TB of data stolen, files from servers destroyed

In early July 2023, it became known that the information infrastructure of the Belarusian State University (BSU) was subjected to a powerful cyber attack. As a result of the invasion, the computer systems of the university were turned off, and attackers stole a large amount of information from the servers. Read more here.

Hackers posted data from police and customs in Switzerland

In June 2023, the attackers published data from the Federal Police Department and the Federal Directorate of Customs and Border Security on the darknet. Hackers took advantage of a vulnerability on the servers of the IT company Xplain, which placed them. Read more here.

Health information sharing platform hole leaks data from members and staff of US Congress

The FBI is investigating a massive data breach affecting members of the US Congress and other employees. As it became known on March 9, 2023, the victims of the attack were, among other things, deputies of the House of Representatives - hundreds of people.

According to the results of the investigation, the leak occurred on the side of DC Health Link - a platform for the exchange of medical information. This company has already confirmed the invasion, saying that a total of 56,415 customers (including members of the US Congress) were affected. The attackers had at their disposal such information as social security numbers, date of birth, gender, health insurance plan, information about the employer, citizenship status, etc. DC Health Link said in a statement that the company had notified affected customers. An investigation into the incident is ongoing.

United States Congress Building

Catherine Szpindor, the chief administrative officer of the House of Representatives, said that members of Congress have already been warned about the hack. It is said that information about accounts and other personal information has been stolen. Therefore, victims are advised to block loans from their families in all credit bureaus.

DC Health Link experienced a serious data breach, which could potentially lead to the disclosure of personal identification information of thousands of registered users. It does not seem that deputies or the House of Representatives are a specific target of the attack, "Spindor emphasized.

At the same time, according to Bleeping Computer, an attacker hiding under the nickname IntelBroker put up for sale on one of the hacker forums a database stolen from DC Health Link servers. Moreover, it says that it contains information about approximately 170 thousand customers of this company. The cybercriminal claims that the base has already been sold to at least one buyer.^[4]^[5]

US Tax Computer Systems Hacked With Porn

In January 2023, it became known that hackers from the Killlnet and Infinity Hackers BY groups managed to get personal data of 198 million Americans. The computer systems of the Internal Revenue Service hacked thanks to the addiction of one of his employees to pornography. Read more here.

2022

Data of 40 million Britons hit the Internet. China blamed for cyber attack

On March 25, 2024, the National Center cyber security Britain accused Chinese hackers of a number of cyber attacks. It is alleged that attackers associated with PEOPLE'S REPUBLIC OF CHINA the abduction personal data of approximately 40 million British voters.

It is reported that a certain hacker group associated with the Chinese government was behind the cyber attack on the British Election Commission in 2021-2022. Hackers, in particular, gained access to the names and addresses of all British residents registered to vote between 2014 and 2022. In addition, presumably it was cybercriminals from the PRC who attempted to hack the email of a number of British lawmakers.

Unsplash

Britain's National Cyber Security Center accuses Chinese hackers of a number of cyber attacks

I can confirm that Chinese state structures are responsible for two malicious cyber campaigns against our democratic institutions and parliamentarians, "said British Deputy Prime Minister Oliver Dowden.

At the same time, the representative of the Chinese Embassy in Britain categorically rejects such accusations. According to him, the allegations that the PRC is behind these cyber attacks are "completely fabricated."

We are categorically against such accusations. China has always fought hard against all forms of cyber attacks in accordance with the law, "said a representative of the Chinese Embassy.

According to the National Cybersecurity Center of Britain, hackers of the APT31 group, which is associated with Chinese government agencies, may be related to at least one of the cyberattacks. These attackers attack organizations in various industries, including the government, financial and defense sectors, telecommunications, IT, media, etc. Some experts believe that APT31 conducted attacks on Microsoft Exchange in Britain and the United States.^[6]

Secret biometric data of the US military sells on eBay for $200

On December 27, 2022, it became known that devices containing secret biometric data of thousands of people, including the US military, were offered on eBay for a small price. Read more here.

Hacking the FBI network and stealing data

On December 13, 2022, it became known that cybercriminals gained access to the InfraGard system controlled by the Federal Bureau of Investigation (FBI) and stole information about tens of thousands of users. This data is put up for sale on one of the hacker forums. Read more here.

Theft of 76 GB of confidential documents from the California Finance Department

On December 13, 2022, it became known that cybercriminals carried out a successful attack on the finance department: California approximately 76 GB of confidential information was stolen as a result of the hack. Now the attackers are demanding a ransom, promising in case of refusal to release the stolen documents in. Internet Read more. here

Data of thousands of Ukrainian intelligence officers got into open access

In early July 2022, the hacker group RaHDit made public the personal data of thousands of employees of the Main Intelligence Directorate (GUR) of the Ministry of Defense of Ukraine, RIA Novosti reports. Their authenticity was confirmed to the agency by an agency source in one of the Russian special services. According to him, the materials "are not in doubt." Read more here.

2021: Hackers hacked the register of individuals in Argentina and put up for sale data of the entire population of the country

In mid-October 2021, information appeared that the Argentine government database containing identification card data of all citizens of the country was stolen by a hacker, and now all the stolen data can be purchased on the Internet. We are talking about the National Register of Individuals of Argentina (Registro Nacional de las Personas, RENAPER). Read more here.

2020

Data Base of all US voters went on sale

On October 22, 2020, it became known that a Darknet database of all voters was published for sale. USA Hackers stealing confidential data of Americans were discovered by company specialists information security. Trustwave

Much of the data identified by Trustwave is publicly available, sensitive information about Americans regularly purchased and sold by legitimate businesses.

Data Base of all US voters went on sale on the dark web

A huge amount of data on U.S. citizens is available to cybercriminals and foreign adversaries, "said Ziv Mador, vice president of security research at Trustwave. Once in the wrong hands, this voter and consumer data can easily be used for geotargeted social media disinformation campaigns, email phishing, and text and phone fraud cases before, during, and after elections, especially if the results are disputed.

According to Mador, the data discovered on the darknet, published by a certain hacker under the nickname Greenmoon2019, is a mixture of materials stolen from various company hacks in recent years and publicly available data obtained from government websites. In most states, for example, voter registration information is publicly available.

The Trustwave team managed to gather some information about Greenmoon2019. It is known that the data seller used a Bitcoin wallet to accept payments. After analyzing the transactions, Trustwave was able to track the transfers of funds received by hackers to a larger wallet created in May 2020. It received about $100 million, but researchers believe that not all funds were received for the sale of data.

Trustwave reported that it had transmitted the collected information to the FBI, which in turn noted:

We are committed to identifying and investigating fraud during elections. We want to assure the American people that the FBI is working closely with federal, state and local partners to protect voting processes.^[7]

Personal data 74% of the population of Israel were in the public domain

In February 2020, it became known that 74% of the Israeli population appeared in the public domain. The leak came as an election app developed by Israeli Prime Minister Benjamin Netanyahu's Likud party was incorrectly set up.

The fact that the database containing the names, addresses, series and numbers of identity documents, phone numbers, home addresses, age, gender, as well as political views of about 6.5 million voters was first reported by Israeli developer Ran Bar-Zik. Then the existence of such a base was confirmed by local publications Haaretz, Calcalist and Ynet.

A mobile application designed for supporters of the Likud party of Israeli Prime Minister Benjamin Netanyahu mistakenly opened access to the personal data of 6.5 million voters

The vulnerability in the software allowed anyone to easily download the full register of voters. To do this, you need to make a right click on the home page of the Elector application and select "view source" from the menu . The Web page code that is then displayed contains the names and passwords of the system administrators. Using them , you can go through identification and access the voter register, which includes the data of influential persons in Israel.

The leak was made possible due to the fact that the API, intended only for application administrators, was open to requests from outside. Passwords from administrator accounts were stored unencrypted on the application site itself, Bar-Zeke noted.

By February 10, 2020, the application site was disabled, and copies of it were removed from the search engines cache. The creators of the application called the incident "an isolated case," the consequences of which were "immediately sorted out."

As noted by ZDNet, it is unclear whether someone used the Israeli population database that got into the network. If attackers gain access to this information, then they can use it for phishing and other cyber attacks.^[8]

2019

Data leaked to majority of Ecuadorean residents

In mid-September 2019, it became known about the data leak of almost all residents of Ecuador. It was due to the local company Novaestrat, which incorrectly configured the Elasticsearch base. Read more here.

Collapse: Britain sees giant leak of millions of people's biometric data

In mid-August 2019, researchers at information security company VPNMentor discovered the leak of more than a million fingerprints and other sensitive data. Employees of the firm claim to have accessed biometric data from the Biostar 2 software. Read more here.

Data from thousands of Los Angeles police officers stolen

In late July 2019, a Los Angeles police human resources department was subjected to a cyber attack that stole the personal data of several thousand police officers. No one knew about the data leak until the hacker contacted law enforcement agencies directly. Read more here.

Information security specialist accused of stealing personal and financial data of 5 million citizens arrested in Bulgaria

In Bulgaria, an information security specialist was arrested, who was accused of stealing personal data and financial data of 5 million citizens from the National Tax Agency (NRA). This was reported on July 25, 2019 in Panda Security. According to the company, this incident was the largest data breach in Bulgaria with a population of about 7 million people. Read more here.

Information about the accounts of clients of the State Bank of India was in the public domain

On January 31, 2019, it became known that state a bank India in State Bank of India (SBI) took measures to ensure safety an unprotected one servers that allowed anyone to access the financial information of millions of customers. SBI More. here

2018

Government agencies accounted for 13.9% of the total number of registered leaks in the world

On January 20, 2020, InfoWatch presented the results of an annual study of confidential data leaks in the public sector (central authorities, law enforcement agencies, state-owned companies). In 2018, government agencies accounted for 13.9% of the total number of registered leaks in the world and 23.3% in Russia. The main explanation for the high share of the public sector in Russian leaks is its dominant position in the economy. At the same time, 2/3 of the leaks in the segment are intentional, and almost a third (33.3%) of the leaks in the global public sector are accounted for by information of the "state secret" category.

As the results of the study showed, 3/4 of the leaks from Russian government agencies occurred due to the fault of ordinary employees. At the same time, in the world, most of the leaks from the public sector (48.5%) occurred via the Internet, in Russia almost the same number (47.7%) "leaked" as a result of theft or loss of paper media. However, the Russian public sector more often than the world sector suffers from deliberate leaks by e-mail (66.6% versus 58.3% of the total number of leaks by e-mail).

The public sector of any country has large amounts of information belonging to the "state secret" category (military, intelligence secrets, information about economic policy, foreign policy activities), as well as personal data of citizens. At the same time, states are the largest aggregators of personal information about residents. Government organizations can maintain data registers of enormous scale, where information about each citizen is distributed over a wide range of parameters. In the digital age, such systems are a real treasure trove of vulnerable information. The set of personal data of any citizen can be used to obtain various services and converted into "real money," so information from state registers is becoming an increasingly tidbit for hackers and internal intruders. Therefore, government organizations should support multi-stage information protection mechanisms based on big data analysis and prognostic models. First of all, this concerns protection against intentional violations due to the fault of employees.

told Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies

The ratio of intentional and unintentional leaks in the global distribution and the Russian context turned out to be almost the same and amounted to two-thirds of the total (66, 8% - the world; 66% - Russia). The number of accidental and deliberate leaks around the world was distributed "fifty by fifty." Whereas in Russia, employees and heads of state-owned companies, for the most part, deliberately steal confidential data (63.3%). The increased share of such leaks in the country, according to InfoWatch analysts, is associated not only with the insufficient development of information protection tools (primarily in terms of personal data), but also with the consumer attitude of individual employees of state organizations towards personal information of citizens. Hence, for example, the increasing incidence of "draining" of databases and fraud using personal information.

Among the types of leaked information in Russia, the share of personal data was significantly higher than in the global distribution (71.2% versus 56.5%). At the same time, the share of leaks of state and military secrets in the world is almost 1.5 times higher. This ratio is explained by the fact that in Russia the protection of information of the "gosteina" category has historically been given special attention, and the topic of personal data security has become relevant quite recently.

Given the fact that the Russian public sector operates with huge amounts of personal data of citizens and, at the same time, is forced to protect a large number of critical information infrastructure facilities (ACS TEK, nuclear power plants, transport and industry, telecommunication networks), government agencies should actively interact and adhere to an integrated approach when organizing and operating confidential information protection systems (centralized information security programs, interstate consultations in the field of cybersecurity, the formation of statistics on funds invested in information security, etc.).

Tax data of half of Brazil's population was in the public domain due to an error in Apache

In December 2018, it became known about a large-scale leak of these residents. Brazil Due to an error Apache in the public domain, taxpayer identification numbers (Cadastro de Pessoas Físicas, CPF) belonging to 120 million people or 57% of the country's population turned out to be in the public domain.

CPF is a kind of analogue of TIN in Russia. Using this identifier, Brazilians and tax-paying residents can open accounts and take loans from banks, create their own companies, etc. Credit history and information about a person's labor activity is tied to CPF.

Due to an error in Apache, taxpayer identification numbers belonging to 120 million people or 57% of the country's population were in the public domain

According to InfoArmor, a company specializing in information security research, due to the incorrect configuration of the Apache web server, discovered in March 2018, anyone could access large archives of data stored on it.

Someone renamed the file "index.html" to ", index.html_bkp" thereby revealing the contents of the directory and giving unlimited access to everyone who knows the file name. The directory contained archives ranging in size from 27 MB to 82 GB. They stored personal data of Brazilians, including CPF, phones, addresses, information about loans, data on military service, etc.

Leakage could be prevented if you do not rename the main file "index.html" or prevent the configuration of the.htaccess file. However, none of these basic cybersecurity measures have been implemented.

The flaw was fixed in April 2018. Who owned the Apache web server that was so mediocre configured is unknown.

According to experts, this oversight can lead to serious consequences - distortion of information - both for the country as a whole and for citizens separately. For example, attackers can expose Brazil as the initiator of cyber attacks on various countries, and stolen population data can be sold and used for fraudulent purposes.^[9]

Increase in the number of leaks from municipal organizations by 30%

On February 18, 2019, InfoWatch reported that in 2018, local authorities and related municipal organizations around the world suffered 30% more leaks of confidential information than a year earlier. The share of intentional incidents for the year increased from 42% to 53%. Almost twice as often as in 2017, information began to leak from municipal organizations as a result of the actions of external intruders - 41% of leaks versus 26% a year earlier. The share of leaks due to the fault of employees, on the contrary, last year decreased to 50% against 64% in 2017. The distribution of incidents by data type is still dominated by personal data leaks - 82% of cases, but over the year the share of payment information increased by more than 1.5 times - up to 13%. The InfoWatch analytical center has compiled a digest of leaks from municipal organizations.

The biggest regional-level leak: compromising the data of about 15 million Texas voters. Cash databases was found Internet in one of the researchers. The compromised recordings included a wide range of personal information, including data about political sentiments and preferences.

In the same place, in Texas, due to a code error on the employee pension portal, data of about 1.25 million people leaked. Before the problem was fixed, any portal visitor could, through changing search queries, view the information of other people: first and last names, social security numbers and special identifiers registered on the resource.

In India, data from about 9 million citizens were freely available on one of the portals of the government of Andhra Pradesh. 12-digit AADHAAR identification numbers, which are necessary for all Indian citizens to receive various services: opening a bank account, registering a SIM card, etc. have been compromised. Interestingly, this leak arose the day after the data of 134 thousand other citizens, including information about religious affiliation and bank details, appeared on the same portal.

In Canada, the Ontario Progressive Conservative Party database was hacked. The repository contained personal information of voters living in this region, as well as personal data of party supporters, sponsors and volunteers. In total, the data of a million people leaked.

There are still frequent cases when unscrupulous employees of municipal institutions, with broad rights of access to information systems, use personal data for selfish purposes. So, a clerk from the California Department of Transportation stole the personal information of more than 100 people and issued loans for them. The total damage exceeded $77 thousand. The former official was sentenced to three years and three months in prison.

Group-IB records more than 40,000 compromised accounts

On December 11, 2018, Group-IB, an international company focused on preventing cyber attacks, said it had recorded more than 40,000 compromised user accounts of the largest government resources in 30 countries around the world. The largest number of victims was in Italy (52%), Saudi Arabia (22%) and Portugal (5%). Presumably, this data could be sold on underground hacker forums or used in targeted attacks to steal money or information. CERT-GIB Computer Emergency Response Team - Group-IB - Group-IB Information Security Incident Response Center promptly warned authorized government organizations of CERT in these countries about the potential danger.

The list of victims includes both civil servants, military personnel and ordinary citizens, who, for example, were registered on the websites of public services in France (gouv.fr), Hungary (gov.hu) and Croatia (gov.hr). In total, over the past year and a half, the Threat Intelligence system has recorded about 40,000 compromised "accounts" - the most victims were in Italy (52%), Saudi Arabia (22%) and Portugal (5%).

According to Group-IB, attackers stole accounts using special spyware - formgrabbers, keyloggers such as Pony Formgrabber, AZORult and Qbot (Qakbot). Users were infected with these malware according to the "classic" scheme - through phishing mailings that were sent by attackers to both corporate and personal mail of victims. The letters contained a malicious attachment - a file or archive - after opening which a Trojan was launched on the user's computer to steal information.

As a rule, hackers sort the stolen "accounts" by topic (bank customer data, accounts from government portals, prefabricated "combolists" - e-mail/password sets) and then put them up for sale on underground hacker forums. Accounts from state sites are rarely sold freely. Sometimes logs (a set of compromised data) are posted without sorting.

Buyers of such information are usually both cybercriminals and pro-government APT groups specializing in sabotage and espionage. With credentials to access the state portal user's personal account, hackers can gain access to confidential information associated with this account, as well as use the obtained access to try to penetrate the internal network of the state institution. Compromising the data of even one civil servant carries serious risks, since as a result, commercial or state secrets can be disclosed.

The scale and ease of compromising the credentials of civil servants in various countries of the world clearly demonstrate that users, due to their own carelessness and lack of reliable technological protection, become victims of hackers. Malware used by attackers to compromise user data is constantly being modified. To prevent such attacks, it is necessary not only to use modern anti-APT systems, but also to know the expanded threat context - when, where and how the data was compromised. This will make it possible to prevent the threat of compromise by understanding in advance exactly how and through which channel the attacker will attack.

The regularly updated database Group-IB Threat Intelligence system allows you to get up-to-date information about leaks around the world: data on compromised user logins and passwords, information about malicious information used by cybercriminals, software data providers about and hosters, as well as - IP addresses infected with malicious ON clients. Such information provides an opportunity to analyze and investigate the incident, as well as prevent a possible attack before it occurred.

Group-IB also emphasizes that in addition to the technological equipment of government agencies, international interaction is an important component in preventing attacks resulting from large-scale compromise of credentials. In this case, to inform about the detected problem and prevent further incidents, specialists from the CERT-GIB Information Security Incident Response Center contacted state centers (CERT) in 30 countries and notified local response teams of the compromised data found.

Gostain accounted for 5.3% of all leaks in the first half of 2018

On November 26, 2018, InfoWatch reported that in the first half of 2018, information constituting state secrets accounted for 5.3% of all registered leaks. The InfoWatch analytical center has compiled a digest of incidents that compromised information protected by states.

Most incidents involving the compromise of state secrets occur as a result of external attacks. Such information is often hunted by professional hacker groups, and their actions are usually politically motivated. Cybercrime group Thrip, which is allegedly linked to China, has hacked into a number of US and Southeast Asian organisations working in satellite communications, telecommunications, geodata and defence technology. Apparently, the actions of the hacker group went beyond espionage and also included sabotage.

In September 2018, hackers from Anonymous attacked the server of the Brazilian Ministry of Defense. Among the leaked data is sensitive information regarding military leadership. In particular, the data of the commander of the ground forces, Eduardo Villas Boas, has been compromised. Also named as a victim of the leak is retired General Hamilton Mourao, a candidate for president of Brazil.

About 40% of cases of leaks of state secrets occur in internal violations - both accidental and deliberate. In France, the General Directorate of Internal Security (GDIS) discovered the source of the leak of classified information on the darknet. One of the intelligence officers, using his provisions, stole confidential documents, and then anonymously sold them for bitcoins. It turned out that the agent is closely associated with organized crime, interested in obtaining classified government information. The special services managed to catch the "mole" thanks to the monitoring of the personal code that is used by each employee to enter the information systems.

Two servicemen from the Danish Embassy in the United Arab Emirates were accused of gross negligence, leading to the leakage of classified information. It turned out that the men kept confidential documentation without restricting access, which allowed the attacker to steal the data and transfer it to a hostile state. Both employees were sentenced to a fine, but did not admit their guilt.

A curious incident occurred in the United States. A Department of Homeland Security official forgot copies of classified files on the plane regarding security at the final American football championship game.

In recent years, the share of leaks of state secrets in the overall distribution of incidents has grown several times. This is due to an increase in political tension in the world, an increase in contradictions between a number of states, an aggravation of competition in world markets. Counteracting leaks must be complex. In addition to using effective means of repelling external attacks and preventing accidental leaks, government organizations should pay attention to behavioral analytics systems (UEBA) - such solutions will identify anomalies in user actions and determine employees prone to violations with high accuracy.

Data breach of 1 billion people in India

On January 4, 2018, an investigation began in India after a report that access to the identity database of more than a billion citizens was sold for just $8 on social networks. The Tribune reported that it was able to buy data to enter the Aadhaar database, which made it possible to obtain information such as names, phone numbers and home addresses of a huge number of people. Read more here.

2017

South Africa has the largest data leak in the history of the country

In the Republic of South Africa, the largest data leak in the history of the country occurred. According to the leaked security researcher Troy Hunt, millions of personal records of citizens with an identification number issued in South Africa ended up on the Web.

"Usually I get a lot of files every day related to data leaks, but in this file I was amazed by the size - 27 GB," Hunt told iAfrikan. Who is the source of the data, the researcher does not know.

The masterdeeds.sql file received by Hunt contains identification numbers, marital status and income data, corporate information (about management and employees of companies), and property information. The file is dated April 2015, but it is not known how long it was in the public domain. It contains data from several tens of millions of South Africans who have now lived and already died since the 1990s^[10].

As for email addresses, there are very few of them in percentage terms - only 2,257,930 addresses. The South African leak is the worst he has ever faced at various levels, Hunt said.

The likely source of the leak is the South African company Dracore Data Sciences, which specializes in data collection and processing. "They (Dracore Data Sciences - ed.) Screwed to the fullest. They collect a huge amount of data and I'm not sure people give them their permission to do that. They published the data on the server with absolutely no protection, and of course, outsiders found them, "Hunt said

Data breach of nearly half of US population

In September 2017, it became known about one of the largest personal data leaks in history. USA Hacker hacking of computer systems, which affected almost half of the country's population, occurred in the credit bureau, Equifax as reported in the company itself.

According to Equifax, cybercriminals, taking advantage of the vulnerability of the company's website, gained access to certain files from mid-May to the end of July 2017.

Equifax Headquarters

Lost were social security numbers, dates of birth and in some cases to driver's license numbers. In addition, about 209 thousand Americans and a number of claims documents containing personal data 182 thousand Americans fell into their hands of hackers. The leak also affected some residents and Great Britain Canada.

Equifax said the bureau is working with law enforcement and has hired a company specializing in information security issues to investigate.

It is noted that there are no signs of unauthorized access or operations with databases about consumers and legal entities that the attackers have. At the same time, it is not reported who is behind this attack.

The company's chief executive, Richard Smith, has apologised to those affected.

This is undoubtedly a disappointing event for our company that casts a shadow over us and what we're doing, "he revealed.

According to the Financial Times, Equifax management became aware of a large-scale data leak at the end of July 2017, but an official statement was made only on September 8. A few days after the attack, three top managers of the company, including the CFO, sold Equifax shares worth $1.8 million.

On September 8, 2017, the company's quotes fell by 13% by the time the main exchange trading ceased.^[11]

Data from 1.8 million Chicago residents leaked online

ES&S, which supplies voting machines to dozens of states, allowed data breach 1.8 million American voters. The incident was reported by UpGuard security researcher Chris Vickery, who discovered AWS a vulnerable database owned by the company in cloud storage. Due to the incorrect configuration, anyone could easily upload personal information to almost 2 million residents. Chicago

The DB contains the names, addresses, dates of birth, and partially the Social Security numbers of Chicago voters. Some records also show driver's license numbers and identification numbers issued by state authorities. "The files stored on the AWS server do not contain any information regarding the voting results and have nothing to do with the voting and tab systems used in Chicago," ES&S officials said.

As it turned out, access to the AWS S3 service used by the manufacturer was open to everyone, but in some incomprehensible way only the data of Chicagoans leaked. Researchers tried to find voter data from other cities, but to no avail - it seems that the incident affected only the database of Chicago residents^[12].

Sweden's biggest citizen data breach

At the end of July 2017, it became known about the largest personal data leak in Sweden, as a result of which two ministers lost their posts. In addition, new layoffs in the country's government are possible.

The leak of personal data of almost all Swedish citizens occurred due to the fault of the Swedish Transport Department during the transfer of personal data of all vehicle owners to IBM. The leak affected not only the private sector, but also vehicles belonging to the police and the Swedish army^[13].

During the leak, the names, photographs and addresses of residence of millions of Swedish citizens became available, including Swedish Air Force pilots, employees of secret units, people on the wanted list, citizens in the witness protection program, as well as the capacity of all roads, posts and much more.

Prime Minister of Sweden Stefan Levene

Swedish Prime Minister Stefan Levene announced the resignation of Interior Minister Anders Ygeman and Infrastructure Minister Anna Johansson due to the scandal surrounding the leakage of personal data of citizens.

The departure of Defense Minister Peter Hultqvist was also expected, but so far he has remained in his position. The opposition demands to declare early elections and dismiss the entire cabinet.

In 2015, the Swedish Transport Authority awarded IBM contract to maintain the country's transport database. As part of this agreement, the agency transferred to contractors databases with Swedish driver's licenses, questionnaires, information about vehicles, including those on the balance sheet of the Swedish Ministry of Defense and the Ministry of Internal Affairs.

Subsequently, it turned out that the transfer of information took place with violations of numerous security rules, which led to a large-scale leak of classified data. In particular, information about the criminal record of Swedish citizens and ongoing investigations, information about communication between the transport department and other 34 Swedish authorities were publicly available. Information about all cars in the country, including police, military and special services, became available to IT employees in the Czech Republic and Romania, as a result of which the identities of intelligence agents were revealed.

According to the investigation, Anders Igeman knew about the leakage abroad of personal data of millions of Swedish citizens, but did not tell the Prime Minister about it. The latter learned about what happened in January 2017 and a little later fired the head of the transport agency Maria Agren, who was then fined about $8.5 thousand.^[14]

In the United States, the largest ever leak of voter data occurred

In June 2017, it became known about the largest leak of voter data in world history. Deep Root Analytics (DRA), which worked in the interests of the National Committee of the Republican Party of the United States, mistakenly posted databases containing information about 198 million American citizens participating in the 2016 presidential election.

A large-scale potential leak of personal data was recorded by cyber security specialists from UpGuard. According to them, the information was stored in the Amazon S3 cloud service, while terabytes of information were not even protected by a password.

Database of 198 million voters in the United States discovered in the public domain

The names of voters, their addresses, dates of birth, telephone numbers, information about national and religious affiliation, as well as the results of Deep Root Analytics research during the 2016 presidential election commissioned by the Republican National Committee, were publicly available. From January 2015 to November 2016, Republicans paid the contractor about $1 million.

Deep Root Analytics also analyzes public opinion polls and provides information on their basis for targeted election campaigns and political campaigning.

A huge database of American voters was in the public domain for 12 days. Deep Root Analytic founder Alex Landry said no trace of the hack was found.

We take responsibility for this situation, "Deep Root Analytics said in a statement.

The leak of 198 million voter data (we are talking about 80% of all US citizens who have the right to vote or more than half of the American population) turned out to be the largest of its kind. Previously, such was considered a "leak" of information about 93 million Mexican voters.^[15]

Secret documents of the US Air Force found in the public domain

In March 2017, researchers from MacKeeper discovered classified documents of the US Air Force (Air Force) that are in the public domain: a NAS with backups of this documentation was available via the Internet and deprived of any protection.^[16]

Among the documents, personal data of more than 4,000 military personnel and their families, lists of persons with admission to classified and even top-secret information and other information were found.

UNITED STATES AIR FORCE

Applications for re-obtaining security clearances for the two generals, who have held top positions in the military command USA and NATO in the recent past, have also been made publicly available. The documents contained highly sensitive information that experts and former government officials called the "holy grail" for the intelligence of unfriendly countries. As noted, ZDNet both generals have already resigned.^[17]

The researchers were most amazed by the table, which listed current investigations into Air Force officers for allegations of discrimination, sexual harassment, as well as more serious crimes. One of the investigations is being conducted against a major general accused of receiving a kickback of 50 thousand dollars a year for assisting a certain sports commission in the US National Guard.

Among other things, the server stored information in unencrypted form to gain access to closed internal systems of the US Department of Defense, in particular, to a unified personnel assessment system.

As noted in MacKeeper, by mid-March 2017, the drive was no longer available, but it is not known whether anyone other than the company's researchers could have accessed it earlier, and how long access to it was opened.

Most officials and officers whose interests may have been affected by this leak avoided commenting on the situation.

At the end of December 2016, MacKeeper researchers discovered in the public domain the data of Potomac Healthcare Solutions, a Pentagon contractor involved in the medical care of US Department of Defense officers. Potomac servers were incorrectly configured, as a result of which access to data, including top secret, was open to everyone.^[18]

There is a paradoxical situation when employees of organizations whose work is related to classified information demonstrate amazing incompetence in the field of data protection, says Ksenia Shilak, sales director of Sec-Consult Rus. - On the other hand, such situations may contribute to the early conduct of a total audit of the cybersecurity of government organizations in all countries of the world. The need for this has long been ripe.

2016: InfoWatch visualized Hillary Clinton correspondence archive

On December 20, 2016, the InfoWatch think tank announced the completion of an analysis of data from the archive of personal correspondence of US presidential candidate for the 2016 election from the Democratic Party Hillary Clinton, published in open sources on the Internet.

Hillary Clinton's e-mail archive, posted on the official website of the US Department of State, was analyzed using InfoWatch products. The company concluded that more than eight thousand letters from the published archive were sent in violation of security policies set in organizations by default when operating systems to protect against leaks of confidential information and protect businesses from internal threats.

The analysis revealed more than 7.5 thousand letters containing information about personal data (PD), more than 900 messages containing financial information, more than 500 shipments with legal data, as well as just under a hundred letters with information about procurement and personnel management (HR).

Messaging Schedule, (2015)

Most of the emails with supposedly sensitive data circulated in private correspondence between five people. In addition to Hillary Clinton herself, this is her assistant, lawyer and former adviser on international policy as US Secretary of State Cheryl Mills (Cheryl Mills), senior political adviser to her 2016 election campaign and former adviser to U.S. Vice President Jake Sullivan (Jake Sullivan), her assistant as secretary of state and during the 2016 presidential campaign, Huma Abedin (Huma Abedin), as well as journalist and political adviser Sidney Blumenthal.