Attacks on the portal of public services

2023: Completely over 600 million DDoS attacks

In 2023, there were completely more than 600 million DDoS attacks on the Public services portal. This was announced on February 13, 2024 by the press service of the State Duma deputy RFAnton Nemkin.

The vice president Rostelecom of Igor Lyapunov "" said that the attempts attacks were unsuccessful.

According to the top manager, specialists block about 70 state portal fakes every month. This applies to both phishing sites and Telegram channels and online applications. In addition, more than 1.2 thousand attempts to provide illegal services on fake Public services portals were suppressed.

Also in 2023, experts blocked more than 2 thousand stolen accounts of citizens.

The number of such attacks is growing every year. The main reason for the attacks is the desire to gain access to the personal information of Russians. In view of the digitalization of public administration, the portal concentrated key information about citizens: not only passport data and address, but also data, for example, about children and even about personal transport, - said the deputy.

In 2023 alone, more than 65 thousand attacks on critical information infrastructure were successfully repelled, Anton Nemkin recalled.

At the same time, in the first two quarters of 2022, the total number of cyber attacks on Russian organizations increased 15 times, compared to the same period in 2021. We understand that attackers pursue not only commercial, but also political interests: from destabilizing workflows to obtaining confidential corporate data, Nemkin said.

This is one of the main challenges facing the IT industry. We should move on as a continuous analysis of possible incidents, integration of the latest threat detection methods. First of all, we are talking about the tools of "offensive security," within the framework of which the system is subjected to "crash tests" from the ranks of specialists. Let me remind you that not so long ago we prepared a package of bills to legalize the activities of "white" hackers. The proposed amendments are aimed at creating an optimal legal field in which the principles of offensive security will be systematically developed, he said.

For example, two-factor authentication should be installed in accounts that are important to you. It doesn't matter what it's about: a bank or a social network. Two-factor authentication must be the default. With its help, at least you will always find out that an outsider is trying to log into your account, - concluded Anton Nemkin.

2022

Powerful DDoS attacks hit the State Public services portal

On June 23, 2022, powerful DDoS attacks hit the State Public services portal. According to the Ministry of Digital Development of the Russian Federation, the attack was initiated by Ukraine.

At about 9:30 Moscow time, calls for attacks on the Russian portal of Public services and the entire e-government infrastructure began to spread in Ukrainian Telegram channels. The Ukrainian side declared its priority goal to paralyze the provision of socially significant services in Russia and published more than 50 IP addresses for attacks, the Ministry of Ministry of Digital Development Telegram channel says.

Powerful DDoS attacks hit the State Public services portal

According to the ministry, the State Public services portal began to experience an almost 10-fold increase in the load, which at peak moments reached 340 thousand requests per second. It is noted that attacks are carried out not only on the State Public services portal itself, but also on the mobile application, payment system, as well as on the life support systems of the infrastructure of the electronic government of Russia.

On June 23, 2022, the Ministry of Digital Development announced that security and infrastructure management systems are operating normally, user data is reliably protected, and no penetrations into the e-government infrastructure have been recorded.

The fact that the State Public services portal were subjected to intensive hacker attacks on June 23, 2022 was also announced by Rostelecom Vice President for Information Security Igor Lyapunov during a speech at the round table "Information Security: Global Challenges" in the Federation Council. According to him, regional resources also faced attacks. At the same time, cyberattacks on the portal can be repelled, they do not affect the work of the Public services, Lyapunov said. The vice-president of Rostelecom noted that there are several thousand such mass attacks, and they are carried out on completely different information resources.^[1]

1 TB/s DDoS attacks

At the end of February 2022, the Ministry of Digital Development of the Russian Federation reported large-scale DDoS attacks on the Public services portal. The failure is recorded against the background of the beginning of the Russian special operation.

According to the Ministry of Digital Development, on February 25, 2022, more than 50 DDoS attacks with a capacity of more than 1 TB/s were recorded, as well as a number of professional targeted attacks. In this regard, users could face short-term inaccessibility of services.

Dozens of cyber attacks with a capacity of 1 TB/s hit the State Public services portal

The department assured that user data is reliably protected. Security and infrastructure management services work around the clock, additional protection mechanisms are launched if necessary, the Ministry of Digital Development said.

On February 26, 2022, the websites of the Kremlin, the government and the State Duma stopped working in Russia for some time. Presidential spokesman Dmitry Peskov said the administration is recording constant cyber attacks on the Kremlin's website.

The "First Channel" also reported about difficulties with access to the site, its representative called DDoS attacks the cause of the failure. The state corporation Roscosmos said that its website was subjected to a DDoS attack from abroad. The Russian Railways faced the same problem. Earlier, hackers from the Anonymous group announced a cyber war against the Russian government.

On February 25, 2022, the center cyber security FSB called the level of cyber attacks on Russian resources critical. In the current tense geopolitical situation, experts expect an increase in the intensity of cyber attacks, including on objects. critical information infrastructure According to the center, attacks can be carried out on important information resources and services to disrupt their functioning, damage reputation, including for political purposes.^[2]

2021: Record DDoS attack hits State Public services portal

On November 11, 2021, a record DDoS attack hit the State Public services portal. This was reported in the Ministry of Digital Development of the Russian Federation. According to the ministry, the power of the cyber attack was 680 Gbps.

On November 11, 2021, users encountered problems trying to log in. The website of the Public services was also unavailable. Also, some users cannot use the service's mobile application. By 14:00 Moscow time, the normal operation of the service resumed.

The service of the Public services failed

The functionality of the portal Public services restored, problems with logging into the portal for some users were recorded within 20 minutes, the press service of the Ministry of Digital Development said on November 11, 2021, adding that specialists understand the causes of the failure.[3]

This is the second technical malfunction of the Public services in a week. Earlier, some users complained that the validity of QR codes about vaccination was unexpectedly reduced from a year to six months, and certificates were canceled. The Ministry of Digital Development explained this by technical work on the site and assured that the certificates will be "valid for the entire period."

On the morning of November 8, some users of public services noticed that the validity of certificates of vaccination against coronavirus had changed - it was a year, but it was six months. Mistakes were made in certificates for 300,000 people, - noted in the mailing list "Public services."

The Ministry of Digital Development Maksut Shadayev explained that the failure with the timing of vaccination certificates at Public services was due to the fact that they needed to be updated. According to him, after the order of the Ministry of Health, the Ministry of Digital Development, in a "fairly emergency" manner, introduced a single form of certificate with a QR code instead of two separate ones - the certificate of the patient who had been ill and the certificate of the vaccinated person.

2019: Leaked personal data of tens of thousands of users

On December 30, 2019, it became known that the information of tens of thousands of users of the Public services portal was freely available on the Internet. Personal data became available to everyone as a result of the leak.

The problem, according to Kommersant, was reported by the founder of the Russian information security company DeviceLock, Ashot Hovhannisyan. He noted that all the leaked data could be easily downloaded on one of the forums specializing in the dissemination of this kind of information.

Ashot Hovhannisyan said that database he contained information about 28 thousand State Public services clients living, presumably, Khanty-Mansiysk in the autonomous district. The database, which was freely available as a result of an error in the configuration - Elasticsearchservers on which it was located, contained the name of the clients, their TIN, phones SNILS numbers, addresses email and other personal information, including information about the presence of children. In addition to this, according to Hovhannisyan, tokens of these authorizations users on the portal, which could provide third parties unauthorized access to the personal accounts of these people, also leaked to the Web. At the time of publication of the material, information about the suitability of tokens for accessing accounts was not confirmed.

Ashot Hovhannisyan stressed that the personal information of almost 30 thousand Russians was freely available for a long time. He claims the compromised server was indexed by search engine Shodan on December 3, 2019.

The server itself is located at the Rostelecom site. Hovhannisyan noted that attempts to close the vulnerability began to be made only on December 28, 2019. As of December 30, 2019, the flaw was fixed, but in the end, anyone could get access to personal data for almost a whole month.

As noted in CNews, the Ministry of Communications of Russia is aware of what happened. Representatives of the department confirmed the fact of eliminating the vulnerability and added that a check is underway on the fact of a possible leakage of personal data.

At the time of publication of the material, the perpetrators of the information leak were not identified. Rostelecom, according to RBC, denies the very fact of the leak, claiming that no incidents related to the unified identification and authentication system have been identified.

The company noted that all "e-government" systems work as usual, and that users' personal data is safe. At the same time, representatives of Rostelecom believe that the incident could be related to the regional application "Public services of Ugra." It was developed by order of the Department of Information Technologies and Digital Development of the Khanty-Mansi Autonomous Okrug, and as of December 2019, it works separately from the portal of public services. The application "Public services of Ugra" has a certain relation to Rostelecom: it is located on the technical infrastructure of the company.^[4]

Notes