The main articles are:
2024
Accounts from Public services to 800 rubles are sold on the darknet
At the end of June 2024, it became known that cybercriminals sell stolen accounts from Public services on the darknet for migration registration. After learning access to such personal accounts, attackers can register foreigners in the apartment without the owner's knowledge. The cost of stolen accounts varies from 600 to 800 rubles. Read more here.
There was a leak of personal data of DIT Moscow. There are 13.4 million lines in the file
On June 10, 2024, it became known about the leakage of personal data related to the Department of Information Technologies (DIT) of Moscow. A file containing 13.4 million lines with various personal data has appeared in the public domain, the DLBI service said. Read more here.
The deputy head of the Ministry of Forest Complex of the Irkutsk Region was accused of receiving a bribe in exchange for data from the GIS
In May 2024, the Investigative Department of the TFR in the Irkutsk Region announced a criminal case in which the former deputy head of the territorial department of the Ministry of Forestry for Cheremkhovsky Forestry is taking place. Read more here.
2023
The traffic cop received 4 years in prison for selling information about Daria Dugina, who was killed during the terrorist attack. He sold data from the traffic police database for 3300 rubles
On November 9, 2023, the Nagatinsky Court of Moscow sentenced former traffic police officer Ivan Rybin to four years in prison, who "punched" the personal data of journalist Daria Dugina for Ukrainian saboteurs. He will serve his sentence in a general regime correctional colony. Read more here.
30% of personal data leaks from the Russian GIS are due to the fault of employees
The main part of the leaks of personal data of Russians through state information systems (GIS) is associated with the imprudence of the citizens themselves. In 2022, such incidents accounted for 43.6% of all cases of loss of personal information, and by October 2023 the figure is 38.6%. Such figures are given in mid-October 2023 in a study by SearchInform.
According to the Vedomosti newspaper, approximately 1,300 employees of state institutions took part in the survey. One of the main causes of personal data leaks is external attacks on GIS: at the same time, their share decreased from 32.7% in 2022 to 31% in 2023. Almost a third - about 30% - of all incidents are associated with incorrect actions of the employees of state structures themselves. For comparison, in 2022 this figure was 20%.
In the first half of 2023, experts Roskomnadzor recorded 76 leaks - about 177 million records of citizens got into the network. This is significantly higher than the figures for the same period of 2022 - 19 incidents and 45 million records that were in the public domain. Igor Bederov, founder of the Internet Search company, expert at the SafeNet NTI engineering center, notes that the volume of personal data leaked to the Internet has tripled in less than a year - from 1 TB at the end of 2022 to 3 TB by October 2023. In 2023, the volume of leaked personal data of Russians in monetary terms is estimated at several billion. dollars
According to the results of the study, several key types of leaks were identified - respondents could choose several options at once. These are, in particular, virus threats (56.3%), social engineering (25%), external cyber attacks, including DoS and DDoS (23.8%), accidental leaks by mistake or negligence (18.8%), data destruction/corruption/cybervandalism (8.3%), intentional data theft by insiders (5.9%) and theft or damage of hardware media (5.3%). Among the main channels of leaks are Internet resources (80.3%), instant messengers (55.2%), e-mail (50.4%), removable media (36.04%) and paper documents (24.1%).[1]
MosgorBTI admitted to hacking the site and stealing data from it
Hackers hacked the website of the Moscow City Bureau of Technical Inventory (MosgorBTI). This was announced on August 7, 2023 by the press service of the capital's economic policy complex. Read more here.
Data Base of 200 thousand users of the portal "Мойбизнес.рф" got free access
At the end of May 2023, it became known about the appearance in the public domain of the database of the national online portal for entrepreneurs "My Business" (Мойбизнес.рф). Read more here.
Data leakage from GNIVC
In early May 2023, it became known about the leakage of data from the state "Main Scientific Innovative Implementation Center" (GNIVC), subordinate to the Federal Tax Service (FTS) of Russia. Read more here.
2022: The database of emails of the Ministry of Culture of the Russian Federation for hundreds of gigabytes was leaked to the Internet
In mid-April 2022, it became known about a data leak from the Ministry of Culture of the Russian Federation. We are talking about an archive of 700 GB, which included 230 thousand emails from the Ministry of Culture, as well as 230 thousand letters from 2019 to 2022 from the administration of the city of Blagoveshchensk and 130 thousand letters dated 2016-2022 from the apparatus of the governor of the Tver region. Read more here.
2021
The source code was Public services leaked to the Internet
At the end of December 2021, it became known about getting into the Internet source codes of the regional portal of the Public services of the Penza Region. Read more here.
90% of government officials see serious risks in accidental information leaks
"Rostelecom-Solar" December 21, 2021 shared the results of the study "Accidental information leaks in government agencies." After interviewing civil servants from all regions of the Russian Federation, the company's analysts found out that more than 90% of representatives of the state apparatus see serious risks in accidental leaks. Of these, more than half believe that these risks are even higher than due to deliberate leaks of confidential data.
In general, according to the majority of the study participants, public authorities are equally susceptible to both accidental and deliberate leaks of confidential information - this was stated by 51% of respondents. 36.2% of respondents still believe that there are slightly more intentional leaks in state organizations, and 12.8% spoke in favor of the predominance of accidental leaks in this area.
In almost 60% of cases, official documents and internal confidential correspondence inadvertently leak from government agencies due to their transfer by civil servants to personal e-mail. And in almost every fifth case, the source of potential leaks is the discussion with third parties of the position of the management on work issues and the content of internal service documents.
Most often (in 51% of cases) sensitive information accidentally leaves the perimeter of government organizations through various Internet-channels - social networks external, cloudy storages Internet mail, etc. The top most frequent channels of unintentional leaks also include service email (more than 23% of cases) and (messengers in 17% of cases).
It should be noted that the ratio of the main channels through which confidential information accidentally leaks from government agencies fully corresponds to the picture of the distribution of leak channels in the commercial segment, in particular in the banking sector. This indicates that the digitalization of Russian government bodies has reached a high level comparable to the commercial segment. This means that all modern threats to information security - targeted attacks, leaks, hacks, incidents of unauthorized access, exploitation of vulnerabilities, etc., are just as relevant for government organizations, and in some cases more, - said Elena Chernikova, senior business analyst at Rostelecom-Solar. |
In more than half of the cases, mid-level managers become the culprits of unintentional leaks in government agencies, in 36% of cases - ordinary employees, and only every tenth unintentional leak occurs through the fault of a senior manager. Most mistakes regarding confidential information are made by middle-aged civil servants (from 30 to 50 years old) - this is the opinion of 51% of respondents. Another 42% of accidental leaks are in youth under 30. And only 6% - for older employees.
The main reason for accidental leaks in government agencies 55% of the study participants consider a lack of knowledge in the field of information security. Another third of the respondents believe that congestion with numerous tasks is to blame for everything, which gives rise to haste and, as a result, errors in handling sensitive information. And a little more than 10% believe that the cause of accidental leaks in government agencies is simple inattention.
At the same time, the greatest demand for training employees in the basics of cybersecurity is demonstrated by state organizations located in the Central Federal District. Here, almost 70% of respondents recognize the lack of competencies in the field of information security among employees. The share of similar responses among respondents in the regions is less than 30%. Here they believe much more in the negative effect of overloading civil servants with work tasks: almost 60% of regional study participants named overload as the main factor in leaks.
The study involved more than 100 representatives of government agencies and organizations. Over 60% of respondents represented organizations with a staff of up to 500 employees, about 30% - with a staff of over 1000 employees, the rest - with a staff of from 500 to 1000 employees. The geography of respondents is represented by all federal districts of the Russian Federation. The survey of participants was conducted in November 2021.
2020
Natalya Kasperskaya urged not to hand over biometrics due to the risks of leaks
In early October 2021, Natalya Kasperskaya, president of the InfoWatch group of companies, warned Russians against passing biometric data due to the high risk of their leaks. Read more here.
Passport data 1.1 million electronically voted on amendments to the Constitution appeared on sale
In early August 2020, it became known about the leakage of data 1.1 million electronically voted on amendments to the Constitution. Each row of data in the database is valued at $1 wholesale and $1.5 retail.
Kommersant announced the appearance on the darknet of data from participants in electronic voting on amendments to the Constitution. In correspondence with the newspaper's correspondent, the seller of the base said that it was "completely fresh." He clarified that passport numbers themselves are useless, but in conjunction with other data they may be of interest.
According to the seller, he has already sold 30 thousand lines of data. With the help of numbers and series of voter passports, he proposes to update other databases available to him for the request of buyers - add names, SNILS and TIN numbers, credit history information.
DeviceLock founder Ashot Hovhannisyan believes that the same base that appeared in the public domain after the Medusa investigation has been put up for sale. In early July 2020, the publication discovered a file with encrypted passport data of all participants in electronic voting on one of the state websites. Hovhannisyan noted that about 6 thousand numbers were removed from the base, probably invalid.
Earlier, the press service of the Ministry of Telecom and Mass Communications reported that the leak of passport data of citizens who remotely voted to amend the Constitution was excluded.
Information security experts interviewed by Kommersant see a danger in the weak protection of state databases. As noted by Anastasia Fedorova, a leading analyst at Information Security at CROC, officials often believe that in a stripped-down format, the data is not of interest to cybercriminals, but if you collect your name, passport data, and phone number together, scammers will already be able to use this, including to search for contacts with insiders, for example, in telecom companies.[2]
There was a leak of passport data of participants in online voting on amendments to the Constitution
On July 9, 2020, it became known about the leakage of passport data of participants in online voting on amendments to the Constitution. Read more here.
25 data leaks infected with cornavirus registered in Russia
Russia In the first half of 2020, 25 data leaks infected with cornavirus were registered. COVID-19 They affected 35.5 thousand Russians. This is evidenced by the data. InfoWatch More. here
The darknet sells access to all video surveillance cameras in Moscow
On July 7, 2020, on the Twitter blog of the information security company Shadow Intelligence, he said that an account with the nickname Zpoint on the darknet offers to sell access to all video surveillance cameras in Moscow, which are installed at the entrances of houses, parking lots, in parks, clinics and schools.
The ad claims that the buyer can access them in real time, as well as an archive of videos in five days. According to the capital's DIT, this is how much time information is stored from cameras in Moscow. According to the Telegram channel "Information Leaks," access of this kind can be obtained for 30 thousand rubles.
DeviceLock experts also found on the Internet offers to sell access to data from city video surveillance system cameras stored in the Unified Data Storage and Processing Center of Moscow (ECCD).
The Department of Information Technology (DIT) of Moscow reported that only authorized employees of executive authorities and law enforcement agencies have access to the ECCD data. Granting such access to other persons is illegal, they added.
The Department of Information Technologies of the city of Moscow systematically monitors the Internet space for the appearance of such publications. Information on resources offering direct access to city cameras is transferred to the competent authorities for inspections, the DIT said in a statement. |
Dmitry Galov, an expert on cybersecurity at Kaspersky Lab, told RBC that ads periodically appear on specialized forums to provide access to video surveillance cameras in cities around the world for money.
Attackers are actively interested in such systems and are trying to gain access to both public cameras and home cameras. To do this, they can exploit vulnerabilities in the equipment, gain access due to incorrect configuration of the software used, or simply select passwords, "Galov explained.[3] |
Data Base of 115 thousand Russians returning to their homeland is put up for sale
On June 15, 2020, it became known about the appearance on sale of a database of 115 thousand Russians who were stuck abroad with the beginning of the COVID-19 coronavirus pandemic and were waiting for export flights.
As the technical director of DeviceLockAshot Hovhannisyan told RIA Novosti, the announcement of the sale of personal data on one of the forums appeared at the end of April 2020. The seller asked for $240 thousand dollars for the base and claimed that it had 79.6 thousand lines. However, he did not provide evidence of the existence and authenticity of the data, and then deleted the ad.
In June 2020, another seller published a similar announcement. He stated that the base is relevant for the current month, specifying that there are about 115 thousand lines in it. He estimated the entire base at 66.6 bitcoins ($627,000). The seller also posted several screenshots of the database, which were published in the Telegram channel "Information Leaks."
Hovhannisyan said that the database contains a full name, date of birth, passport data, address, phone number, e-mail, date of entry and exit from Russia, date of application on the public services portal, as well as bank card and account data, passport data and country of location. According to his assumptions, this information was received when transferred from one department to another via electronic communication channels.
At the same time, the expert admits that the database may turn out to be fake, "since the seller, on the one hand, put an unusually high price, on the other, provided an extremely small piece of data for review."
Ashot Hovhannisyan warns that if the base exists, victims may receive phishing emails about allegedly accrued compensation and receive calls from scammers with a request to name a code from an Internet bank.
According to the expert, the seller himself wrote that he uses the base for the carding, buying App Store & iTunes Gift Card gift certificates with the available card details, which he then sells.[4]
The customs database of the Russian Federation for 2012-2019 leaked to the Network
On March 12, 2020, it became known that the full database containing information on all export-import operations of Russian companies for 2012-2019 (data on all customs posts of the Russian Federation) was put up for sale on the Web. Read more here.
On May 12, 2020, it became known that the channel for transmitting limited access information illegally obtained from databases FCS Russia was disclosed by employees of the Anti-Corruption Directorate information security and the FCS Service of Russia together with representatives of the Anti-Corruption Service of the North-West Customs Administration. More. here
2019: On the portal "Public services" there was a leak of personal data of customers
On December 30, 2019, it became known that the information of tens of thousands of users of the Public services portal was freely available on the Internet. Personal data became available to everyone as a result of the leak. Read more here.
2018: Government agencies accounted for 23.3% of the total number of leaks registered in Russia
On January 20, 2020, InfoWatch presented the results of an annual study of confidential data leaks in the public sector (central authorities, law enforcement agencies, state-owned companies). In 2018, government agencies accounted for 13.9% of the total number of registered leaks in the world and 23.3% in Russia. The main explanation for the high share of the public sector in Russian leaks is its dominant position in the economy. Read more here.
2017: Data of 17 thousand people leaked from the Pension Fund
The Pension Fund of the Russian Federation formed in the summer of 2017 a special commission on the issue of checking the leakage of personal data of more than 17 thousand people. This was announced by Mikhail Zheleznyakov, deputy head of the department for interaction with the media of the branch of the Pension Fund of the Russian Federation in Moscow and the Moscow Region[5] creation of a [6].
Web developer Sergei Deryabin announced the data leak in a blog for Geektimes IT specialists. On June 9, 2017, he received a mass newsletter from the Pension Fund (PFR) branch. The attached MS Excel document contained data from 17,752 people, including their dates of birth, registration addresses and SNILS numbers.
"The letter was received on 09.06. The nameplate file was created much earlier and I suspect it contained those originally insured across all branches of the Pension Fund. Apparently, on June 09, extra lines with policyholders of other PF branches were removed from the file. Therefore, I quite naturally suspect that the data of the insured, at least in Moscow and the Moscow region, were thus sent to entrepreneurs, "Deryabinwrote.
The FIU declares compliance with all requirements for the protection of personal data using modern cryptographic protection tools, but so far they cannot accurately confirm or deny the fact of sending personal data in letters to their clients. Marina Gustova, head of the media relations department of the Pension Fund, announced an investigation into the incident.
2016: Data leakage of car owners from the traffic police
On May 20, 2016, it became known that a free autonum.info service was launched on the Internet, allowing you to find the owner's name and phone number by car number. The authors of the project say that users themselves send their data, but experts are sure that we are talking about a data leak from the traffic police database or some companies. Read more here.
Notes
- ↑ Up to 30% of personal data leaks through the fault of employees
- ↑ Data Base went to the second round Personal information of voters came to hackers for processing
- ↑ and media/08/07/2020/5f0587909a794738451ab0af Moscow authorities commented on reports of the sale of access to cameras
- ↑ Devicelock: data allegedly 115 thousand Russians put up for sale on the Web
- ↑ [http://www.securitylab.ru/news/487471.php , the PFR confirmed the
- ↑ commission to investigate the data leak]