[ad_1]
May 14, 08:14
Christian Wiediger / Unsplash
The data leak may have occurred from the public service Di
A bot appeared on Telegram that sells personal data of Ukrainians. The president of the Ukrainian Cyber Alliance, Sean Townsend, in an interview with Radio NV, told how the data can be filtered and how it can be used.
We are talking about data such as passport numbers, identification codes, registration, social network passwords and even bank details. Some have already blamed the Diy system recently launched by the Ministry of Digital Transformation for the data leak.
Radio HB spoke to political hacker Sean Townsend to resolve the details of the data leak.
– The recently leaked data, its amount and nature give reasons to say that this happened through the Diya application, as they say on social networks.
– It is very difficult to determine if it was a Dii leak or directly from the records in which this data is stored, because it is not a secret for anyone: databases constantly flow, they are sold, services that combine these are constantly appearing data from various databases for sales.
Maybe it was Diya, because Diya is structured in the following way: it is a middleware that is between the user and the registries. And of course Дії has direct access to the logs, and those who hack into the Дії server part will also have direct access. But determining if it was Diya or some other base, if they are new, old, is still difficult.
– Do you have a gap in DJI that allows you to steal user data?
– The fact is that the Ministry of Digital Transformation has not yet published a single technical document or a single regulation on how all these products should work. Everything unfolds in a hurry, using dark companies, dark money, and no descriptions, without an honest story about how everything works. The information must be collected literally in pieces.
And I, and other information security experts, just have to ask ourselves how competent decisions were made during development. Minister Fedorov constantly declares that they use best practices, best solutions, but these are simply unverified words.
– In Дії I have stated, that supposedly this leak of data already collected that was previous “hacked ”in other structures, for example, in Privatbank. Could a database of tens of millions of Ukrainians really already be stored somewhere?
– Base “flow “constantly. In specialized forums, not necessarily on the dark web, bases for various departments are sold. (customs, border guards, passport database). And since the fall, Minister Fedorov said that the role of cybersecurity is greatly exaggerated and that the Ministry of Digital Transformation does nothing to protect data. Your approach to combining all state records into one portal, into one app, from my point of view is wrong.
And when the Ministry of Finance tries to combine all the records into one, the risks increase many times over. When the records were divided among the ministries, several departments practically had a monopoly on access to this data. What if “another base flowed, it was clear where it came from “flowed “and who is responsible for this. When systems are combined into one, this responsibility erodes to zero and the risk of leakage is great when “it will flow “is not just one thing, not just a driver’s license, not just a registration base, but everything at once.
– Now we are talking about a large-scale leak, which collected personal, bank, and social network passwords. And how did it all come together in one package?
– In hacker forums, they exchange leaked databases of sites where there are emails, phones and combine them into giant databases. The strongest leaks: it was only LinkedIn, the base flowed there entirely, many passwords were resolved. I think these scammers exchanging data through the Telegram bot simply compared the phone numbers where they are, or the email addresses, with the leaked passwords.
– How can these data be used theoretically?
– The fact that the data is linked to passwords and that you can try to hack accounts provides great opportunities for fraud, including banking. It already depends on the imagination. This is an opportunity to find a person and learn a lot about them. The more new services appear in Dії, the greater the threat.
Suppose you are losing a mobile phone now. In the worst case you have “Stealing “Facebook account may even turn out to steal money from your bank account. But when it is possible to take legally significant actions online, for example with real estate or participating in elections, then the risks are not measured in money.
– Hackers offer in the demo version to verify the availability of their own data in the database. Can this be done?
– I would not recommend doing this, it depends on how these services are organized. Scammers can reasonably assume that the phone number from which this request was made belongs to the person who examined their own data and will immediately link this number to the same database. If this is a site-based service, the IP addresses will “flow”, that is, where the person is approximately.
– Is there any advice on how to protect yourself from such leaks? For example, do you change passwords once a week, or does everyone now need to take and change their passwords?
– Passwords really need to be changed periodically, it is convenient to use complex passwords, different passwords for different services. For those services that are important to you, for example, online banking, passwords are more complicated. Do not record them anywhere, do not reuse them. If possible, use two-factor authentication over the phone or with a special app, if possible.
These bots are designed for retail data, where the price can start from a few dollars per registration. If some more professional scammers are operating, then the price there can rise to tens, sometimes even hundreds, of dollars.
