[ad_1]
The UA Baza robot appeared on Telegram, which delivers personal data and documents from Ukrainians, the state insists it has nothing to do with it.
In Ukraine, another massive download of personal data of citizens. It is true, this time, it seems, the most ambitious. Judge for yourself, 26 million driver’s licenses are in the public domain. And also passports and passwords for accounts on social networks and emails.
The claims appeared immediately before the Ministry of Digital Transformation and its Diya application, which toughens the electronic version of the documents of the state registries. But the Ministry of Statistics assures that they have nothing to do with it.
Correspondent.net versed in the drain scale.
How does it work
The UA Baza bot contains data from state registries, as well as new email databases and passwords from social networks Vkontakte and linkedin.
For example, the chef de cuisine of the public organization Electronic Democracy Vladimir Flonts, using the bot, found several of his documents at once.
“They not only showed me the passport data, my old passwords, the biometric passport data (in particular, the photo) and the icing on the cake: a driver’s license, which I didn’t even know about. Even in Diya, I didn’t It shows it, and the guys in the database there. This is what your digital future looks like now, “wrote Flonts.
In addition, for example, the bot showed journalist Sergey Sidorenko a driver’s license, which he lost in 1999 and has not restored since then.
“By my mail, the old rights are being withdrawn, with a number, details, about which Diya is not known. That is, the data is not only taken from some government base, which Diya is not yet aware of, but is also synchronized with other personal data. In 1995, I didn’t have this email, I swear. They know how to do it when they want to, the Ministry of Digital Affairs rests in this context, “asks Sidorenko.
And here is Diya.
The Diya smartphone application contains electronic copies of documents: passports, rights, car data sheets. In Ukraine, they are legal substitutes for paper documents.
People’s deputy Alexander Dubinsky accused Diya of draining personal data. But then he deleted this information.
“I just spoke to the Minister for Digital Transformation, Mikhail Fedorov, who promises to provide information on who and how to combine the data from state registries during the day. Before receiving this information, the publications on Diy were removed. If the information in Mikhail is not relevant or does not prove otherwise – going back to the topic, “Dubinsky explained.
The Ministry of Digital Transformation denies any participation of the Diy service in the data leak. They explain that Diya does not have its own database, but only reflects the information in the records.
Yes, and the amount of information available in the bot is tens, or even hundreds of times, greater than the one that works with Diya. They point out that the bot’s analysis indicates the use of old PrivatBank databases.
“Abuse of the use of personal data of citizens is unacceptable! The Ukrainian Security Service is already carrying out investigative actions against cybercriminals who disseminate such information on the Internet,” the ministry said.
The Ministry of Finance warned: By trying to find information about you in various illegal bots, you yourself provide attackers with personal data.
Where it leads
Artyom Kokhanevich, CEO GigaCloud believes that the allegations of the Diya service of leak of personal data of Ukrainians are unfounded.
The application does not store data in its own database, but takes it from various registers. The principle of their work can be compared, for example, with popular markets that act as intermediaries and “connect” buyers and sellers with each other. A ridiculous fact: People who were unable to obtain their photo from Rights in Die saw it in a telegram bot. Those. the bases were obtained from anywhere, but not from Diya, ”says Kokhanevich.
In his opinion, the attack is controlled and directed against the continuation of the development of the project.
“If Fedorov and the team manage to accomplish at least half of what was declared, many gray and corrupt schemes will suffer. Ukraine is now backtracking on digitization of state processes, and this is not because “all normals are long gone”: digitization significantly reduces the possibility of manipulation, and clients of the managed disaster will actively resist this ” , create the manager.
At the same time, Kokhanevich points out that the Diya service is developed “by some people for someone’s money.”
Diya was physically located in a data center with one of the commercial operators, whose choice was completely opaque, which can be said about the development team. The focus is on the speed of launching new services. Problems of fault tolerance and redundancy, protection against external intrusions, DDoS, protection of personal data – this is what the functional career always remains in the background. Attack through an anonymous telegram bot, Diya will survive smoothly. But not too far away are the incidents caused by inadequate architecture, and there it will be more difficult for society to answer something, ”predicts the expert.