Victor Ugochukwu · Dec 14, 2020 . 5min read
Russian voter’s passport data unsecured, available for sale on the dark web
In another data breach, Russians who participated in voting for the constitutional reform referendum last month find their data available for sale.
By Shilika · Aug 7, 2020 . 5min read
Russian’s who voted in the country’s recent constitutional reform referendum had their passport data leaked. The data is available for sale on the dark web.The voting was conducted using blockchain technology. Nearly 1.2 million Russians registered a vote.
The authorities in charge of the referendum carelessly left the data available to download on government websites for several hours on the 1st of July. The file name was ‘degvoter.zip’ and has since been distributed through various Telegram channels and groups.
“Considering the poor security and availability of the degvoter.zip archive, the Russian government actually put the personal data of all e-constituents from Moscow and Nizhny Novgorod in the public domain.”
Kommersant is reporting that more than 30,000 lines of data are up for sale. The going price is around $1.50 per line. If buyers are making purchases in bulk, they can do so for as low as $1 a line.
Attackers need more than just the passport data to breach an individuals security seriously. Researchers believe, however, that attackers already have access to a lot of personal information. This means that the passport data will be like finding the missing piece of the puzzle. Attackers will be able to access information like credit history, home addresses, and company names registered by each voter.
Data leaks are frequent.
The security on the IT side in the Russian system needs serious attention. Numerous breaches have already occurred, as a part of a worrying trend. Anastasia Fedorova, an analyst at the IT company CROC, noted that developers do not make much of an effort to secure this kind of data because they deem it useless on its own. Thus, attackers use the data to form a complete picture in conjunction with other bits of information.
The chairman of the Committee on Information Policy Alexander Khinshtein told Kommersant that he would make buyers and sellers criminally liable as a response to the growing number of data leaks.