Passport numbers of Russian citizens who voted for Putin for sale on dark web

Specialists from a data security course discovered that a hacker group has found good use for the passport data of recently leaked Russian citizens; apparently, this information belongs to the citizens who participated in the last electronic voting in Russia.

The compromised database has been identified in multiple hacking forums, where more than 1.1 million records are sold for $1.5 USD each. Investigators believe this incident is due to a bad computer security practice, although it is not ruled out that everything is the product of an elaborate hacking campaign. The finding was led by specialists from security firm Kommersant.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es russia04082020.jpg
SOURCE: Kommersant

As mentioned in the preceding paragraphs, this data belongs to the participants of the electronic vote in which the constitutional amendments would be decided in Russia; this election was held between 25 June and 1 July, the specialists of the data security course point out. In their dark web advertising, the sellers of this database claim that the information is completely new and reliable.

One of the researchers who discovered this leak mentions that, by themselves, passport numbers are not very useful to hackers, however, employed in conjunction with other personal details can be used to deploy sophisticated phishing or identity fraud campaigns. It is possible that the hackers will have other data of the affected users in their possession.

On July 9, Meduza reported the security incident related to electronic voting systems, even revealing an executable file and access to the database via an open link. The latter link contained the encrypted passport data, mentioned by the specialists of the data security course.

Artem Kostyrko of the Moscow government’s Intelligence Projects Department denied that the voter base was exposed on the public Internet, although Kommersant revealed a text file in which sellers demonstrate that the database may have been compromised on multiple occasions. 

This is not the only similar incident that occurs recently. As Kommersant reported a few hours ago, in late July a hacker put up for sale another large database of personal data with data from around one million drivers based in Moscow; the seller requested $1500 USD in exchange for such information.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.