The Russian government has found itself embroiled in a fresh data scandal after it was discovered that some government officials are involved in the sales of valuable Russian data to malicious personalities.
Russia’s capital Moscow has over 3,000 security cameras across the city, that’s integrated with the facial technology used by the police. This setup can be viewed at any time by “employees of federal government bodies, the Moscow Mayor and their authorized officials, law enforcement and executive authorities.” But, some scrupulous government officials are selling the login details on the dark web for profit.
Selling Data for Profit
However, local investigative media house MBKh Media has reported that access to the live stream and other technologies is being sold on chat rooms and Dark Web forums. According to the news medium, the data itself is being sold by government bureaucrats and law enforcement officials, all of whom have access to the Integrated Center for Data Processing and Storage (YTKD), the system that stores the data.
Once a hacker makes the required payment, they’ll be issued a unique link to the city’s CCTV system that houses the footage from the cameras. The fraudulent officials can also sell their entire login credentials, essentially providing the hackers with unlimited access to all the cameras.
Andrey Kaganskik, the journalist who led the investigation, noted that the price of admission for this is 30,000 Rubles (about $470 at press time).
To test the authenticity of this technology, Kaganskik provides a seller with a picture of himself. The search showed 238 results, all gotten from 140 cameras. Apart from just their faces, the system delivered their addresses, the exact time they were caught on camera, and whether that was their first time or if they had been caught regularly on camera.
Funnily enough, none of the results belonged to the investigator. Still, he reported that the facial features they got were similar to the input, and the system scored a similarity grade of 67 percent.
Russian Security Watchdog Hacked
The news is another damning revelation to Russia, in what has been a testy year for the country’s public agencies concerning privacy and data protection.
Hackers breach FSB contractor, expose Tor deanonymization project and more (ZDNet) https://t.co/kTC6hQWuls
— Patrick C Miller (@PatrickCMiller) July 20, 2019
In July, BBC Russia reported that the Federal Security Service (FSB), Russia’s primary security agency (tantamount to MI5 and the FBI), was targeted in a hack that leaked 7.5 terabytes worth of data. The hacking group reportedly fingered in the attack is the ov1ru$ group. The cybercriminals hacked into SyTech, a major contractor for the FSB working on several Internet projects. The hacker group then shared the files with the Digital Revolution (a larger, activism-centered hacker group), who disseminated the files all over the internet.
The shared data showed efforts by SyTech and the FSB to scrape social media platforms (including LinkedIn and Facebook), collect targeted information, and de-anonymize users of the popular privacy-focused Tor browser.
Images are courtesy of Twitter, Shutterstock.