In Moscow, employees of the tax authorities were arrested for selling personal data of Russians, including employees of law enforcement agencies, to private detectives. According to the FSB of Russia, they sold the stolen information to foreigners.
Data leaks and the human factor
The Federal Security Service (FSB) of Russia, with the participation of the Investigative Committee (IC) of Russia, and the State Security Committee of Belarus, with the support of employees of the Russian National Guard, detained a group of employees of the Russian tax authorities and their intermediaries from a private detective agency accused of stealing and subsequently reselling personal data of Russians to foreigners .
As reported in official statements on the websites of the Investigative Committee of Russia and the FSB of Russia, the investigating authorities of the Main Investigation Department (GSU) of the Investigative Committee of Russia for the city of Moscow initiated a criminal case on the grounds of crimes under paragraph “a” part 5 of Art. 290 of the Criminal Code of the Russian Federation (taking a bribe by a group of persons) and Part 2 of Art. 291.1 (mediation in bribery).
According to the FSB, the attackers stole the data of more than 30 people, including the military and security forces. In the message of the Investigative Committee, it is specified that two defendants in the case were taken into custody, and a measure of restraint in the form of house arrest was chosen for two more accomplices.
Geography and scope of the crime
According to the investigation, as part of the investigation of the criminal case, episodes that occurred in 2019 and 2020 are being studied. According to investigators, during this period, three employees of the Russian tax authorities, who had access to state information systems, by prior criminal conspiracy, were engaged in the theft of information “on the sources of income of individuals, accounts opened with credit institutions, addresses of registration and property, as well as other information constituting a legally protected secret.
Further, the stolen information was sold through intermediaries to representatives of a private detective agency. After some time, one of the tax officials involved in this case resigned from his position. The names of the members of the criminal group, including the detained employees of the tax authorities, as well as employees of the detective agency and their intermediaries, are not disclosed in the interests of the investigation.
As noted in the statement of the Investigative Committee of Russia, investigative actions within the framework of the investigation of the criminal case were carried out not only in Moscow, but also in the Orenburg, Yaroslavl and Pskov regions. With the forceful support of the Russian Guard, a number of searches were carried out at the suspects, including at their place of residence and workplaces.
As a result of the investigative actions, the security forces managed to detect and seize a number of mobile devices, computers, laptops, as well as documentation “and other items of interest to the investigation.”
As noted in the statement of the FSB of Russia, the illegal collection of information protected by law was carried out “in the interests of third parties, including foreign citizens.” In general, the criminal group managed to steal the personal data of more than 30 Russian citizens, including “military personnel, law enforcement and law enforcement officials.”
Personal data theft
Corruption abuses of state officials at their workplace is not the only channel for the leakage of personal data. Phishing remains a rather serious problem in this area – when attackers use fraudulent sites disguised as copies of official portals of government organizations, marketplaces and social networks to lure critical information from visitors.
CNews Analytics: Atlas of the Russian Internet of Things Market
Internet of Things
At the beginning of June 2022, CNews reported that the Russian Ministry of Digital Development had launched an anti-phishing system to automatically detect phishing resources. The system, for the development of which about 240 million rubles were spent from the state budget, managed to block about 9 thousand fraudulent portals already in test mode.
The full launch of the system developed by Rubitekh is scheduled for the summer of 2022. A new information system capable of detecting phishing sites for stealing visitors’ personal data was created as part of the federal project “Information Security” of the national program “Digital Economy”.
In April 2022 CNews editionabout the largest theft of cryptocurrency in history, which occurred as a result of an attack on the decentralized financial blockchain system of Ronin Networks, the operating company of the popular game Axie Infinity – Sky Mavis.
The attackers took advantage of several weaknesses in the system architecture to steal about $620 million, including 173,600 units of Ethereum (ETH) cryptocurrency and 25.5 million USDC cryptocurrencies. The March 23, 2022, attack targeted directly the “bridge” of the Ronin blockchain system, an intermediate link between Axie Infinity and other cryptocurrency blockchains such as Ethereum.