Hackers admire Voskhod – Newspaper Kommersant No. 39 (7484) dated 03/07/2023

Malefactors attacked the IT-contractor of Mintsifra and other state structures of scientific research institute Voskhod. The result, according to cybersecurity experts, could be a data leak from the federal ePassport issuance system. However, the Ministry of Digital Development denies this, while at the same time confirming that the audit revealed “anomalous activity in the internal network of the enterprise.” The cause of the incident was the intervention of an insider, experts believe.

A cyber incident occurred in the Mintsifra’s jurisdiction, the Research Institute Voskhod, which could lead to the leakage of personal data processed in the state system of new generation passport and visa documents (PVDNP). This was reported by a number of news agencies and Telegram channel “Earlier then others. Almost”. The latter, referring to his sources, indicates that a former employee of the research institute was involved in the incident and that he had at his disposal the biometric data of citizens. The attack on the Kommersant Institute was confirmed by two interlocutors in the information security market.

The Ministry of Digital Development does not confirm the leak of data from the Voskhod Research Institute, but does not deny the very fact of the incident: “We are conducting an internal check on this matter together with the FSB. No data has been posted online. Abnormal activity was recorded, including in the internal network of the enterprise, the ministry specified, but “the data is stored in encrypted form, the key is stored in Goznak, which in any case will not allow illegal access to biometric data.”

PVDP is a project to create a new generation of passport and visa documents (electronic passport), which was launched in 2004, the customer is the Ministry of Digital Development. According to the project website, the system should simplify the issuance of documents. New biometric passports and a unified database appeared in 2016. In 2017, the data center was transferred to free software (software) and equipment of domestic companies. The research institute did not respond to Kommersant’s request.

The representative of Informzaschita admits that a former employee of the enterprise was involved in the incident. In his opinion, he could have launched malware after his dismissal, especially since the systems run on open source software: “The malware allowed an attacker to take over the controller’s domain, which makes it possible to authenticate on a remote server and hack the database stored on it.”

Back in mid-2022, cybersecurity experts noted an increase in the number of incidents related to insider fraud, that is, unscrupulous employees of organizations. At that time, 87% of the surveyed 120 companies in 11 industries suffered material damage from their actions (see “Kommersant” dated July 15).

The head of Smart Engines (a developer of document recognition systems) Vladimir Arlazarov believes that if a leak is discovered, its consequences will be significant. In his opinion, system participants should strengthen security measures, but even taking into account this measure, “remote identification in online banks and other services may be in question.” Other experts are more optimistic: although the cybersecurity incident at the Voskhod Research Institute did indeed occur and the internal data of the PVDP system could be in the hands of attackers, biometrics are not stored in the form of a table, as stolen databases are usually presented on the network, explains the creator of the Telegram bot ” God’s eye” Evgeny Antipov: “Such data looks like long codes, which in themselves do not pose a particular value and threat to users.”

Tatyana Isakova