Private knowledge for over 1,000,000 Russian nationals has reportedly been leaked. The information allegedly belongs to a few of the residents who
Private knowledge for over 1,000,000 Russian nationals has reportedly been leaked. The information allegedly belongs to a few of the residents who participated within the latest blockchain-based e-vote on Constitutional amendments.
The archive was reportedly accessible for everybody to obtain
In response to an investigation printed by Russian language media outlet Meduza, an archive titled “degvoter.zip”, which accommodates stated knowledge, was publicly accessible for obtain for at the very least a number of hours on July 1 by way of a authorities web site. The file has since been distributed by way of varied Telegram teams and channels.
The archive was password protected. In response to the publication, nevertheless, it could possibly be simply hacked with a free password cracking instrument.
Together with the archive, there was an unpassword protected database titled “db.sqlite”. This database allegedly contained passport numbers for over 1,000,000 voters from Moscow and Nizhniy Novgorod — two cities in Russia the place residents might forged their votes on-line. The system that allowed for on-line voting was based mostly on the Exonum blockchain platform developed by Bitfury.
Though that knowledge was encrypted with the SHA256 algorithm, the reporters had been allegedly capable of decode it “very simply” utilizing free software program. That has make them the next conclusion:
“Contemplating the poor safety and availability of the degvoter.zip archive, the Russian authorities truly put the private knowledge of all e-constituents from Moscow and Nizhny Novgorod within the public area.”
Journalists reportedly cross-referenced the leaked knowledge with the Ministry of Inner Affairs’ official service for checking the validity of passports. They discovered that over 4 thousand of passports registered for the e-vote had been invalid.
The Ministry of Digital Growth, Communications, and Mass Media has since commented on the investigation, saying that they exclude “any risk of leakage”, for the reason that passwords had been distributed by way of “safe knowledge channels” and solely to licensed personnel.
The company additionally burdened that the passport numbers had been encoded and consisted of a randomly obtained sequence of characters, or hash sums, including:
“Hash sums should not private knowledge. Publication of random units of characters can’t hurt residents,”
Not the primary failure
As beforehand reported by Cointelegraph, Russia’s blockchain e-vote system has been attracting lots of controversy. Not solely did it malfunction quickly after going dwell, it additionally allegedly allowed double voting, and had a vulnerability that reportedly made it potential to decipher votes earlier than the official rely.
E-voting occured on-line from June 25 to June 30, whereas the referendum itself ended on June 1. With all of the ballots counted, 77.9% voted for the reform bundle and 21.3% towards, based on the electoral fee.
As per the authorized Constitutional amendments, Vladimir Putin’s time period limits shall be reset in 2024, which means that he could stay president till 2036.