The day before, an employee of the traffic police department of the Kamyzyaksky district of Russia, in the Astrakhan region, received the data of a local resident in the FIS “GIBDD-M” assistance system, access to which is possible only for official purposes. The police officer gave this data to his friend at his request, thus violating his right to privacy.
The Investigative Committee is investigating the criminal case against a suspect in a crime under Part 1 of Art. 286 of the Criminal Code of the Russian Federation (abuse of official powers).
Hundreds and thousands of gigabytes of various data are available on the black market, including profiles of drives. Cybercriminals can find out about the issuance of a driver’s license, the history of registration, information about fines, determining the owner of the vehicle, etc. ready to give information about
One of the most sought after services on the black market is “breaking” traffic police bases.
In addition to darknet intermediaries, it is served by a number of telegram bots, as well as “gray” detectives, the latter more often using old, fully consolidated databases”, Ashot Oganesyan, founder of the DLBI data leak intelligence and darknet monitoring service, explains to a socialbites.ca correspondent.
Determining the owner of the car, obtaining information about the issuance of a driver’s license, the history of registration, fines – the cost of service from 800 to 1500 rubles per operation. “Crossing” through the “Rubezh” system, which fixes the border of the Russian Federation anywhere, including by vehicles, will cost at least 3 thousand rubles per request.
The main suppliers of “breakthroughs” of personal data of car owners are unscrupulous employees of insurance companies (they have data on the policies of OSAGO and Casco) and inspectors with access to the FIS “GIBDD-M” system. In an interview with the socialbites.ca expert center “Autocriminalist” Maxim Shelkov.
“The number of cases of fraud with drivers’ personal data has not decreased in recent years.
Sets of personal data are available on the Darknet and on various sites: photocopies of passports, driver’s license, SNILS. Such kits, for example, are sold for relatively little money, given what problems a person can run into if this kit comes across attackers, ”says Shelkov.
How will the victim of scammers suffer?
There are many goals for such a “breakthrough” – checking a potential driver when applying for a job, learning about the life path of a car purchased on the secondary market, preparing for theft and auto fraud,
the desire to find and “deal” with a driver who is rude on the road,
says Ashot Hovhannisyan. A separate category of buyers consists of detectives who search for debtors’ property, as well as investigative journalists who try to connect with the object of interest using tools.
The expert explains that the most harmless scenario for drivers in the event of a leak is the implementation of services by various companies. For example, specialized car services may try to offer car service. On the eve of the expiration of contracts, insurers will begin to search for drivers and offer additional services, stopping customers.
Otherwise, scammers may try to get a loan, apply for a micro loan via the internet, car or insurance. The most unpleasant scenario is the registration of so-called “twins” of cars, thanks to data from the FIS “GIBDD-M” system.
“Scammers take the details of a real car and find an exact clone of such a car,
– indicates Maxim Shelkov. – They see information from TCP, owner’s name, phone number. All “couples” are created by leaking personal data.”
Leaking the data of car owners is fraught with the fact that criminals know about the assets of the victim, that is, the realization that it can be stolen from him.
Theft is trending
In conditions where the cost of spare parts is high, the risk of car theft for resale or disassembly of the spare part is greatly increased. In addition, Leonid Churikov, a leading analyst at SearchInform, thinks that the information can always be used to refresh existing databases.
“The more information an attacker has about a person, the easier it is to mount an attack using social engineering. For example,
Attract phishing sites with offers with special conditions for OSAGO”,
says the analyst.
Criminals, with information from the traffic police system, can get paid for insuring and arranging cascading accidents by stealing the same car. All subpoenas and further waivers of insurance, which increase the OSAGO coefficients, have already been “received” by the real owner, whose car was copied. As a result, the head of the Autocriminalism expert center knows that it is very difficult for the victim to prove his innocence.
“Furthermore, scammers can steal a car, kill their number and forge documents based on stolen data, and then pawn them at a car pawnshop. Then the car disappears and the conscientious car owner has to pay the pawnshop,” says Maksim Shelkov.
What to do if data comes out on the network
If the driver learns that his personal data has been placed, he can demand monetary compensation. Lawyer Leonid Olshansky, vice president of the Russian Drivers Movement, said that to do this you would have to go to court with a lawsuit against those who leaked their personal information.
The lawyer said, “If the owner of the vehicle learns that the personal data has been leaked, he should apply to the prosecutor’s office to take measures regarding the illegal transfer of the data and request that it be withdrawn.”
According to SearchInform analyst Leonid Churikov, any photo (even if a car or a document appears in the frame by mistake) should be evaluated in terms of whether it can reach the criminal.
Unfortunately, scammers can get all the information about the driver and the vehicle: passport and registration data, PTS and STS, explains Ilya Tikhonov, head of compliance and inspection of Softline UIB.
“There is no way to protect yourself from the disclosure of personal data through the Ministry of Interior.
Unfortunately, this is impossible, ”Tikhonov assured.
An ordinary citizen can only in one way influence how the state protects and stores data – in the event of a leak, do not leave this fact without the attention of Roskomnadzor and law enforcement, Churikov believes SearchInform.
The Russian Ministry of Internal Affairs could not immediately respond to socialbites.ca’s questions about how the personal data of car owners is protected in the internal affairs bodies and how to combat leaks.