The cybercriminals put up for sale for $ 800 a database of 50 million lines with the data of drivers that were registered in Moscow and the Moscow region from 2006 to 2019. As a bonus to the purchase, a file with information from 2020 is offered. The database contains names, dates of birth, phone numbers, VIN-codes and numbers of cars, their brands and models, as well as the year of registration. The seller himself claims that he received information from an insider in the traffic police. But Kommersant’s sources and experts believe that the leak could have occurred at the level of regional information systems, which are integrated with the traffic police databases to issue fines for violation of parking rules.

On October 19, at one of the forums specializing in the sale of databases and the organization of information leaks, an archive of the traffic police database was put up for sale, which contains 50 million lines of records about drivers in Moscow and the Moscow region. The cost of the archive is $ 800. Kommersant contacted the seller.

According to the latter, the database contains data from 2006 to 2019; he offered a file with data for 2020 as a bonus to the purchase.

The seller gave a sample database records. It contains the following data: model and make of the car, its registration and VIN number, date of registration, engine power, name of the owner, date of birth, and phone number. The seller claims to have received information from an insider at the traffic police. “Kommersant” phoned five car owners from the sample database, they all responded by name and patronymic, one of the interlocutors confirmed that he owned the car specified in the file, but had already sold it. The rest refused to confirm the relevance of the information. The Ministry of Internal Affairs did not respond to the request.

It is not the first time that the traffic police databases have been put up for sale. In August 2020, a database of 1 million lines with personal data of metropolitan drivers appeared on the network (see Kommersant dated August 3, 2020). On specialized forums, the cost of such bases in different years varies from $ 1,000 to $ 15,000.

All data on registered cars and car owners are now stored centrally in the Federal Information System (FIS) of the State Traffic Safety Inspectorate, a source familiar with the situation explained to Kommersant. However, he clarified, before each regional traffic police department had its own database, where the data was shipped. Moscow and the Moscow region, says the source of Kommersant, until 2020 could upload data in parallel to the FIS and to their systems, then they stopped, and now the regional systems are being decommissioned.

Kommersant’s source suggests that the leak could have occurred at the regional level.

Alexei Parfentiev, head of the analytics department at SerchInform, is sure that the leak was caused by the actions of an insider. “It looks more likely also because the requirements of regulators to such structures as the traffic police, in terms of protection from external attacks, are extremely strict,” he says.

However, Andrey Arsentiev, head of analytics and special projects at InfoWatch Group, does not agree with this assessment. He believes that the base could have just been obtained as a result of external influences, for example, by exploiting a vulnerability in system software.

Judging by the composition of the data, the new database of car owners is not an unloading from the traffic police system, but rather an unloading from the databases of insurers, the founder of the DLBI data leak intelligence and darknet monitoring service Ashot Hovhannisyan believes: “This data could be stolen both directly from the insurance companies and from their contractors to whom the bases are transferred for “ringing”.

The coordinator of the Blue Bucket movement, Petr Shkumatov, says that data from the traffic police databases are of interest not only to insurers: “They can be used by fraudsters and sellers of spare parts for targeting advertising.”

But this leak clearly did not come from the traffic police databases, the expert is sure: “The current protection systems against external attacks and insider actions simply will not allow the databases to be unloaded in bulk.”

According to Petr Shkumatov, the attackers find weak points in those departments whose information systems are integrated with the traffic police databases: “These can be, for example, municipalities of various regional cities, which have recently been given the right to fine drivers for incorrect parking”. In these structures, the expert notes, the requirements for information security are often lower.

Nikita Korolev, Ivan Buranov