Russia: Personal Information Leaked, Who's To Blame?

On October 3, 2011, several Russian citizens’ documents, including financial statements and passport numbers, were posted on the website rusleaks.com [ru].

Soon after the flood of documents was noticed, the Russian Prosecutor General and the Agency for the Supervision of Information Technologies (which goes by the abbreviated name Roskomnadzor) announced it was investigating how the personal data was leaked to the so-called “anti-corruption” site Rusleaks. Several Rusleaks domain names are currently inaccessible.

Leaked personal information

Russian news site Vedomosti writes that two of its staff found personal information in the leak [ru]:

Корреспондент «Ведомостей» нашел в базах Rusleaks данные своего старого паспорта и помесячные данные о зарплате за вторую половину 1990-х гг., а его коллега — номера двух старых паспортов и некоторые данные, удаленные из «В контакте».

Drop. Picture by Flickr-user kaffeetrauma

Drop. Picture by Flickr-user kaffeetrauma

A Vedomosti correspondent found in Rusleaks documents information about his old passport and monthly statements about his wages for the second half of the 1990s, and his colleague found two old passport numbers and some information that had been deleted from VKontakte [social network].

The Russian government has stated that the posting of such information violates online privacy laws. The Prosecutor's office has filed a lawsuit to the Moscow city court regarding the case (if won by the prosecutor, the website will be blocked for Russia-based users) and has demanded [ru] that Internet.BS Corp (registrar through which the rusleaks.com domain was delegated) stops its registration.

In only two known prior cases has the Russian government decided to use domain hijacking: for sites sochi.ru and torrents.ru, the largest Russian torrent portal, which was blocked in 2010 for violating article 146 of the Russian criminal code.

The agency also noted that some of the personal data, which spans the years 1999 to 2007 may have been forged [ru].

Who's to blame?

Well-known Russian blogger Anton Nosik, whose Citibank account information from 2003 was leaked, posted [ru] a screenshot of the pilfered information on his blog. Nosik intimated that the information must have been passed through various levels of the Russian government and ended up in the public domain.

Круг чиновников и силовиков, с которыми коммерческий банк в России обязан делиться всеми данными своих клиентов, невозможно установить. Зато теперь понятнее становится характер информации, сливаемой банками государству, и способ её хранения.

It is not possible to trace the circle of bureaucrats and law enforcers, with whom a commercial bank in Russian is required to share all their clients’ information. And so now it’s become more clear what information is being sent by banks to the government and how that information is being stored.

A poll [ru] posted by the site Habrakhabr shows that 67.55 percent of those polled agree that:

Опубликование подобных данных, скорее зло чем польза, даже в России

The publication of such information is more evil than helpful, even in Russia.

Many commenters distinguished between Rusleaks and whoever gave the information to Rusleaks. User CLR noted [ru] that the information “wasn't stolen but was bought off people who have access to it,” and stressed that it was necessary to punish those people and not simply the site that posted the information.

User Himari noted [ru]:

Проблема не в том, что существуют такие сайты, а в том что эти данные утекают. Вы как наше правительство, боритесь с последствиями, а не причинами. Тем более раз утекло, то уже всё — оно будет переодически всплывать.

The problem is not that such sites exist, but in the fact that information is being leaked. You, like our government, fight against the consequences and not the root of the problem. And what's more, once it's leaked out, that's it – it will periodically reappear.

5 comments

Join the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.