Home Legislation in IT Protection without protection

Protection without protection

by admin

Protection without protection

What is a human being? From the legal point of view, a person is a legal entity with identifying characteristics: sex, date and place of birth, passport number, place of registration. It is all personal data and it has a certain value for vendors (since the person is still of value as a subject of consumption), creditors (in order to find your assets), and fraudsters (in order to make money at your expense). Accordingly, the State is trying to protect our personal data (PD) from unlawful use. Administrative fines from July 1, 2017 have increased significantly. So, officials can be fined from 3, 000 to 20, 000 rubles, individual entrepreneurs – from 5, 000 to 20, 000 rubles, organizations – from 15, 000 to 75, 000 rubles.
There is also criminal liability :

  • for illegal collection or dissemination of information about a person’s private life, which constitutes his personal and family secrets, without his consent (Part 1, Article 137 of the Criminal Code) – from fines of up to 200, 000 rubles. Up to imprisonment for the term from two to four years.
  • Illegal access to computer information, resulting in the destruction, blocking, modification (change) or copying of information (part 1 of article 272 of the Criminal Code);

The above acts are punishable by fines of up to 200, 000 rubles or imprisonment of two to four years. Of course, protection includes not only the adoption of certain legal norms stipulating responsibility. The important factor is how the state actually applies these norms. An indicator of how serious the state protection is is the cost of the services involved in overcoming a particular legislative barrier. If they ask a lot, it means that the barrier is serious and the cost of overcoming it is high. Few ask, so the state itself is not particularly concerned about compliance with these laws.
So how effective is the protection of our personal data? Judge for yourself. At the end of last year, DeviceLock (one of the leading manufacturers of DLP-systems in Russia), conducted a study of the Russian black market of personal data and related criminal services. The research collected and analyzed offers posted on Darknet resources ("shadow Internet" accessible through the TOR browser).

Key Findings :

  • the cost of personal data without document scans has changed little compared to early 2018, the cost of document scans has decreased, on average, by 25%, and the cost of the "puncture" service (not legally providing personal data), on the contrary, has increased in different segments from 25% to 400%.
  • databases of personal data in EXCEL format by region, containing full name, sex, phone, full passport data, SNILS, address of registration and residence for 2017-2018 are sold at 20-25 kopecks per record. Compared with the beginning of 2018, prices have not changed. Passport scans with a photo of the passport holder with a passport are offered at a price of 150 rubles per set, and a set consisting of scans of a passport, SNILS, license and TIN – "push" price from 300 rubles. What is noteworthy, it is in this area prices have decreased markedly, by about 25%, and the number of proposals increased markedly(all according to market laws).

Services "punch in" data on the person at cellular operators increased, not less than 25%. Details of calls and SMS of the subscriber for a month are offered at a price of 2, 000 rubles to 20, 000 rubles. The increase in prices is approximately 50%. In this area there is the widest choice of both the data themselves and their sellers: everything from all kinds of statements to the permanent tracking of the subscriber’s whereabouts is offered.

Services to "punch in" bank information, also increased significantly in price (not less than 50% for the year). The availability of "services" strongly depends on the region of the Russian Federation. Get a bank account statement (from the top 10) offer from 8, 000 rubles per month / 10, 000 rubles for six months. In this area there are many intermediaries, offering an initial price of 4 times higher than the real one. Moreover, the cost of these "services", a list of banks where it can be done very quickly changing. Apparently there is a human factor.

DeviceLock draws the following conclusions based on its research :

  • The value of PDs without scans of documents is quite low, due to the fact that such PDs are usually used for spam or telephone fraud, which in principle does not bring serious income. Document scans are used for online loans, fictitious transactions and therefore are in high demand for fraudsters.
  • Microfinance institutions (MFIs) are one of the big channels for leaking document scans. The share of leaks from MFIs is constantly increasing. For example, in the last quarter the share of MFIs increased from 3% to 5% of the total number of data leaks.
  • Not only have there not been fewer DD offers on the black market, but their number has visibly increased. The prices of almost all types of AP have increased. Especially the prices for "punching" in the banks increased markedly.

I think the state has some work to do.

You may also like