Pablo Sigal
08/07/2020 - 13:44
- Clarín.com
- Society
A database of more than 115,000 Argentine essential workers who requested circulation permits to be able to transit during the coronavirus quarantine was exposed on the web without a password or any other authentication to access it. The data included names, ID numbers, tax identification numbers, and other information about the applicants. The security hole was detected by the Comparitech company, which alerted the Argentine government.
The data belongs to the government of San Juan, according to the province itself . The cybersecurity company discovered the unprotected database on July 25 and immediately alerted the government. As reported, the data was exposed for at least two weeks , from July 12 to 29 , when the base was removed from the web after the Argentine National Cybersecurity Directorate recognized the incident and notified the San Juan authorities.
According to the company that investigates these types of incidents, the base had already been infiltrated by a "bot" , an automated robot responsible for destroying hundreds of exposed databases in recent weeks. In this case, however, the bot left the data intact . There were records of 115,281 people, each of which included part or all of the following information: full name, DNI number, CUIL number, gender, date of birth, photo, telephone number and email address.
Of the total, 33,790 of the records contained a phone number . The company verified that it was able to use the ID, gender, and phone number to email copies of applicants' circulation permits using the San Juan government's online application status checker. “Any email address works; it does not have to match what is in the database, "the experts explained.
The permits also included information about the employer, its location, telephone number and the validation code of the document. They determined that the data belonged to the San Juan Ministry of Health based on a cookie issued on the same IP address in the database. The cookie had the label "certificates_covid_19_ministerio_de_salud_publica".
According to the cybersecurity company, the information contained in this database appears suitable for “identity theft and tax fraud . CUIL and DNI numbers in particular could be valuable to cybercriminals, ”they said. And they said they succeeded in showing that the vehicle registration application system is vulnerable to abuse. "Criminals can obtain permits in someone else's name and use them to circumvent quarantine restrictions," they said.
"Applicants should also be on the lookout for phishing attempts and scams," they said from the company, adding: "Criminals could use the information in the database to craft compelling messages that trick victims into clicking on links from phishing and release even more sensitive personal or financial information. ”
Comparitech researchers, they said, routinely scan the web for insecure databases of personal information. Upon discovering a vulnerable database, they begin an investigation to determine who owns it, who might be affected, and what the potential consequences would be if a malicious attacker obtained the data.
“Once we determine who is responsible for the data, we send an alert so that it can be protected. After that, we published a report like this to raise awareness and limit the harm to end users, ”they said.
Sources from the province governed by Sergio Uñac told Clarín that “the Cybersecurity Directorate received on July 29 and from the national body that coordinates the response to cybersecurity incidents, an alert about a vulnerability of a search tool specific, ELK. This vulnerability affected some 4,000 databases in the world , including one of ours that uses this product as a search engine ”.
The authorities added that “ the same day the alert was received, the problem was identified, isolated and corrected. Work continues on the incorporation of additional security measures for all systems, including the reported Movement Permits. ” However, from Comparitech they said that they had given a first alert on July 25 to the Ministry of Health and that they had received no response.
$
