Cyberattack on Migrations: the Government presented a precautionary measure to stop the dissemination of the files in search engines

John brodersen

Pablo Javier Blanco

09/12/2020 - 10:02

• Clarín.com

• Technology

After more than 2,000 people downloaded the stolen information from the National Migration Directorate (DNM), the agency dependent on the Ministry of the Interior formalized a request before the Justice to stop the spread of search engines such as Google and contain access to 2,200 Documents hosted on a service called

of Ukrainian origin.

The link first circulated on the

, but it leads to a link that can be accessed from any browser.

And that is the URL that Migrations asked to be restricted, according to

.

Government sources confirmed to this newspaper that, after the release of the stolen data, a precautionary measure was presented to the Guillermo Marijuan prosecutor's office, who instructs in the case at the request of Judge Sebastián Casanello.

Its intention is that the search results that show the link as results can be blocked so that anyone can download the files hijacked on August 27, through a coordinated attack by a group of cybercriminals that operates with Netwalker, the

that they injected Migrations.

It happens that there are already about 2 thousand people already have that stolen information in their possession.

For this reason, and although the Government insists that it is "

", there is concern about the spread of these files.

"We request that search results be blocked, we want to prevent download links from spreading," official sources explained.

Reports leaked by cybercriminals.

Screenshot

There are two strategies to stop the spread: either target the search engines, as the Government does, or the service where the information is hosted ─DropMeFiles─.

The problem with this last way of proceeding is that this Ukrainian page is not one of the best known, so it is not clear if an official request would take effect. 

However, the request for the files to disappear directly from the web can be made: "DropMeFiles is a Ukrainian company, the Argentine government should send a complaint to the administrator of the site to request that they download it," explained information security specialist Javier Smaldone.

Moreover, the terms of use of the Ukrainian platform - whose

, in a city located in the southeast of the country on the banks of the Dniépersu river - are clear: they affirm that it

However, there is the key: so far it is unknown from which jurisdiction the stolen documents were uploaded.

In any case, DropMeFiles marks that each person or entity affected can send

arguing their reasons for removing the content.

The folder that cybercriminals showed to ask for ransom was only 5% of what was stolen.

Beyond the information that is already circulating, there is a latent concern: "Deciphering exactly what happened and how much information was stolen is very difficult: it requires forensic expertise that can take weeks," he specified to Brett Callow, analyst and computer security expert at Emsisoft .

And he said that in many cases cybercriminals publish part of the stolen data, and another save it for future operations or "freelance" the information (sell it to an interested party).

The stolen information "is not critical", they insist

Among the leaked data is information on migratory movements.

Photo AA2000

"It 's

sensitive information, but not critical to national security ,

" he added (and insisted) the Government, since

revealed last Friday that a group of cybercriminals spoke of a

Now, after the leak, they ratify their words.

“It is administrative information, they

;

only to files related to administrative tasks in management areas: notes, documents, legal documents, reports on criminal records ”, they explained in the DNM, where an evaluation of all the violated information was made and it was decided to present a precautionary measure to prevent it from being replicate the download link.

"Without minimizing the attack, we can say that

" they said from the Government and added that they work to reinforce the security of the Migration databases, as well as that of the rest of the system.

On Thursday, at 9:12 a.m., Netwalker released the almost 3 gigs of information stolen after more than two weeks in which he claimed a millionaire reward in dollars.

Although at first the sidereal figure of 76 million dollars circulated, a ridiculous number if compared with the 25 million dollars that the international group collected in dozens of attacks so far this year, then it became known that the claim real was $ 2 million.

"

", was the message that was left after the hack to the public body, according to the criminal complaint of the National Government . 

Once the payment is made, the attackers send files with instructions to recover information.

Argentina did not negotiate or pay.

Photo: McAffee

Faced with the refusal to pay (the Government considered what happened as extortion and thus criminally denounced it), the cybercriminals doubled the request for a reward, which went from 2 to 4 million dollars: close to

Since the

was made public, the DNM and the Ministry of the Interior monitor everything that is published about it 24 hours a day, not only the news on the subject but also the possible dissemination of the link to DropMeFiles, a platform that will retain the files until next September 26.

"This is always a nuisance, but we can say that we have a small satisfaction that the database was not attacked," they explained.

What was published?

Among the 2,220 files, unlike other famous leaks, there are no major state secrets kept under lock and key, as happened with WikiLeaks and the State Department cables.

But there are thousands of documents and forms with private data of citizens from all over the world who entered and left the Argentine Republic.

Theft of data from the National Directorate of Migration.

Screenshot

Without going any further, there are more than 25 thousand names, documents of Argentines, addresses and emails of Argentines repatriated from different parts of the world in the midst of the coronavirus pandemic between April and mid-May.

There is also data on asylum programs for Syrian refugees, Cuban asylees, and also criminal information on foreign criminals operating in Argentina.

Do not negotiate with cybercriminals: the government's position

Migrations was attacked on August 27 and had to disconnect the system and close the border for almost 4 hours.

“In general,

.

Because paying an exacerbation of this type of crime is generated.

If it is paid, it is amplified.

If they already have access, if you pay them, what prevents them from doing it again? ”Federico Kirschbaum, an IT security expert, explained this Friday in a radio column on Radio Andina.

It is not the case of all the institutions that are attacked: many give in and pay.

As the University of California did in June of this year, when they had to pay out $ 1.14 million after intense negotiation.

But the Argentine Government was always clear that it was not going to pay, since that August 27, when the incident that led to this immense theft of data was unleashed and then the complaint was filed with the Specialized Prosecutor's Office in Cybercrime, in charge of Horacio Azzolin .

“These cases are going to be more and more common.

We need more people who know about computer security to teach the State, companies and NGOs to defend themselves ”, warned the computer expert.

PJB