Possible leakage of data from "Diya": MP proposes to invite Minister Fedorov to a meeting of the relevant committee of the Rada

Possible leakage of data from "Diya": MP proposes to invite Minister Fedorov to a meeting of the relevant committee of the Rada

Kyiv  •  UNN

 • 20752 views

MP Volodymyr Ariev proposed inviting Minister Mykhailo Fedorov to a committee meeting to investigate the alleged data leak of 13 million Ukrainians after a Russian hacker was suspected of attacking government websites before Russia's invasion.

MP Volodymyr Aryev, a member of the Verkhovna Rada Committee on Digital Transformation, proposed to invite Minister Mykhailo Fedorov to a meeting of the committee. As the MP told Radio Liberty, he submitted the proposal to invite the minister to the chairman of the committee, UNN reports.

According to media reports, this proposal arose in connection with the US Federal Bureau of Investigation's announcement that a Russian suspected of hacking into Ukrainian government websites on the eve of Russia's full-scale invasion of Ukraine was wanted.

I suggested that at least the Minister of Digital Transformation should come to the next meeting of the committee, but I don't know whether we will be able to see him or not. In general, government officials have made it a fashion not to come to parliamentarians and treat it as a waste of time, which basically undermines the very essence of parliamentary control, which is enshrined in the Constitution. I offered to send an invitation to the chairman of the committee, but I have no information whether he sent such an invitation 

- The MP stated.

The day before, it became known that Amin Stigal, a 22-year-old Russian native of the Chechen Republic, may have been involved in the attack on Ukrainian government websites on the night of January 13-14, 2022. The attacks hit at least two dozen protected computers, including those in the Ministry of Foreign Affairs, the State Treasury, the Ministry of Energy, and the State Emergency Service. And the data of 13 and a half million Ukrainians were allegedly posted for sale on the Internet after the alleged hacking of the Diia portal.

According to Volodymyr Ariev, a serious investigation is now needed into the source of the leaked Ukrainian data.

But when you read information in serious publications, in particular in USA Today, that data was leaked. But where was it merged from? And if you simply answer that it was probably merged from old registers or taken from who knows where, this is not an answer. We need a serious internal investigation to establish all the channels of data merging: whether it was Diya, whether it was a bypass, or whether it was a complex work of hackers wanted by the United States. And $10 million is a pretty big reward for finding a suspect in a cybercrime 

- said the MP.

Aryev believes that "the state has not conducted any serious investigations, and in general, investigations of cybercrime are at a rather low level.

This applies to many aspects, ranging from bank fraud to illegal intrusions into the system. So far, there hasn't been a serious investigation into any of this, and it's clear that there is no trust. All we have today are replies from the Ministry of Digital Transformation and a very strong reluctance to come and explain anything in detail and in substance 

- The MP said.

Add

The Ministry of Digital Transformation told Radio Liberty that since February 24, 2022, Russia has carried out more than 6,000 cyberattacks on Ukraine, most of which have targeted government agencies, the security and defense sector, the commercial sector, transportation, telecommunications, IT, financial and energy sectors. First Deputy Minister of Digital Transformation Oleksiy Vyskub told the media that a massive leak of Ukrainian data is impossible, and that the alleged 13 million data is a compilation of various databases that were merged much earlier from private companies.

"First, Diia is built on the principle of data in transit. This means that Diia does not accumulate personal data, but only displays user data from the relevant registers, which makes it impossible to have a massive data leak as such. Secondly, we are constantly working on the security of the application by conducting various audits and bug bounties. These audits and contests have not revealed any critical vulnerabilities in the system," said Oleksiy Vyskub.

Recall

On the morning of January 14, 2022, it became known about a cyberattack on government websites in Ukraine. Later, information began to spread about a possible data leak from the Diia portal. The cyber police then stated that this information was untrue and "is nothing more than an element of hybrid warfare and an attempt to destabilize the situation in the country.

At the time, the State Service for Special Communications reported that the use of the WhisperGate ransomware, classified by Microsoft as a data destruction program, was recorded in several institutions that fell victim to the attack.