Private information for over 1,000,000 Russian nationals has reportedly been leaked. The information allegedly belongs to a number of the residents who participated within the latest blockchain-based e-vote on Constitutional amendments.
The archive was reportedly accessible for everybody to obtain
In keeping with an investigation printed by Russian language media outlet Meduza, an archive titled “degvoter.zip”, which comprises mentioned information, was publicly accessible for obtain for no less than a number of hours on July 1 through a authorities web site. The file has since been distributed by means of numerous Telegram teams and channels.
The archive was password protected. In keeping with the publication, nonetheless, it might be simply hacked with a free password cracking instrument.
Together with the archive, there was an unpassword protected database titled “db.sqlite”. This database allegedly contained passport numbers for over 1,000,000 voters from Moscow and Nizhniy Novgorod — two cities in Russia the place residents may solid their votes on-line. The system that allowed for on-line voting was primarily based on the Exonum blockchain platform developed by Bitfury.
Though that information was encrypted with the SHA256 algorithm, the reporters have been allegedly capable of decode it “very simply” utilizing free software program. That has cause them to the next conclusion:
“Contemplating the poor safety and availability of the degvoter.zip archive, the Russian authorities truly put the private information of all e-constituents from Moscow and Nizhny Novgorod within the public area.”
Journalists reportedly cross-referenced the leaked information with the Ministry of Inner Affairs’ official service for checking the validity of passports. They discovered that over 4 thousand of passports registered for the e-vote have been invalid.
The Ministry of Digital Growth, Communications, and Mass Media has since commented on the investigation, saying that they exclude “any risk of leakage”, because the passwords have been distributed by means of “safe information channels” and solely to approved personnel.
The company additionally confused that the passport numbers have been encoded and consisted of a randomly obtained sequence of characters, or hash sums, including:
“Hash sums usually are not private information. Publication of random units of characters can’t hurt residents,”
Not the primary failure
As beforehand reported by Cointelegraph, Russia’s blockchain e-vote system has been attracting loads of controversy. Not solely did it malfunction soon after going live, it additionally allegedly allowed double voting, and had a vulnerability that reportedly made it doable to decipher votes earlier than the official rely.
E-voting occured on-line from June 25 to June 30, whereas the referendum itself ended on June 1. With all of the ballots counted, 77.9% voted for the reform package deal and 21.3% in opposition to, in line with the electoral fee.
As per the authorised Constitutional amendments, Vladimir Putin’s time period limits will probably be reset in 2024, which means that he might stay president till 2036.