Search This Blog

Showing posts with label Moscow. Show all posts

Moscow has completed a large-scale study on the security of 5G

The press service of the Moscow Department of Information Technologies informs that the specialists of the Scientific-Research Institute of Metallurgical Heat Engineering (VNIIMT) completed research work on the security of mobile communications of all standards, including 5G.

Scientists have determined that the levels of the electromagnetic field created by mobile communication base stations of all standards, including the fifth generation, are safe for human health. 

For a year and a half, specialists conducted street measurements of electromagnetic field levels day and night in six residential districts of the capital, where 2G-4G communication standards are presented, as well as 5G in pilot zones. Laboratory measurements were carried out in full compliance with Russian and international standards and methods.

Scientists have determined the safe level of the electromagnetic field in the prospective use of 5G standard base stations, including in millimeter frequencies such as 28 GHz and 37 GHz. In addition, the staff also analyzed the international practice of applying sanitary norms, safety standards, and recommendations.

"Like many progressive cities, Moscow strives to develop a modern communication infrastructure. At the same time, the well-being of the residents of the capital remains a priority for us. On the eve of the commercial introduction of fifth-generation networks, we wanted to get scientifically based data and be sure that 5G is safe," said Alexander Gorbatko, deputy head of the Information Technology Department. 

He added that in February 2019, the department initiated fundamental research work, which gave a final answer to the question of the security of 5G networks. 

"As for the current sanitary norm in Russia of 10 µW/cm2, which is one of the strictest in Europe: measurements and laboratory studies have shown that even with its increase, the level of the electromagnetic field will still remain at a safe level for humans," said Sergey Perov, the Doctor of Biological Sciences, head of the Laboratory of electromagnetic fields of the VNIIMT.

The results of the study were sent to the Ministry of Health of the Russian Federation and to the Federal Service for Surveillance on Consumer Rights Protection and Human Wellbeing (Rospotrebnadzor) for final decisions.

It is worth noting that in Russia, investments for the development of 5G in 2021-2027 may amount to about 1 trillion rubles ($13.6 million).

5G is the fifth generation of mobile communications, operating on the basis of telecommunications standards following the existing 4G standards. Now the fifth-generation networks are already deployed in South Korea, China, the United States, and a number of European countries.

Experts found a vulnerability in the application of the Moscow State Services

Specialists of the company Postuf reported a vulnerability in the application of the Moscow State Services, with which it was possible to gain access to the account, knowing only the user's mobile number.

This made it possible to get all the information that the user specified on the site: full name, e-mail, year of birth, medical insurance number, list of movable and immovable property, information about the foreign passport, about children, students in schools, etc. Knowing the number of the medical insurance number and the year of birth, it was possible to get access to medical information: which doctors a person visits, what prescriptions are written to him, the history of attachment to clinics, etc.

"The vulnerability made it possible not just to view, but also to change the data", said the founder of the company Postuf Bekhan Gendargenoevsky.

The expert notes that it is impossible to cause serious harm by knowing the data from the portal, but personal data can be used by hackers for phishing attacks.

"It is impossible to steal money directly [with such information], although hackers can use their knowledge in social engineering and try to steal bank card data from a person," said the computer security specialist.

He also noted that since the system has no restrictions on the number of requests for access to accounts, requesting the so-called beautiful numbers, it was possible to get information "about a number of well-known personalities who, as a rule, have such numbers."

A representative of the Moscow Department of Information Technology did not confirm the information about the vulnerability, stressing that authorization in the Moscow State Services mobile application without specifying a password is impossible.

State Services is a federal state information system. It provides individuals and legal entities with access to information about state and municipal institutions and organizations, and the services they provide in electronic form.

Facial recognition payments(Face ID) to be introduced in Moscow metro in 2021

Deputy Mayor for Transport Maxim Liksutov said that paying for public transport in Moscow using facial recognition technology (Face ID) will be available next year.

All turnstiles in the Moscow metro already have cameras that recognize faces. If a passenger has linked biometric data to their Bank card, the turnstiles will open automatically in front of them. The reading speed should be no more than a second in order to avoid crowding. The system will be able to recognize faces even in masks. Mr. Liksutov clarified that the personal data of passengers will be stored in banks. The metro will provide only infrastructure.

Banks have been actively collecting customer biometric data for several years. Thanks to this, many operations can be safely performed online. However, there are certain risks. It is unclear how this data will be protected.

In addition, there is a risk of incorrect identifications. And if the system recognizes another person instead of one person and the money is debited from the wrong passenger, it is unclear how this will be formalized legally. There is no legal basis for such a case.

Last fall, the capital of Kazakhstan, Nur-Sultan, tested a similar fare payment mechanism, but in buses. Passengers sent their photos to a special telegram bot, and then linked the image to a Bank card account. At the entrance to the bus, the passengers' faces were captured by cameras. The fare was automatically debited from Bank cards. The test showed good results, the project is going to be launched in two more cities.

Criminals sending malicious emails claiming to be from the rector of Moscow State University

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Personal data of one million Moscow car owners were put up for sale on the Internet

On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

Moscow is turning into a "digital concentration camp", say locals

The Moscow authorities refused to issue 900 thousand digital passes per day due to incorrect information submitted by the applicants. Those who try to get a pass using incorrect information will face punishment, warned the head of the Department of information technology, Eduard Lysenko.
It should be noted that walking, according to the authorities, will still be possible without a QR code from the city hall, but no further than 100 meters from the house. And the police, by the way, has already begun to issue fines to everyone who was caught further than 100 meters from the place of residence.

Experts believe that the coronavirus will pass sooner or later, but the amendment introduced on March 31 to the Moscow Code of Administrative Offenses, which allows to fine with CCTV and geolocation, will remain. This is a fundamentally new norm, which allows to fine residents of Moscow on the basis of only video recording from cameras in almost automatic mode, similar to how fines are now issued to drivers.

In fact, the city authorities began to monitor residents of Moscow a long time ago, but until now they have not dared to use this system openly.

It is worth noting that the Chairman of the Moscow City Court Olga Egorova recently misspoke: "People do not know, but the courts already have a system for recognizing citizens. When the courts heard cases on the rallies last year, six people who were wanted were detained in the courthouse. They came just to listen and support the defendants, and the police detained them."
In other words, the system of electronic tracking of people has already been established and tested.

This system is being introduced into mass use in Moscow right now. And the epidemic is a good reason for such actions.

It is worth adding that in the Russian pharmacies it is still impossible to buy masks and sanitizers, even ordinary paracetamol was not easy to find. Remedies are not enough to even for doctors.
It is interesting to note, according to Russian scientist Olga Chetverikova, the danger of digitalization is that society turns into a totalitarian sect. And the most effective way to manage people is to provoke a sense of fear. In a state of depression, despair and hopelessness, a person is ready to accept any apocalyptic scenario. For example, the "digitization of schools" is designed to create human robots that will be controlled by the world's non-digital elite.

Earlier, E Hacking News reported that on the eve of the city hall website was subject to hacker attacks.

Dozens of cyberattacks on the website of the Mayor of Moscow have been recorded since the beginning of February

Group-IB specialists recorded several DDoS attacks on Moscow electronic services, including the portal. This was announced by the CEO of the company Ilya Sachkov.

As the head of the Moscow Government’s IT department, Eduard Lysenko, reported, the site experienced as many attacks in three hours as it has not experienced in the last two quarters.
At the moment, the cyber defense company Group-IB is figuring out who needed to carry out massive attacks on government resources and is looking for perpetrators.

"The investigation has begun, our task is to understand the reasons for cyberattacks and find the perpetrators. At the moment, we can not provide details, this will interfere with the tasks of investigators", said the head of Group-IB, Ilya Sachkov.

According to him, the huge load on the website it also caused many requests for passes from citizens. In addition, the interruptions were affected by the interest of Moscow residents, as there were numerous attempts by users to go to the portal just to explore and understand how it works.

At the same time, Sachkov added, it is possible to ensure stable operation of, even despite increased loads. “The portal experiences problems that are standard when launching large-scale services of this kind. Such services are tested for fault tolerance, security, and implementation quality in order to ensure stability and continuity of service.”

Recall that from March 30, Moscow introduced a regime of complete self-isolation. Residents of Moscow are allowed to leave the apartment only as a last resort. Starting April 15, they will need to have a special pass to travel around the city by public or private transport. Such measures are designed to stop the spread of coronavirus infection.

Earlier, E Hacking News reported that hackers hacked the digital Pass System of Moscow residents.

Attackers Hacked the Digital Pass System of Moscow residents

Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.