A file with 116,459 photographs of Argentine citizens It was pulled from the National Register of Persons (Renaper) and posted for free download last Monday on a personal data trading forum and messaging app Telegram.
Personal data is traded to commit various types of cyber crimes, including identity fraud, which can be used to gain unauthorized access or perform social engineering operations. Photos are coveted for some fintech applications that validate identity 100% digitally.
In 2021, Renaper made headlines when a user gained access and leaked the data of 60,000 Argentines as proof that he claimed he had records of all the inhabitants in his possession.
Clarion The Home Office, the body under which Renaper is located, was contacted and confirmed it was aware of the situation. According to agency sources, “it corresponds to the 2022 Ministry of Health incident, and the data was extracted with keys enabled by users” of that wallet.
When obtaining or renewing a passport and identity card, a photo is taken which remains in the database: those images were disclosed by the attacker. Photo Gustavo Castaing “They were authorized users who obtained information to sell it, now the system has been changed,” they said. In 2022, the Ministry of Health had unauthorized access to the Single Registry of Hearings (RUA), which depends on the Ministry of the Interior. However, Renaper had nothing to do with that incident, that’s why The official explanation is unclear.
As confirmed by this medium, the information uploaded on Monday with images It is compressed in a .rar file and it is a folder that contains files each identified with the document or passport number to which the photo corresponds. There are identifications ranging from 10 to 57 million, with which, there are images of minors.
“This is a batch of 116,459 official photographs taken by Renaper. It weighs 2.2 GB and is available on the attacker’s Telegram channel and on a forum. Each photo has as its name the DNI or passport number to which it belongs, so it is simple to match a face to a name”, explained Mauro Eldritch, director of Birmingham Cyber Arms, a company that reports medium data leaks.
The researcher instead assures that “the fate has been ‘reversed’ [extraído] from May 2023 to today. Additionally, none of the files have the Renaper watermark, which allows them to be reused on other platforms,” he adds.
Renaper’s background and citizen data
Procedure for obtaining a passport. Photo: Renaper.This is not the first time the Renaper has suffered unauthorized access. In October 2021 a user published the personal data of Argentine citizens, which included documents with photos and processing numbers and loaded 60,000 entries into a 2.7GB file. Back then the information completely matched the documents in their digital version, unlike the dossier leaked this week, which only contains photos taken at the time the document was issued.
At the time, the attacker had made a lot of noise by uploading documents of celebrities such as Alberto Fernández, Marcelo Tinelli, Lionel Messi, Máximo and Florencia Kirchner, among others. This new case went unnoticed: the threat actor only published the file to download, without making any noise in the media.
Cyber incidents are a global problem. At a local level, at the end of last year, the Specialized Cybercrime Unit of the Prosecutor’s Office reported an increase in cases, with 35,447 complaints, 353 preliminary investigations and 854 interventions at the Prosecutor’s Office.
In the event of this type of leak, the State should notify the Agency for Access to Public Information (AAIP). In fact, at the end of 2022, Congress approved an agreement called 108 which, although it requires specifications from other countries to come into force, also urges organizations to make these incidents public.
“Since 1999, there has been a CERT, or incident response team, in Argentina and recommends that national public administration bodies report their incidents. Unfortunately, there has never been a communication campaign or sanction for non-compliance, not even after Administrative Decision 641 of 2021 which made this requirement mandatory,” explained Marcela Pallero, STIC program manager of the Sadosky Foundation.
“More recently, to describe the cybersecurity incident management process and encourage others to establish their own, another standard was published that, for practical purposes, it was not effective in front of society what efforts or activities are carried out by the public sector to protect our personal data,” he continued.
“It would be interesting to see collaboration between cybersecurity authorities and data protection authorities as happens in other countries in the region,” he added. Chile approved, at the end of last year, the first cybersecurity law from Latin America, for example.
Once personal information is disclosed by documents it is very difficult to go back. Photo RenaperRegarding the Argentine context, unauthorized access, hacking and ransomware (theft of data with subsequent extortion to return it) are becoming increasingly frequent. In the middle of last year, one of the most sensational hacks was the one against the National Securities Commission, the body that regulates the markets at a local level, which suffered a cyber attack by the Medusa group.
In August, the Ryshida Group hacked PAMI, an issue that made headlines in media across the region and, together with the cyberattack suffered by UBA late last year, was the loudest topic of conversation in the world of local IT security.
One of the most memorable cyber attacks against the state was the one suffered by the Senate in early 2022.
Government protection of personal data continues to be a difficult problem to solve.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.