Topic: Russian Voters’ Data on Sale After Blockchain Poll (Read 345 times)

The technology is still in the early phase and they just hurried it up to show something new to it's voters, afterall many things are going to be same it was for some time. A government built technology is often of low cost and quality and probably didn't wen through any penetration testing. But as they learn form the mistakes and keeps patching the holes, electronic voting system based on blockchain would be a norm within two decades.

This is what always we are worrying about due to the data were stolen. It is also what makes me personally worry about sending the document for the KYC process or another thing that needs the document for proving ourselves. However, sometimes, we cannot ignore the KYC process. We know that the companies will always ensure the security systems of the data, they will be safely stored on the system, moreover blockchain technology. But,t his is not the first time that hackers can hack the system and steal the data easily. More badly is that they sell our data for untrusted and irresponsible purposes.

So, what should we do right now? As possible as we can, we may ignore or avoid submitting data for any kind of requirements. But can it be?
Or we cannot ignore it 100% but we can avoid it as maximal as possible.

Of course, the government will completely deny everything, since this is their job. No one admits that they really had a hole in the system. Perhaps this information is a throw-in, in order to distract attention and reduce the vigilance of hackers. Perhaps they have already left or security services have been following them for a long time. I wouldn't be so sure of the authenticity.

I assume it was developed hastily and maybe they haven't done or disregarded any extensive testing. I hope this incident will serve a lesson to all who wish to utilize the benefits of blockchain technology that they should make it more robust and secure as possible in order to avoid any future issues.



It would be nice if they have hired people with extensive experience in that field in the likes of VB but even so, it would still take significant amount of time to develop such project to become efficient and effective. Imho.

And this is the problem, the blockchain technology is here to make our lives easy, but if people who don't understand it at all try to use it, then it will have tons of vulnerabilities... they should hire experts to develop the voting system, and not leave it the normal programmers.

I even think this project should be done by vitalik buterin, that would be the right way.

Because it's something that the government needs to handle carefully, if this design of the
design got hacked they need to work on it and start collecting information how things take place,
they need to use the old voting system while doing it.


It takes time but you are correct there's should be no stopping now but to keeps on improving it to make it more safe from the hacks.


More on securities that's needs to focus to avoid more hacking like to happen in the future.


It will lessen the chance of being hack knowing that hackers are not stopping to find ways and also keeps on improving to continue penetrating on their target accounts.

There were many cases where people were selling fake data leaks.

There were some fake ones from bitcointalk as well and those who bought them reportedly said that it was mostly fake or scrambled.

I'm pretty sure these people are trying to find someone dumb who will pay $1.5 for a stupid string of numbers. If it even is a real number of someobody's passport it doesn't mean anything. The number by itself is useless and there are much easier ways to get it.

So the problem is the alledged stolen private data of voters?
Well, I don't think important data like that should be handled in centralized manner. I guess the large hack means they are handled in centralized manner. And there is possibility it could be used by the hacker or the buyers for future election fraud.
Everyone should control their private data like we are expected to control our private keys. The private data should be very secured and close to impossible to hack in large numbers.
So you could blame centralization for this if the news is indeed true.

If because of the incident online vote based on blockchain technology was successfully hacked and decided to return to the old ways.
So the advancement of technology will take a long time to develop, in fact we must not give up on using online voting. It is a technological
breakthrough that must be done, but many improvements must be made so that security can be improved. I am sure that if improvements
continue to be made, we will find ways to improve the security system so that online voting is not easily hacked.

There are more and more technologies to design blockchain, but since then there have been more hacks to steal data and steal money from computer networks. Those are the mistakes stemming from the design of blockchain structure. We need to make quick adjustments before the worst happens. The hack is also a lesson for authorities to reconsider the application of information technology to voting.

If I'm not mistaken, there was no direct hacking involved in that particular incident rather some crafty people were able to connect certain data to  passport numbers of registered voters because of the flaws in the design of the system itself.

It’s the people who are evil and using their powers and capacity to take advantage of what they could have and do what they can give in exchange for money. Hackers could have easily taken their time and exploit their carelessness and then the hackers are rich now.

What I’m worried about are the affected people. Is there someone here who voted as well? It’s pretty serious when this happens.

How could they let this happen? How exactly did this happen? Were they hacked?

Electronic voting is pretty risky,it doesn't matter if it's conducted in Russia or the US.
It doesn't matter if it's based on the blockchain technology or some centralized technology.
Such voting systems can get hacked and manipulated.
Unfortunately the good old paper ballots are the still the safest way to vote(if the voting administration is out of the direct control of the government so the elections are fair).

The underlying technology is strong enough to secure data, for the same it doesn't mean it can't be hacked. Already we've seen so many sources that claimed themselves to be secure and rewards for the user who hack it. Same as that of someone reveals reward, anything will be breached by the hackers around the world. So, the Russian voters data sale isn't a big thing considering so many other vulnerable hacks.

You can't persuade authorities even if you say that you are not that, why do you think we have legal proceedings. I wish what you said was true so there will be no innocent getting the clink but no, we are in a bureaucratic world where paperwork is the king. Regarding this data harvest, this is pretty scary because there are people willing to buy this data and people can't do anything about it because they do not know that they got their data harvested and even if they know it they have a lot to work up to atleast take it down.

Seriously, guys, this publication is good enough for the others who might fall victim to identity theft since they won't be confused if the authority knocks on their doors for no reason. They will just simply tell those police that it was not them who did the criminal act. They can use this article to clean their names instantly. so it was not bad news at all. I just wonder if you are get accused and thrown into prison, will you be able to save yourself with those statements in that Country?

"There's no system that is safe", blockchain or not, if there is a social engineering happening, no matter how strong the system, it can still be breached. With regard to the issue, they didn't mention how the hack happened.

If we are building the best system to secure data, I don't think blockchan will be the best fitted for it. Most of the time, blockhain is transparent, but it has a good capability for strong and reputable system not prone from modifications.

It may well be that the origin of the 1,1M passport IDs was originated in a governmental .zip file (degvoter.zip), clumsily aimed at:
See: https://meduza.io/en/feature/2020/07/09/weak-protection-and-free-access

So, after reading though the above article, it seems that they created a SQL Lite DB with information on voters to allow for off-line voting, thus creating a side database, outside the blockchain used in the voting poll themselves. Creating a seemingly safe protocol, and then carelessly dumping the information onto an external DB that you zip an distribute for manual checks, seems pretty careless and hack prone ...

Hack can happen on blockchain or non blockchain data centers. But if any government say they build up a blockchain-based and backed by governments for privacy of their citizens, forget it. They are governments and their ultimate goals are follow up their citizens and sharing data to all of their institutions from many levels. It is centralized and data is readily to be shared.

Hack is the same but what I care is the trustworthy of governments on protect privacy of their citizens.

Nothing is secure as long as the one who is entrusted with it messed up and leaked the data.  I believe this incident is an inside job or possibly the one in charge of it is slacking thinking that since they are using the blockchain tech will be fully secured and hack-proof without realizing that it is only a program that can be exploited or hacked.

This must be the first ever blockchain voting and already it has some flaws making it look like blockchain is incapable of handling such task,  when the fault must be coming from the organizers, how can that even be possible! They should have counter check all the applications involved to conduct the voting before hand,
There is always a first time, I hope next time things will turned out to be a good.

Wow, this is a big failure for Blockchain voting... I don't understand how this became possible, clearly there was some mistake in the way it was organized. It should be possible to encrypt the data about the voters, making it unhackable, isn't it? And the responsible department is denying it has anything to do with their voters, which is expected but probably not true... I still believe that blockchain voting could be organised in a way that completely protects identities, it's just that this department made some terrible mistakes and now doesn't want to admit them. But this could seriously discourage any other blockchain voting ideas out there for a while.

Of course, this is part of the 'growing pains', they tested, it failed, then back to drawing board and improved the system.


Because it's the buzz word in the last 3-5 years and everyone thought that it is the perfect solution specially for the voting process. It will really take years before we perfected this system in the electoral. And now that this news comes out, I'm sure there will be negative impact as our data are being sold in the dark market.

I guess this is just part of the evolving technology, it's pretty new still so there is a lot of loopholes that hackers can simply breach any time. So I would say give it a time to mature, as it goes, maybe those gaps in the security can be patch, no system is perfect. With that said, maybe we can see in a future a blockchain that better design because of the said attacks. Sometimes it's good to have this as it can vastly improved as time goes by.

Exactly my thought! Blockchain can exist in many form and shape. Moreover, this one was a centralized blockchain application which may or may not have the standard encryption system used by bitcoin itself. When we say blockchain, it doesn't mean it uses the highest security possible, it can just be a structure of the database programmed by any xyz programmer and maintained by a centralized authority. It certainly doesn't have a relation with bitcoin itself!

There's absolutely no need to scream that blockchain is obsolete. It has just started to take-off!

The same as what I'm thinking.

The application is great but the design might not that be good.

But do you guys believe this?

There is none I guess especially if the blockchain that we are talking about is one which is under a central controlling authority.

Rigging polls is one thing that is always a step ahead of any technology used. Here in my country, we shifted from manual polls to automated polls. It seemingly appeared as a legit progress but not really. Cheating was never erased. It remained rampant. 

Perhaps this could be the result of a poorly designed blockchain based application since they should have implemented stronger cryptographic algorithms and at the same time, there has to be some kind of abstraction to protect voters data.

Ideally strong encryption techniques should be applied to the unique voters id used in that blockchain app considering that passport numbers were used as a unique identifier. Now I assume it was developed hastily in which developers have conducted insufficient testing to further make the system robust.

And people still say that blockchain is good because it's more secure than "legacy" systems. Blockchain is just a programming pattern, and programmers who implement it can absolutely screw it all up like it happened many times. Even Bitcoin had some pretty big bugs, but luckily not anymore. In fact, blockchains can in general be less secure, speaking of centralized blockchains, because this field is still new, while classic data systems have decades of experience and best practices.

very worrying about what if the personal data can be traded because it is clear the impact that will occur with the misuse of personal data can be very dangerous. It must be admitted that hackers now really enjoy it by hacking all social media services that are considered quite popular because there are many participants registered there.

if as the colleague above reported, it would be very scary that the data belonging to government institutions were actually hacked and traded.
usually personal data registered with a government institution will be more accurate. of course news like this is clearly very troubling for people whose data might be traded. but usually government institutions will be more alert to resolve if there is indeed a leak. because they have a working device that is qualified to be able to finish well.

usually the most hacked is personal data on social media applications that are well-known and in great demand by many people, because the data stored is more numerous and diverse.
as I have heard and read not long ago is the zoom application, which is traded on dark sites.
even in my country recently hacking on online shopping sites also took place. where clearly the data taken is an email address, cellphone number, home address, and bank account number.

hackers have led the level of worry about football lunge at this time and has become a separate field of work. it is a pity that the intelligence that is only to do things that are not commendable, but everything returns to the person himself. that doing such a thing cannot be used as a role model and makes many people feel afraid to give their personal data to other parties.

I'm honestly pretty skeptical when it comes to my state using blockchain tech for the "better". I find myself rather being stuck in the system we are currently living in than having to live in a fully electronic system backed on the Blockchain. From a decentralized currency such as BTC to a system where everything is recorded and traced by central parties is a very big negative leap.

For this reason, I'd rather stick to the normal polls - although I certainly do know they could be rigged. Politics are mostly mind games where you always have to choose the "worst side" every 4 years anyway. Is there any real advantage in swapping from the current system to a blockchain-backed/based one?

Hackers are reportedly selling the personal data of over a million Russians who voted electronically, using blockchain technology, during the recent constitutional amendment process.

Over 1.1 million data points were stolen and put on sale for $1.50 each on the online forums, the Russian newspaper Kommersant wrote. The data, consisting exclusively of passport numbers, has little value on its own, the anonymous sellers admitted to Kommersant. But such data can be used for phishing attacks when combined with information from other leaked databases.

Moscow’s Department of Information Technologies, which is responsible for the design of the voting system, denied the report in an email to CoinDesk.

“The department is regularly monitoring the internet for publications of such data, including the darknet. The database mentioned in the publication has nothing to do with the list of voters who registered to vote online,” the department’s press office wrote, adding that the information on the Moscow city hall’s servers was properly protected and “there had been no leaks since the beginning of 2020.”

---

Remarkable is the fact that the database was available for purchase in early July, but the Moscow government denied this. However, as a result, the database appeared in the public domain.

https://www.coindesk.com/russian-voters-data-on-sale-after-blockchain-vote-to-keep-putin-in-power-report