It emerged yesterday that there has been a massive leak of internal data at China's Ministry of Public Security (MPS). This was reported by the founder of FBRC, Kirill Pavlov. Files containing confidential conversations and operational data were posted publicly on the GitHub hosting platform. The FBRC editorial team has compiled a full picture of what happened.
The classified documents that have become public supposedly discuss a certain intelligence system developed by the Chinese information security company I-Soon. The system allows access to a large amount of confidential information: GPS data, contacts, media files, and audio recordings in real time.
Among the published files, private data of subscribers from Kazakhstani mobile operators Beeline and Tele2 was also found.
"So, it turns out you don't even need to be in the country to gain access to your device," wrote journalist Kirill Pavlov in his Telegram channel.
Furthermore, the system allows for the monitoring of online publications, with analysis and sorting of the collected data.
Information is also circulating online that among the leaked files, personal data of Kazakhstani citizens from the Unified Accumulative Pension Fund (UAPF) database was discovered. However, the fund's security services deny the leak.
To date, the authenticity of the leaked files has not been confirmed. However, as reported by the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan (MDDIAI RK), the ministry, together with the National Security Committee (KNB), is analysing the obtained data. Following the analysis, unscheduled inspections in relevant organisations are promised.
For context, earlier, Majilis deputy of the Republic of Kazakhstan Yekaterina Smyshlyayeva proposed introducing amendments to the draft law on information security, according to which every private company in Kazakhstan would be required to immediately notify authorities of any breaches of personal data confidentiality should they occur.
Additionally, lawmakers are advocating for the legal regulation of "white hat" hackers and the introduction of a Kazakhstani analogue of the Bug Bounty programme, as these measures would help attract information system research specialists to identify dangerous errors and vulnerabilities.
_____________
For reference: Bug Bounty – a programme in which a company engages independent security specialists to test its software for vulnerabilities.