A user put up a file for sale with 5.7 million files containing images of Argentine driver’s licenses. The leaker published a sample where you can see the driving licenses of famous people, including the President of the Nation, Javier Mileyand several officials.
Clarion accessed part of the information and verified, in various cases, that the license data uploaded are real: both the issue and expiration dates and the personal data match the documentation, which seems to refer to the digital versions of the application licenses My Argentina. In some cases, the photos are not updated to the latest version of the records, as well as some that are signed and others that are not.
He sample (sample) also contains a large number of driver’s licenses, both front and back, of recognized personalities such as Ricardo “El Chino” Darín, Luisana Lopilato, Peter Lanzani, Guillermo Francella, Marcelo Tinelli, Ángel de Brito and politicians such as Patricia Bullrich, Mauricio Macri and even Javier Milei. In dialogue with the cybercriminal who sells the information, Clarín confirmed that he is the same one who uploaded the data from Renaper and the Nosis database.
“The threat actor sells a batch of 5.7 million driver’s licenses on a Telegram channel, weighing 1.25 TB. “Heads the ad with frontal images of three private driver’s licenses: that of the President of the Nation, that of the Minister of Security and that of the Minister of Defense,” analyzed Mauro Eldritch, director of Birmingham Cyber Arms, a company that reports data leaks. .
“He published a free sample of 70,000 records in JSON format (a notation format that allows information to be stored in a structured way, facilitating its exchange and interpretation), apparently extracted from a NoSQL database system (where instead of using ‘tables’ as in SQL-oriented databases, ‘documents’ are stored ‘ in JSON)”, he added, in relation to the technical information.
The sale of personal data is a serious problem because there is no turning back: once the information is circulating it can be used to commit different types of cybercrimes. “The fact is particularly serious since it exposes information that is difficult to obtain through other means, such as blood type, driver impairments, type of license and authorized vehicle categories,” the analyst concluded.
When consulted by this means, the user who leaked the data explained why he did it and why, in this case, he is selling the information. “It is for Argentina to change its course and take cybersecurity seriously”, he assured.
As explained, the data extracted ranges from the 20 to 40 million records. “That range makes up the group where citizens have the most licenses, I wanted to extract the maximum possible without them realizing it, and they ended up realizing it,” he said. There are exceptions of some politicians and celebrities that the attacker extracted in a specific manner, who are not in that range.
When asked by this media, the Government assured that “this fact was alerted at the time by the computer security team and that made it possible to take the necessary measures to stop access to that information and block future hacks.” In addition, they ensure that “no sensitive information of citizens is compromised”, despite everything that a driver’s license contains.
Furthermore, they talk about “a group of professional hackers.” Clarion He was able to confirm, however, that it was just one person.
Three leaks in two weeks
At the beginning of the month, a tablet with more than 115 thousand files that corresponded to images of Argentine citizens was extracted from the National Registry of Persons (Renaper) and published for free download in a forum for buying and selling personal data and in the messaging app Telegram.
It was not the first time that the entity was in the news for a leak. In 2021, Renaper made the news when a user managed to gain access and filter data from 60,000 Argentines as proof that, he claimed, he had records of all the inhabitants in his possession.
Last week, the same user who uploaded the Renaper information uploaded a set of data from users of The nose, a widely used site that offers “strategic citizen information” and includes addresses, documents, telephone numbers and other data such as employment relationships and financial records. This time, unlike the previous two, it sells driver’s license data.
In the event of this type of leak, the State should notify the Information Agency. Access to Public Information (AAIP). As a regulatory context, in 2022 Congress approved Convention 108 which, although it requires the specifications of other countries for it to come into force, also urges organizations to make these incidents public.
“Since 1999, there has been a CERT, or incident response team, in Argentina, and it recommends that National Public Administration agencies report their incidents. Unfortunately, there was never a communication campaign or sanction for non-compliance, not even after Administrative Decision 641 of 2021 that made this requirement mandatory,” explained Marcela Pallero, Head of the STIC Program at the Sadosky Foundation.
“It would be interesting to promote joint treatment by cybersecurity and personal data protection authorities of cases of leaks and incidents that affect personal data,” he added. Chile published its Cybersecurity Framework Law earlier this month, the first in Latin America, including privacy as a guiding principle.
Argentina thus adds a new incident of data leakage. In March 2022, a well-known ransomware group, Vice Society, published 30 thousand files with internal information from the Senate of the Nation. That same year, in September, the Buenos Aires Legislature was attacked by another well-known group in the underground (Play).
Unlike these cases, both Renaper and Nosis and now these driver’s licenses, were leaked by a single user and not an organized group.
The Government assured that “the computer security and legal teams are working on the matter together with the National Cybersecurity Directorate and the Incident Response Service Center (Cert.Ar) taking the appropriate actions.”