Russian Voters' Data on Sale After Blockchain Poll to Keep Putin in Power: Report

Russians voted electronically, using blockchain tech, to keep Putin in power. Now, hackers may be selling the personal data of over a million of those voters.

AccessTimeIconAug 4, 2020 at 3:07 p.m. UTC
Updated Sep 14, 2021 at 9:39 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Hackers are reportedly selling the personal data of over a million Russians who voted electronically, using blockchain technology, during the recent constitutional amendment process.

Over 1.1 million data points were stolen and put on sale for $1.50 each on the online forums, the Russian newspaper Kommersant wrote. The data, consisting exclusively of passport numbers, has little value on its own, the anonymous sellers admitted to Kommersant. But such data can be used for phishing attacks when combined with information from other leaked databases.

Moscow's Department of Information Technologies, which is responsible for the design of the voting system, denied the report in an email to CoinDesk.

"The department is regularly monitoring the internet for publications of such data, including the darknet. The database mentioned in the publication has nothing to do with the list of voters who registered to vote online," the department's press office wrote, adding that the information on the Moscow city hall's servers was properly protected and "there had been no leaks since the beginning of 2020."

The online voting was a part of nationwide voting dedicated to the amendments to the Russian constitution, which, among other things, eliminated the two-term restriction for presidents, effectively allowing Vladimir Putin to stay in power longer.

The online voting system, based on Bitfury's open-source Exonum blockchain and built with the help of Kaspersky Lab, was previously reported to have poor data protection. Journalists were able to decrypt people's votes as well as pull passport numbers out of a weakly protected file posted online by the authorities, a Russian media outlet Meduza wrote.

The voting took part during the last week of June and ended July 1, both online and at the physical polling stations. Municipal authorities' employees were forced to vote electronically, BBC reported.

In a blog post earlier Tuesday, department representative Artyom Kostyrko said the department compared the screenshot the seller provided with the voter database, and the information didn't check out. However, according to the founder of the cybersecurity firm DeviceLock, Ashot Oganesyan, the database was genuine and has been on sale for a while now.

Kaspersky declined to comment on the security issue when asked by CoinDesk.

In Russia, every citizen older than 14 has a passport, which serves as a universal ID for any kind of interaction with the government. Each passport has a unique number, and those numbers have reportedly been retrieved from the online voting system and put on sale.

Russia is planning to expand the practice of online voting, despite the issues mentioned above. The previous blockchain voting experiment by Moscow, which took place in the fall 2019, used the Ethereum blockchain and also turned out to have weak security.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.