OP Yesterday - 05:35 PM
An 18-year-old hacker who set up a scheme to issue microloans to citizens across the country was detained in Dagestan.
Police found out that the suspect bought a database online containing passwords, logins, and personal data of at least 100 people from different cities. He then found people on social networks and searched for information about them in open sources. After that, the hacker selected passwords (usually they were simple) and, posing as victims, went to the State Services portal, where he applied for loans. Then he transferred the money to his account, which is how he got caught.
At the moment, four residents of Yugra and six citizens of other regions of Russia are known to have suffered from the hacker's actions. The total damage amounted to about 100 thousand rubles.
The hacker chose people with accounts without two-factor authentication and a minimal credit load as his victims. Now operatives are checking the Dagestani for involvement in other crimes - there may be more victims.
As Dmitry Ovchinnikov, Head of the Laboratory for Strategic Development of Cybersecurity Products at the Gazinformservice Analytical Center, explained to Izvestia, personal data can be obtained from various sources. First of all, these are databases that contain partial information, such as a database on inheritance cases, leaked databases of online stores and delivery services. There are also consolidated databases compiled from several official ones. They can be purchased on the darknet for relatively little money.
— Usually, such databases contain SNILS, passport data, phone numbers and other personal information. Having bought access, the fraudster begins to select a victim. Information collection can be continued, for example, on social networks. From there, you can find out a lot of information to get a hint for guessing the password — the child's name, the nickname of an animal, etc. Then you can try to hack access to "Gosuslugi" by brute-forcing the password and SNILS number,
— Ovchinnikov says.
If a person has not used Gosuslugi for a long time, then they may not have configured the login with confirmation, which has become mandatory since 2023. After entering the portal, the fraudster can change the number in the personal account and start applying for loans in the user's name, and then withdraw the money to their accounts.
- Another scenario is hacking the email to which the Gosuslugi account is linked. And try to log into the account through a legitimate account recovery procedure with confirmation by sending to the mail.
Police found out that the suspect bought a database online containing passwords, logins, and personal data of at least 100 people from different cities. He then found people on social networks and searched for information about them in open sources. After that, the hacker selected passwords (usually they were simple) and, posing as victims, went to the State Services portal, where he applied for loans. Then he transferred the money to his account, which is how he got caught.
At the moment, four residents of Yugra and six citizens of other regions of Russia are known to have suffered from the hacker's actions. The total damage amounted to about 100 thousand rubles.
The hacker chose people with accounts without two-factor authentication and a minimal credit load as his victims. Now operatives are checking the Dagestani for involvement in other crimes - there may be more victims.
As Dmitry Ovchinnikov, Head of the Laboratory for Strategic Development of Cybersecurity Products at the Gazinformservice Analytical Center, explained to Izvestia, personal data can be obtained from various sources. First of all, these are databases that contain partial information, such as a database on inheritance cases, leaked databases of online stores and delivery services. There are also consolidated databases compiled from several official ones. They can be purchased on the darknet for relatively little money.
— Usually, such databases contain SNILS, passport data, phone numbers and other personal information. Having bought access, the fraudster begins to select a victim. Information collection can be continued, for example, on social networks. From there, you can find out a lot of information to get a hint for guessing the password — the child's name, the nickname of an animal, etc. Then you can try to hack access to "Gosuslugi" by brute-forcing the password and SNILS number,
— Ovchinnikov says.
If a person has not used Gosuslugi for a long time, then they may not have configured the login with confirmation, which has become mandatory since 2023. After entering the portal, the fraudster can change the number in the personal account and start applying for loans in the user's name, and then withdraw the money to their accounts.
- Another scenario is hacking the email to which the Gosuslugi account is linked. And try to log into the account through a legitimate account recovery procedure with confirmation by sending to the mail.
![[Image: Nuttela-Signature.gif]](https://i.ibb.co/VT79K5v/Nuttela-Signature.gif)
![[Image: Sig.png]](https://i.ibb.co/xh4Mcd3/Sig.png)