Journalists of Current Time checked what data the cyber partisans received.
An anonymous group of Belarusian Cyberpartisans claims to have hacked the country's passport system. The hackers obtained data of millions of Belarusians, including "hidden records" about the leadership of the security forces, people from the inner circle of Aliaksandr Lukashenka, KGB officers, and intelligence officers in the European Union.
The hackers posted some of the information in the telegram: passport details of the chairman of the CEC of Belarus Lidzia Yarmoshyna, Natallia Kachanava, head of the KGB Ivan Tsertsel, and former president of Kyrgyzstan Kurmanbek Bakiyev. The latter moved to Minsk after the revolution in his country in 2010.
Current Time was convinced that Cyberpartisans probably have information about the majority of Belarusians by presenting to the hackers the names and dates of birth of two citizens who agreed to take part in the experiment. It took Cyberpartisans a couple of minutes to search for information: the dossier sent by them includes full passport data, places of residence and work, as well as technical information (for example, that the passport has run out of space for sticking visas). The hackers also sent information about the parents of one person and photos from passports: in one case, there were three, and, in the other case, four - the pictures were taken several years apart and were never published on the Internet. The resolution of the photos sent to us was high enough to be used to search social networks using neural networks (up to 510 pixels in height).
The data of the ex-president of Kyrgyzstan was in the closed section of Passport AIS.
The data source - the Passport information system - serves the passport and visa services at the level of the Central Internal Affairs Directorate of the Minsk City Executive Committee, the Internal Affairs Directorate of the regional executive committees, as well as subordinate units of the passport and visa service of the territorial bodies of internal affairs of Belarus. The system was created by the Minsk enterprise Todes by order of the Ministry of Internal Affairs. The enterprise is also developing similar information systems for Kazakhstani security forces.
The KGB of Belarus and SPLLC Todes did not answer the questions of Current Time. The Belarusian authorities do not officially comment on the cyberattack. The use of malicious programs in the Criminal Code of Belarus is punishable for up to 10 years, and unauthorized access to computer information - up to two years.
The hackers claim to have carried out the largest cyberattack in the history of Belarus. The code name for the "multistage operation" is Heat. "The database contains all people who have a passport, residence permit, or similar documents. We cannot say for sure since sometimes a person has several documents. But in a particular sample, we saw more than 11 million personal numbers," a participant tells Current Time groups under the pseudonym Cyber-Partizan (correspondence is carried out using a telegram bot).
According to Cyber-Partisan, the operation resembled a thriller: "To break into the databases, we had to penetrate the regime's facilities and open access to the internal network of the Ministry of Internal Affairs. Then our “cybers” worked, reaching several databases. We continue to work further until they succeed in driving us off the network."
- It turns out that some members of your group are physically in Belarus and take risks without being rewarded?
- That's right, most of the volunteers work for the idea. We help each other as much as we can.
- Who are you and how many are you?
- Our organization "Supratsiu" ("Resistance" in Belarusian) consists of Cyberpartisans, "Busly Latsyats," and Brigades of People's Self-Defense (anonymous groups developing a step-by-step "victory plan" over the regime - ed.). It is here, in Cyberpartisans, that there is a small backbone of administrators and another 10-15 volunteers. All from the IT field, we do not have professional "hackers," we have learned everything on the fly. Hacking networks and databases is mostly done by three or four "cybers," plus another three or four do it at a basic level. The rest are developing applications such as P-SMS (encrypts SMS - ed.) and Partisan Telegram (the messenger allows you to set false passwords for the entrance and perform certain actions when entering them, for example, delete chats or send SMS - ed.).
Belarusian Cyberpartisans was formed in September 2020, shortly after the presidential elections in the country. They hacked the websites of Belarusian state channels and broadcast footage of the arrests of demonstrators on the Internet, published calls on state sites to go to rallies, and disclosed the names of security officials who, in their opinion, were involved in the torture of demonstrators.
"We DO NOT want to: collect donations, create our own cryptocurrency, write manifestos, PR using the achievements of other teams, compete with other teams and old telegram channels. And, most importantly, we DO NOT want ordinary people to suffer because of the actions of Cyberpartisans," they wrote in their first post in the telegram.
In addition to the passport database, the hackers obtained data from the traffic police of Belarus. All this is the basis for "X moment", notes Cyber-Partisan:
- In the network of the Ministry of Internal Affairs, there are a lot of bases, some of them have classified information, the disclosure of which may disrupt the work of the Ministry of Internal Affairs, the KGB, and other departments. We recently leaked the KGB's apartment fund, and they will have to change all the apartments -- that will take a lot of resources and time. We will learn about the consequences of this operation in the coming weeks. In the databases of the traffic police, there is data on all cars in Belarus, including operational cars of "tsihary," the KGB, GUBOPiK (the main department for combating organized crime and corruption - ed.). At the very least, they will all have to change their transport. But more importantly, the operatives will know that such a leak could very well be repeated. The AIS Passport stores photos of all citizens, including KGB officers, operatives, and "tsikhary." How many KGB agents will be ready to operate abroad, knowing that the data about them has already leaked?
What if the data ends up in the hands of fraudsters?
"If the attack is confirmed, then this is the largest and most successful hack [of government systems] since 2015 when Chinese hackers hacked into the servers of the Human Resources Office in the United States," comments Andriy Baranovich, a spokesman for the Ukrainian Cyber Alliance hacker group, formerly known by his pseudonym Sean Townsend. As a result of the hack he mentioned, the attackers obtained information about millions of US civil servants, including intelligence officers.
Ukrainian Cyber Alliance is the oldest currently operating group of hacker activists in the post-Soviet space. It hacked the website of the Russian First Channel, published the correspondence of the former aide to the President of the Russian Federation Vladislav Surkov, and tested the penetration of the system of the Ukrainian security forces, criticizing them for negligence. But even Baranovich is surprised by the scale of actions of his Belarusian colleagues: "Intelligence, counterintelligence, and KGB officers, whose passports have special marks, have been completely compromised. And the data was received by activists, partisans, not special services. And now the people on whom Lukashenko's regime is based will not feel safe."
Baranovich hopes that the data will not flow further: "All citizens of Belarus, not just the dogs of the regime, are in the database. In case of leakage, ordinary people may suffer from fraud: loans, falsified documents, registration of accounts, businesses, and property - documents may be required everywhere."
Cyber-Partizan promises not to touch the data of ordinary Belarusians who do not work for the regime: "We understand data security. We store everything in encrypted form on a separate server that is isolated from the Internet."
However, the data of Belarusians can be bought on the darknet anyway, Current Time was convinced. Information from a passport, registration, place of work, bank accounts, phone numbers, criminal records, and much more - the cost of a "search" starts at $ 50. Although, they promise to provide information in three days. The Cyberpartisans found the data at the request of journalists instantly - this proves that there really was a hack.