ENG
Censor.NET on Facebook Censor.NET on X/Twitter Censor.NET on Telegram Censor.NET on YouTube Android App iOS App RSS
10996 visitors online
Articles
13 683 18

Consequences of attack on state registers: some public information may be closed

Author: 

After the state registers suffered the most powerful cyberattack in recent years, the Ministry of Justice tried to reassure citizens that everything would be restored, and the Verkhovna Rada decided to set up a working group to develop regulatory mechanisms to ensure the uninterrupted operation of the registers in the future.

Meanwhile, posts from various authors are circulating on social media, urging people to check their data in these registers, scaring them that it may be changed.

Censor.NET journalist looked into what is currently happening with state registers, whether it is really necessary to check your data in the registers when they are restored, and what problematic issues the newly created working group in the Verkhovna Rada should solve.

WHY IS IT WORTH KEEPING PAPER DOCUMENTS?

In response to this cyberattack, the Security Service of Ukraine opened a criminal investigation. And as Volodymyr Karasteliov, temporary acting head of the SSU's Cyber Security Department, said during a briefing with the participation of Olha Stefanishyna, Vice Prime Minister of Ukraine and Minister of Justice, the investigation established that a hacker group operating under the control of the Main Intelligence Directorate of the Russian General Staff was involved in the attack. He added that, given the specifics of the SSU's work, he could not disclose all the details of the investigation. The proceedings were opened under Article 438 of the Criminal Code of Ukraine (violation of the laws and customs of war).

The Ministry of Justice called the attack unprecedented and stated that it had decided to suspend all registers administered by the Ministry. According to Olha Stefanishyna, this was done to avoid further threats. They also cautiously say that the restoration process will take about two weeks.

As for the services that citizens can receive from the state, the most accessible is currently access to civil registration. "All acts of civil status on birth, death, marriage and divorce can be carried out in the usual manner, but with the use of paper carriers," said Olha Stefanishyna. She also noted that "all social payments related to the occurrence of certain acts of civil status, which are made on the basis of relevant applications, will also be considered after the registers are restored".

She stated that registration of information on wills, amendments to them, cancellation of wills, duplicate notarisation of powers of attorney, and termination of their validity is carried out without access to the registers. "In fact, all notarial acts that do not require verification of data in the registers will continue to be performed by private and public notaries," she explained.

She also stressed that people who did not find clarification on their concerns on the official website of the Ministry of Justice can contact the hotline or free legal aid centres.

Regarding the possible leakage of Ukrainian data, which was mentioned in a message on one of the Russian telegram channels and circulated online. It claimed that after breaking into the ministry's infrastructure, hackers allegedly stole and deleted more than 1 billion lines of data, including those stored on a backup server in Poland.

Answering journalists' questions about whether such a data leak had actually taken place, the head of the SSU's Cyber Security Department said he could not refute it. "We are currently conducting a cyber investigation, and after receiving all the necessary data, we will provide you with the necessary information," he said.

The Vice Prime Minister added that she had received information from the State Service for Special Communications and Information Protection that no data leak has been confirmed.

A working group set up in the Verkhovna Rada on the basis of the Temporary Special Commission on Investor Protection should investigate what had actually happened and why. And, if necessary, to develop tools that will help fix it. As the head of the TSC, MP Halyna Yanchenko, told "Censor.NET", the tasks of this working group include identifying threat factors in organising access to registers and databases, analysing current legislation and developing provisions for amendments to regulations to counter such threats. Adoption of regulatory changes to further ensure the continuous operation of registers under martial law. Adoption of regulatory changes to ensure the enforcement of court decisions in the absence of access to state registers, in particular, regarding the imposition/removal of arrests. Therefore, there is still work to be done.

We also spoke to the newly elected chairman of the working group, Ihor Fris, to find out what to do for people who are worried about the possible loss of their data in the registers.

WILL THE FILING OF DECLARATIONS BE POSTPONED?

"There is no point in panicking at the moment," said MP Ihor Fris, "Even before the group started its work, we had talked to representatives of the National Information Systems. And we have already received summary information from them that the databases were not affected. The issue is the architecture of interconnections and access architecture. Unfortunately, this was damaged during the attack. But the general information that was in the registers, the backups of the registers as of 23:59 on 18 December, have been saved.

- There are a lot of posts on social media urging people to check their data, especially their property ownership.

- Today, it is impossible to check anything because neither authorised nor unauthorised users have access to the registry. Therefore, users who have keys cannot access the registry. The access architecture has been hacked.

- Should people check the registers after they resume operation?

- I would not advise doing this. Because if people have a paper document in their hands, it is valid. If the information is lost, modified or changed, it will be reproduced and restored using paper carriers kept by registrars and notaries. Therefore, I would not panic and would not rush to do anything global.

This is very sensitive information, and it is not just about ownership of real estate. This also applies to the register of enforcement proceedings, the register of legal entities, the register of civil status acts, the register of adoptive parents and persons who have been adopted. In other words, we are talking about a lot of different information that has limited access.

We spoke with Deputy Prime Minister Olha Stefanishyna and determined that the working group should investigate what caused what had happened and prepare proposals that would form the basis for appropriate changes to national legislation, which would close off possible public access to the register at least for the duration of martial law. Because today we have a huge request from our defence industry. And we have already submitted a draft law that closes certain sensitive information in the register of legal entities, the state land cadastre, and the register of property rights. And most likely, we will close certain elements of sensitive information in the court register for a certain category of entities. In my opinion, we should do this for all registers - to close certain sensitive information. For some reason, on the very first day after the cyberattack, the registers received a lot of requests from various services, such as Opendatabot and Clarity Project, which offered to buy databases from them.

Why did this happen and where did they get the information from the registers? I was told that they obtained this information legally. And somewhere it was compared with open sources. But it was quite unexpected for me.

- Who will join the working group and when will the first meeting be held?

- Usually, the work in such groups is structured as follows: requests are sent to various institutions and departments, and from there they send their representatives to the working group, ranging from experts to specialists from the Ministry of Justice or the Security Service of Ukraine. Since I and my colleagues have some experience in this area, we want to be delegated to specific people, not those whom someone can think of.

We plan to hold the first meeting this week.

Our goal is not to investigate and look for the culprit. Our task is completely different - to quickly develop a regulatory framework that will make it impossible for such things to happen in the future.

- Will you pay attention to possible access from the occupied territories?

- It has been closed for a long time. It seems to me that the keys were most likely compromised. The Security Service of Ukraine will be able to investigate for sure whether this compromise was intentional or not, whether it was hacking or intentional provision of verified access to the system. This is not our task at all. This is the responsibility of the relevant pre-trial investigation and prosecution authorities.

We need to get information from them about why this has happened and how it can be countered by introducing appropriate changes to the laws relating to state registration. Perhaps we should close public services for the duration of the war. It is possible to define certain restrictions, conduct additional verification of users who have access, and establish additional means of verification, such as a registered IP address. These should be some computer elements that could contribute to the secure operation of registries. But all this should be confirmed and reproduced in the relevant laws.

- Another fear people have is that the Russians have all our data.

- And what will they do with them?

- Was this previously discussed with the Security Service of Ukraine?

- Not yet. Each registry is a local database containing information about a person (age, address of registration, actual address, citizenship, corporate rights, real estate). If we talk about the civil registry, it again contains information on place of birth, date, parents, children, marriage). It is probably possible to link all this together. But what do you get out of it? What will you do with this information? You cannot deprive a person of a certain right, because there must be a certain expression of will and the person's affiliation with the specified lawful volitional action. Can you forge any documents? Well, it is probably possible. But what would it do? I don't see any way to distort this information in any way.

In this situation, I would recommend replacing access passwords with qualified electronic digital signatures when the registers start working. Although the NAIS said that they have nothing to do with each other. But passwords still need to be changed from time to time.

- If people still want to check their data after the registries are back up and running, where should they go?

- I don't think we will have time to adopt a new regulatory framework that will restrict public access to the registers by then. But I would like to see us restrict access to the registers by the owner of the information for the duration of martial law. That is, when I can get information about myself, but you cannot get information about me without my consent. Of course, this information can be obtained by pre-trial investigation authorities, prosecutors, courts and other authorised users who need this information to carry out their professional activities. For example, there is a competition for judges of the Constitutional Court and the relevant expert commissions need to have access to such information. But it is wrong for just anyone to enter the register and get information about where I live or where my children live. At the very least, this poses a danger to certain public figures that they may be subjected to some kind of negative influence from the Russian Federation. For example, physical.

How will people be able to check information about themselves after the registers resume their work? Through a single portal of public services. Enter there, submit an application and get an extract on real estate, a legal entity, etc. But I'm worried that we won't "bog down" the system with these requests, because there can be a lot of them and the system will "hang itself". Therefore, it is worth checking that you have paper documents in hand and sleeping well for now."

One of the problems that, according to Ihor Fris, the working group will have to solve first of all is the annual declaration. Because from 1 January, declarations must be filed and you have 90 days to do so. But how to declare something if no one knows for sure what information is in the register? Because if someone really replaced some data, and then someone suddenly has real estate in the register that they have not declared, they could theoretically be brought to criminal responsibility. And in this case, according to the MP, we are talking about 800,000 people.

"We need to extend the declaration period in 2025 by at least 90 days, which would be counted from the moment access to the registers is opened," he says.

He also stressed that the working group plans to work until February to resolve all problematic issues as quickly as possible.

Tetiana Bodnia, "Censor.NET"

State Registry (5) Tetiana Bodnia (79) cyber attack (69)
Share:
Summarize:
 Support Censor.NET