A file with
116,459 photographs of Argentine citizens was extracted from the National Registry of Persons (Renaper) and published for free download last Monday in a forum for the purchase and sale of personal data and in the
Telegram
messaging app .
Personal data is marketed to commit various types of cybercrimes, including
identity theft
, which can be used to gain unauthorized access or perform social engineering. Photos are coveted for some fintech applications that validate identity in a 100% digital way.
In 2021, Renaper made the news when a user gained access and leaked data from 60,000 Argentines as proof that, he claimed, he had records of all the inhabitants in his possession.
Clarín
contacted the Ministry of the Interior, the entity under which Renaper is located, and they confirmed that they are aware of the situation. According to sources from the agency, “it corresponds to the incident of the Ministry of Health in 2022, and the data was extracted with keys enabled by users” of that portfolio.
When obtaining or renewing a passport and ID, a photo is taken that remains in the database: those images were leaked by the attacker. Photo Gustavo Castaing
“They were authorized users who obtained information to sell it, now the system has been changed,” they said. In 2022, the Ministry of Health had unauthorized access to the Single Registry of Hearings (RUA), which depends on the Ministry of the Interior. However, Renaper had nothing to do with that incident, making
the official explanation unclear.
As confirmed by this medium, the information that was uploaded on Monday with the images
is compressed in a .rar
and is a folder that contains files each identified with the document or passport number to which the photo corresponds. There are identifications that range from the numbering of 10 to 57 million, which means
there are images of minors
.
“This is a batch of 116,459 official photographs taken from Renaper.
It weighs 2.2GB and is available on the attacker's Telegram channel and on a forum.
Each photo has as its name the DNI or passport number to which it belongs, so it is simple to match a face with a name,” Mauro Eldritch, director of Birmingham Cyber Arms, a company that reports data leaks, explained to this medium.
The researcher assures, on the other hand, that “the lot was 'dumped' [extracted] from May 2023 until today. Furthermore, no file has the Renaper watermark, which allows it to be reused on other platforms,” he adds.
The background of Renaper and citizen data
Procedure to obtain the passport. Photo: Renaper.
This is not the first time that the Renaper has suffered unauthorized access. In October 2021, a user published personal data of Argentine citizens, which included documents with photos and processing numbers
and uploaded 60,000 entries in a 2.7 GB file.
The information corresponded to the documents in their digital version completely, unlike the file leaked this week, which only has the photos taken at the time the document was issued.
At that time, the attacker had made a lot of noise by uploading documents from celebrities such as Alberto Fernández, Marcelo Tinelli, Lionel Messi, Máximo and Florencia Kirchner, among others. This new case went unnoticed: the threat actor only published the file to download, without making any media noise.
Cyber incidents represent a global problem. At the local level, at the end of last year, the Specialized Cybercrime Prosecutor's Unit reported an increase in cases, with 35,447 reports, 353 preliminary investigations and 854 assistance to prosecutors' offices.
In the event of this type of leak, the State should notify the Agency for Access to Public Information (AAIP). In fact, at the end of 2022, Congress approved an agreement called 108 which, although it requires the specifications of other countries for it to come into force, also urges organizations to make these incidents public.
“Since 1999, there has been a CERT, or incident response team, in Argentina, and
it recommends that National Public Administration agencies report their incidents.
Unfortunately, there was never a communication campaign or sanction for non-compliance, not even after Administrative Decision 641 of 2021 that made this requirement mandatory,” explained Marcela Pallero, Head of the STIC Program at the Sadosky Foundation.
“More recently, to describe the cybersecurity incident management process and encourage others to establish their own, another standard was published that, for all practical purposes,
has not been effective for society
in terms of what the efforts are. or the activities carried out by the public sector to protect our personal data,” he continued.
“It would be interesting to see collaboration between cybersecurity and personal data protection authorities as happens in other countries in the region,” he added. At the end of last year, Chile approved
the first cybersecurity law
in Latin America, to give an example.
Once personal information is leaked from documents it is very difficult to go back. Photo Renaper
Regarding the context of Argentina, unauthorized access, hacking and ransomware (theft of data with subsequent extortion to return it) are becoming more frequent. In the middle of last year, one of the most resonant hacks was that of the National Securities Commission, the entity that regulates markets at the local level, which suffered a cyber attack by the Medusa group.
In August, the Ryshida group hacked PAMI, an issue that made media headlines throughout the region and, together with the cyber attack that the UBA received at the end of last year, was the loudest topic of conversation in the world of cybersecurity local.
One of the most memorable cyber attacks against the State was the one suffered by the Senate at the beginning of 2022.
The protection of personal information by Governments continues to be a difficult problem to solve.