Cybercriminal Arrested For Stealing 286K ID Scans from Estonia Government Database
There Is No Evidence the Hacker Used or Leaked the Data Maliciously.
A week ago, a hacker that is believed to have exploited a government photo transfer service flaw to download ID scans of 286,438 Estonian citizens from the Identity Documents Database (KMAIS) has been apprehended in Estonia.
The Tallinn man was arrested on July 23 after a Cybercrime Bureau of the National Criminal Police and RIA joint inquiry that began following the RIA warning of an abnormal number of queries.
Oskar Gross, head of the police’s cybercrime unit declared:
During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people.
Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.
Can the Stolen Data Be Used for Fraud?
The answer is no. RIA stated that the stolen data could not be used to carry out notarial or banking transactions or obtain access to state digital services by posing as the impacted individuals.
The threat actor downloaded the government document photos using the victims’ names and personal ID codes that were obtainable from several unrestricted databases.
It is not possible to gain access to e-services, give a digital signature, or to perform different financial transactions (incl. bank transfers, purchase and sales transactions, notarial transactions, etc.) using a document photo, personal identification code, or name.
People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid.
What Is Gonna Happen Next?
BleepingComputer says that even though the bug was introduced in the system and could’ve been exploited several years ago, current evidence doesn’t show that such an attack has happened since then.
According to RIA, the information hasn’t been transferred from the attacker’s computer since it was stolen from KMAIS and probably wasn’t misused in any way.
All the Estonian citizens involved in the incident will be informed via email by the Estonian Police and Border Guard Board.