CIS Countries Data Theft

CIS Countries Data Theft

by Vlad Martin

Currently, there is no Personal Data protection system in CIS countries at all. The volume of illegal trade of Personally Identifiable Information is enormous. In 1990-2010, there literally were shops selling piracy products, including CDs with databases of car owners, country residents, companies’ employees etc - yet nothing changed since then except the way in which criminals are selling people's Personal Data.

No alt text provided for this image

At my previous working places, I often came across the fact that many companies from CIS that we were working with offered us to buy entire databases of their former clients or those whose data they held. Moreover, we are not talking only about the CIS countries citizens - in the databases they proposed, there were citizens of the EU countries as well.  Beyond that, these Databases contained information about citizens of countries with strongest Personal Data protection systems like Switzerland, Germany, Japan, Denmark etc. It came to the point of absurdity — by paying ~$100 (if we are talking about 2010-2015), you could acquire a database containing almost all the data which can help to identify a person, including its address, passport data, telephone number, information about family members and so on. Undoubtedly, none of these companies were officially registered information broker. 

Quoting BBC News,

"And it's not only Russian citizens whose data can be bought: BBC Russian ordered information about the correspondent's wife, an EU citizen, and was given data including phone records, date of birth and passport information."

Nowadays, it is true that there are forums in the Russian-language segment of the Internet that are exclusively aimed at selling personal data — hacked social network accounts, passport data, mobile phone operator databases etc. I'm not talking about the so-called “Darknet” at all, it is just a fact that you can simply find it on Google not even trying to. I will not attach links to this article so it will not be considered as a guide, but I can assure you - all this websites and forums are in open-access.

"A lot of other countries, particularly in Western Europe and North America, are very careful about data, because they need to worry about lawsuits and the General Data Protection Regulation [GDPR]," Mark Galeotti says. "But Russia doesn't appear to have put as much security into protecting this data as it should have."

Of course, I won’t provide prices, but be sure that for a fairly small amount on these forums you can get the “basic data”: name, passport details, address. More “serious” services are a bit more expensive, yet more disturbing - tracking a person’s location on cell towers, location history, call detailing, SMS detailing. A frightening fact, but this is not the worst thing - the source is not even government employees, but the people who have a mediocre relationship to this data (for example, employees of cellular operators), but if we go to low-ranking officials... tax returns, parking dates and time, phone and email linked to social networks, private property info, payment accounts, full person’s identifiable information - and it is not even the entire list, but only the main examples.

I strongly advise you to read this article by BBC News, it actually shows the current situation not only in Russia, but in the all CIS countries as well:

To summarize, I can just say that Personal Data trade in Postsoviet countries is thriving. There are no positive trends in Data Security, so it seems that such a system won’t be changed in the coming years.

Clause: I wrote this short article inspired by several other articles I‘ve read last year, exactly about the Illegal Trade in Personal Data Segment (in particular, written by Drebin893). I used some data to provide examples. If you speak Russian - check his articles.

The article has been originally published at:

July 31, 2019

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Notify of

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013