Russia’s Blockchain E-Vote Participants May Have Had Their Private Data Leaked

Published at: July 10, 2020

Personal data for over a million Russian nationals has reportedly been leaked. The data allegedly belongs to some of the citizens who participated in the recent blockchain-based e-vote on Constitutional amendments.

The archive was reportedly available for everyone to download 

According to an investigation published by Russian language media outlet Meduza, an archive titled “degvoter.zip”, which contains said data, was publicly available for download for at least several hours on July 1 via a government website. The file has since been distributed through various Telegram groups and channels. 

The archive was password protected. According to the publication, however, it could be easily hacked with a free password cracking tool. 

Along with the archive, there was an unpassword protected database titled “db.sqlite”. This database allegedly contained passport numbers for over a million voters from Moscow and Nizhniy Novgorod — two cities in Russia where residents could cast their votes online. The system that allowed for online voting was based on the Exonum blockchain platform developed by Bitfury.

Although that data was encrypted with the SHA256 algorithm, the reporters were allegedly able to decode it “very easily” using free software. That has lead them to the following conclusion:

“Considering the poor security and availability of the degvoter.zip archive, the Russian government actually put the personal data of all e-constituents from Moscow and Nizhny Novgorod in the public domain.”

Journalists reportedly cross-referenced the leaked data with the Ministry of Internal Affairs’ official service for checking the validity of passports. They found that over four thousand of passports registered for the e-vote were invalid.

The Ministry of Digital Development, Communications, and Mass Media has since commented on the investigation, saying that they exclude “any possibility of leakage”, since the passwords were distributed through “secure data channels” and only to authorized personnel.

The agency also stressed that the passport numbers were encoded and consisted of a randomly obtained sequence of characters, or hash sums, adding:

“Hash sums are not personal data. Publication of random sets of characters cannot harm citizens,"

Not the first failure

As previously reported by Cointelegraph, Russia's blockchain e-vote system has been attracting a lot of controversy. Not only did it malfunction soon after going live, it also allegedly allowed double voting, and had a vulnerability that reportedly made it possible to decipher votes before the official count.

E-voting occured online from June 25 to June 30, while the referendum itself ended on June 1. With all the ballots counted, 77.9% voted for the reform package and 21.3% against, according to the electoral commission.

As per the approved Constitutional amendments, Vladimir Putin’s term limits will be reset in 2024, meaning that he may remain president until 2036.

Tags
Related Posts
Russia's Blockchain-Based E-Vote System Suffers Node Attack
Russia’s blockchain-based voting system for the constitutional amendments has reportedly been attacked via an election observer’s node. As reported by state-owned news agency TASS, the attack occurred on June 27 around 8 PM CET. A government of Moscow representative told TASS that the attack did not cause a system malfunction, meaning that all e-votes will be successfully recorded on the blockchain. According to the official, cybersecurity experts were working to restore access to the attacked node. It is not clear if it’s been repaired at this point. E-voting, held from June 25 to June 30 for residents of Moscow and …
Technology / June 29, 2020
Russia's Blockchain Voting System Malfunctions Soon After Going Live
Russia’s blockchain-based voting system for the Constitutional amendments is off to a rocky start after going live earlier today, according to local media reports. E-voting, scheduled to take place from June 25 to June 30 for residents of Moscow and Nizhniy Novgorod, is based on the Exonum blockchain platform developed by Bitfury. The blockchain will allegedly help to encrypt votes to provide secure and immutable data. Moscow and Nizhniy Novgorod residents can vote offline or online via a special website that, according to a report from RIA news agency, was inaccessible during the first few hours after going live. According …
Blockchain / June 25, 2020
Much of Russia’s Blockchain Voter Data Is Now for Sale on the Dark Web
Passport data from 1.14 million Russians is now available for sale on underground shops via the dark web. This data was stolen from citizens who voted in the country’s recent constitutional reform referendum, which utilized Blockchain technology. According to Kommersant, quoting information provided by the hackers, illegal sellers have already sold over “30 thousand lines” of a document that contains the leaked data. Lines are listed at a cost of $1.50 each, but the price-per-line goes as low as $1 for parties purchasing the data in bulk. Although passport data cannot necessarily be used for sensitive purposes, the sellers claim …
Blockchain / Aug. 6, 2020
Transparency of Russia’s Blockchain Voting Setup Put Under a Microscope
From June 25 to July 1, the Russian government held a public vote with the goal of finding out whether the country’s constitution should be amended. Part of the vote was held on blockchain to “ensure security and transparency,” according to the government, making it the country’s most extensive DLT project to date. But this didn’t stop independent researchers from registering over 20 million “abnormal” votes and arguing that it was one of the most falsified voting events in the modern history of Russia. So what was blockchain’s role in all of this, exactly? What was the referendum all about? …
Adoption / July 17, 2020
Russian Region Conducts Blockchain Election With 40K Participants
Saratov Oblast, a region in Southern Russia, has conducted a reportedly successful blockchain election with 40,000 participants, according to a press release shared with Cointelegraph Dec. 18. On Dec. 12, participants voted to elect members of the local Youth Parliament via the blockchain-driven electronic polling system Polys, developed by Kaspersky Lab in 2017. According to the press release, the decentralized network was deployed at 110 polling stations and the election lasted seven hours. Blockchain-driven voting mechanisms are being actively tested on both the regional and national levels in many countries. Switzerland implemented blockchain-based voting this summer, while the United States …
Adoption / Dec. 18, 2018