Russian Central Bank's database stolen by hackers
Date: April 04, 2005Source: pravda.ru
Illegally duplicated CD-ROMs containing various database can be purchased on the computer markets or via the Internet in today's Russia. It is quite easy to buy any database ranging from the lists of mobile telephone company's customers to classified data of the state traffic police or the customs authorities. And many people do buy those products. Bank security agencies, analysts, private security and detective agencies, HR personnel, and criminals use them a regular basis. They do not seem to care much about the doubtful legality of information on those disks.
Considering the above, it is hard to explain all that fuss in the media about the Russian Central Bank's database that had been allegedly stolen and sold, according to the Vedomosti newspaper. The database is reported to contain information on bank transfers processed by cash settlement centers of the Central Bank from April 2003 to September 2004. The database purports to cover all bank transfers starting from $20,000 wired by all Russian companies plus information on banking details and payments. The media promptly echoed the publication in casting doubt on the bank secrecy, a "sacred cow" of the banking system. The media also reproached the authorities for their failure to keep business secrets intact. As a result, the Central Bank had to issue inane statements saying that "the bank is currently checking reliability of the reports."
Meanwhile, experts believe that the controversy is not worth a straw. The news does not appear to be a stunning revelation anymore since the concept of secrecy in banking has long become shapeless. These days even the most restricted and classified databases are under the clear and present threat of various information leaks. It is a worldwide problem, it does not exclusively affect Russia.
Speaking to Pravda.ru, Alexander Krylov, an expert with association Security Industry, a director general of Amulet (an official security agency of the Association of Russian Banks), said that "the publication looks slightly outdated in terms of situation on the market of information and business intelligence services." He said that the product or its varieties had been circulating round the market for a long time, at least a year.
Mr. Krylov said the database was not a guarantee of any tangible profit. "The data belong to a rather specific kind of information that at times might come in handy during an economic dispute settlement, for collecting background information and the like," said he. According to Mr. Krylov, there are other ways for obtaining necessary information.
Gennady Chibisov, director general of Verysell Enterprise One, shares the above opinion. "That database is absolutely worthless," says he. "Those who are really interested in getting information, they will be able to get it in accordance with standards they specify," says Mr. Chibisov. He stressed the importance of analytic research.
Most experts believe that the sale of the stolen database of the Central Bank is a commercial flop. According to Alexander Krylov, the database is a behemoth, therefore, it takes a lot of effort to keep it duly updated. An owner of that database will have to pay for services of extra personnel to be hired specifically to keep it updated.
"The market (of information and business intelligence services - editor's note) got really excited shortly after the initial rumors about the availability of the database started floating around," says Mr. Krylov. "The product seemed to be a magic tool capable of providing any piece of information on anybody, but then respectable customers lost their interest due to a huge and specific amount of data that can not be routinely processed in an expedient manner," says he.
However, the stealing of the database was yet another sign of vulnerability of the banking system with regard to its data security control. Experts believe that either bank employees or other people who had access to that information might have committed the crime. Mr. Krylov is quite skeptical about possible involvement of web hackers or other virtual perpetrators. "The Central bank along with the whole banking industry of Russia may as well deserve some criticism, but the efficiency of their data security system is quite high, as far as I am concerned," says he.
"Judging by the amount of data, I would assume that the stolen database is a backup copy of the Central Bank database, and no official data transmission channels were used for making it disappear from the bank," says Andrei Stepanenko, a marketing director of Informzashchita. "It is technically impossible for an outside hacker to download such a gigantic database," says he. On the other hand, it is highly unlikely that the database was copied to a portable hard disk. Walking off with a copy from the bank's backup copies storage would be a lot easier, according to Mr. Stepanenko.
At the end of the day, was any damage done to the Central Bank and its customers?
No damage at all since there is no secrecy in the Russian banking system, according to Mr. Chibisov. Other expert, Mr. Krylov, believes that the stealing of the database is likely to have a negative effect on the reputation of the bank and the Russian banking community as a whole. Mr. Krylov does not rule out a possibility that the article printed by the Vedomosti was aimed at stirring up controversy on purpose. Some people might be interested in producing a lot of speculation about the subject.
The concept of secrecy in banking is becoming increasingly vague these days. Today the fight against the international terrorism and money laundering has become a top priority for the world community. Given the challenges, the majority of society had to sacrifice a number of freedoms including the right to confidential personal information.
Personal correspondence, personal bank account are no longer a tightly-kept secret. Now the government or criminals can have access to your private records, though their methods differ
Original article
Add comment
Email to a Friend
