Today it is difficult to imagine a person who does not use social networks. However, often an open profile is enough to become the catch of data hunters and a victim of the obsessive attention of a taxi. Violation of the rules for the use of personal data for Ukraine - a common thing. The state is not in a hurry to protect the privacy of its citizens. At the most inopportune moment, a squeak is heard from the phone - SMS has come with a proposal to use the services of another taxi service. An hour later everything repeats itself, but now they offer to buy a fur coat on sale in an unclear shop. Did not have time to calm down, as the vibe informs you of a place where you can buy inexpensively stretch ceilings.
The majority of Ukrainians receiving unsolicited messages with advertising causes resentment. However, lawyers say that in this case a person can only blame himself. "For the successful protection of their personal data, they must be safely stored - only if they are disclosed and / or unauthorized use by third parties you will have the opportunity not only to punish the offender, but also to receive compensation for" inconvenience, "says the lawyer of the company" Ilyashev And Partners "Irina Kirichenko.
On the tip of the knife.
Today it is difficult to imagine a person who does not use social networks. However, often an open profile is enough to become the catch of data hunters and a victim of the obsessive attention of a taxi.
Specialists in mass mailings use special scanning programs - parsers, which wool social networks for the availability of a suitable target audience. "With the help of such a program, it is possible to collect information. For example, I'm interested in people born in 1990-1995 who live in Kiev and have an accessible phone number. Information is automatically collected, and a database is being formed, "says Roman Rusanov, an SMM expert..
But such databases of "open" data are not always used for quite harmless advertising mailings. The National Police say that although less often than in 2013-2015, but today there are cases when people call and say that, for example, their child has attacked a policeman and is in intensive care, that's why money is urgently needed for treatment. Otherwise, they say, his son will be put on trial for murder. "These data are in most cases going to scams at intersections fused bases of social networking data (eg," VC "in 2014) and own the pages of social networking with the data of relatives, which are very common in the darknet", - says head of the Postal and Telecommunications Sergey Demedyuk.
3 million records with personal data of people hackers steal every day around the world.
Often traded in such "hooliganism," according to Demeduk, prisoners or newly released. Often, such calls are received from the territory of the ORLLO.
In addition, the collection and subsequent sale of databases often earn extra decent resources, for example, search engines for cheap tickets. "You leave minimal data about yourself, for example, e-mail, phone, do some actions inside the site. The system remembers what you are interested in, "- explains how it works, Roman Rusanov, and adds that in this way, to the data left by the client, a description of his profile is added.
Such databases are interesting primarily for advertising purposes, in particular for point targeted advertising. Demand for the services of specialists who handle large data sets is quite large. One of the most popular and well-paid professions is the analyst bigdata, the salary of such specialists in the Ukrainian market starts from $ 1,000.
For companies that are oriented to mass mailings, there are quite legal services from mobile operators. The cost of one SMS message in such programs is about 20 kopecks. As the mobile operators have repeatedly explained, if the client did not directly forbid them to send advertising SMS, they have no reason to stop sending. However, as practice shows, even in the case of customer appeals, the operators close the mailings extremely reluctantly.
Illegal beneficiaries.
However, you can find many examples of blatantly illegal use of personalized information. Most often, "merge" information about medical clients. "Emergency doctors regularly come to the funeral staff, leave their business cards and ask them to tell them the phone numbers and names of the relatives of the deceased on the call of the patients," one of the doctors told the ambulance service on the condition of anonymity. As our interlocutor explains, in the case of the death of a close relative, the relatives are disoriented. Therefore, they usually agree to the services of the first agent who called them. It is the ambulance and pathologist in the morgues who report most of the clients to the funeral home. Among the ritual agencies competition for the loyalty of physicians is quite high.
The doctor for help in finding clients is given about 200 UAH. It is a little, but at beggarly salaries of the Ukrainian doctors quite good help to the salary. According to our interlocutor, exactly the same situation in morgues. Only "rates" in pathologists are higher. Naturally, the official transfer of phones to third parties is prohibited, but our counterpart does not remember the cases, because of this, he or his colleagues had problems.
"In the jargon of taxi drivers, the dispatch services that send you spam are called" hob-taxis ".
In addition, as the doctor of one of the hospitals in Kiev explains, in some cases, the staff sends mediators contacts of patients who need unregistered medicines in the country, which can only be bought on the black market.
According to the frequency of abuse of the use of personal data for the palm of the championship with the doctors fighting taxi drivers. "Dozens of taxis are open and die on the market every week, they can sell equipment along with some base," says marketing director of Uklon service Daniil Vakhovsky.
"In the jargon of taxi drivers, the dispatcher services that send you spam are called" the hub-taxi ", - tells the capital's cabman Vasily, who receives orders through Uber. According to the taxi driver, among his colleagues there are always people who are dissatisfied with high commissions that charge taxi drivers with large taxi calling services. "Here he goes and thinks:" And why should I Uber or "Yandex. Taxi ", the fourth part of the earnings to give? The wife still does not do anything, I will throw off with friends on the PBX and the database, let the orders take", - explains our interlocutor logic spammers. As a result, such a person buys for 3-5 thousand. UAH on the black market customer base of other taxi services and sends out spam. However, after a couple of days it turns out that this method of "marketing" does not work, and the hapless entrepreneur is looking for someone to resell the PBX and the database. "At one time I had a point with tools on the market" Youth ", and I was a wealthy person. Two-room apartment on Obolon overlooking the embankment bought. But this "theme" passed. Similarly, the "theme" has already passed with many small taxi services. However, there are still people who can not understand this, "our hero laments..
And in general today on the Internet you can find databases of any volume and content: auto, passport data, commercial information on the activities of companies. Moreover, dozens of companies offer to create a base for ordering. Prices vary depending on the complexity and relevance of the base - from a couple of hundred hryvnia to $ 5-10 thousand.
You can easily find and database of numbers and payment cards that unlucky users leave on masquerading as services replenishing mobile phishing sites or during purchases in online stores with a dubious reputation. "By bank cards, the database market is quite large. In darknet, data for somewhere around 5 thousand. Issued by Ukrainian banks of cards. Every day the relevance of the database falls, as the data on the cards change. Therefore, bases are always in demand. However, the structure of debiting funds from cards is very complicated. They are engaged in such things, as a rule, international groups of hackers, "- says Roman Rusanov.
Remove bank.
"I return from a hard trip. I sit at home and at 19:57 I see SMS: from your card money is withdrawn in the amount of such and such, from PrivatBank ATM at 42 Vozduhoflotsky Ave.. All money that was on the card was taken off to a penny. The card is in my bag, codes, the password is not known by anybody except me, suspicious calls of strangers with a request to inform the pin-code - there was nothing like this. I did not use the card today, I did not show it to anyone, "is a quote from a post on the Facebook page of the Kiev journalist Irina Glotova.
Then followed her appeal to the National Police and communication with representatives of PrivatBank.
"I was given as a journalist a video from the surveillance cameras near the ATM. Record recorded how an unknown man in a hat and glasses took money from 6 or 7 cards in a row. Yet it was not a bank card ", - says Irina details Glotovo.
In the Solomensky district administration, she was honestly told: most likely, it's "hanging", although the investigator will remove the video from the camera installed directly in the ATM.
"I was in this situation was not alone, in the queue of six people who came to file an application that evening, the three turned to the police because of fraud with their cards," adds Glotov. The journalist is angered by the fact that the information on her card is not easily understood by the intruder. The possibility of using special reading equipment in cash machines Glotov considers unlikely. She withdraws cash in one ATM near the house, there were no problems with this ATM before her case in the police.
The scale of illegal use of personal information is amazing. Sergey Demedyuk says that the illegal database market is represented as data stolen from state resources (including the State Fiscal Service, the Pension Fund, the State Migration Service, the personal identification code of individuals, the register of crossing the goods of the state border of the customs service, the register of vehicles , The register of information on crimes and events of units of the National Police of Ukraine, the register of land cadastre of Ukraine, registers voter (Database of unreliable creditors), carriers (customer delivery database), mobile operators (database of numbers and their users), and here only large databases with a record number of more than 10 are listed Million. If you list small databases, then you need to create a separate database with only the names.
"You will be responsible for what a thief does when using your personal information. Perhaps you will have to pay for what the thief buys ".
Warning of the US Federal Trade Commission on the responsibility of citizens for negligent treatment of personal data.
Too small.
Unauthorized use of personal data is a global problem. However, in our country, its scale is particularly large. According to Rostislav Kravets, a senior partner of the lawyer company Kravets and Partners, this happens because at least the current legislation formally protects the personal data of Ukrainian citizens, but in fact the state does not prevent their illegal distribution. In Ukraine, no one is afraid of responsibility for the sale of personal data. "Compensation for victims of such violations in Ukraine will be scanty. You can only demand compensation for moral damage, and Ukrainian courts pay moral damage in the amount of not more than 5 thousand. UAH. In this case, the courts will have to spend at least a year, "- says Kravets.
Because of this, Ukrainians are slow to prosecute persons who illegally use their data. As counted in the law firm "Ilyashev and Partners," in the Unified State Register of Judicial Decisions can not find more than 4 thousand. Cases concerning the protection of personal data.
A typical example. In the Dnepropetrovsk region there was a case when the plaintiff won a case against the company "Ecology of Ukraine", which illegally received and used personal data. In particular, the plaintiff was called at night and reminded of debt. As a result, he was awarded 1,000. UAH as compensation for moral damage.
Theoretically, one can defend one's rights and file a complaint with the office of the Ombudsman, the Verkhovna Rada Commissioner for Human Rights. As reported to Focus in the Ombudsman's Secretariat, in 2016, citizens and legal entities lodged 1,300. Complaints about this. The main appeals concerned the processing of personal data by banks, collection companies, medical institutions, housing offices, the Pension Fund and social security agencies. The applicants reported the unauthorized distribution of personal data, the blocking of access to them or the collection of too large a volume of data for minor purposes. However, for all these statements, Lutkovskaya's office accounted for only 45 administrative protocols.
Salvation drowning - the work of the drowning themselves.
15.4 million Americans suffered from the illegal use of their personal data for the past year.
In Ukraine, according to Sergei Demedyuk, the most actively used business is stolen databases with a large flow of potentially dangerous customers (banks, credit and finance), in second place - a business with a large flow of personnel (production, trade), the third - detective agency , Whose work is related to the constant analysis of information.
"If we talk about those who care negligently about storing the databases they are entrusted with, it all depends on the level of remuneration of administrators and their connections among potential customers," adds Demeduk. According to him, the management of private and public companies, as a rule, is provided at the proper level and does not deal with the dumping of bases. "We have not documented such a case," he said..
In addition to negligent administrators, databases are "merged" and users who were negligently provided with uncontrolled access with significantly exaggerated privileges. Or, databases are accessed through unauthorized access by hacking, using breaches in information security systems. "There are databases, mostly state dumps (backup copies. - Focus), which merge every quarter or six months, but more plums are situational, "explains Sergey Demedyuk.
The National Police offers several options to combat the illegal spread of databases.
To do this, it is worthwhile to provide decent payment to database administrators, maximally restrict user privileges, carefully log user actions, use the system of deep analysis of network packets, constantly monitor the state of infrastructure security, and at the legislative level increase responsibility for this kind of atrocity, so that law enforcement officers can The entire arsenal of vowels and private means. But while these are all just projects. In fact, in the matter of protecting personal data, one should rely only on himself. Figuratively speaking, the protection of personal data is the same as safe sex. To avoid negative consequences, it is necessary to share information responsibly.