The personal information of 29 congressional deputies and 10 Spanish senators is exposed in the dark webthat corner of the Internet hidden from traditional search engines and browsers where forums proliferate to deal with drugs, weapons, stolen data or other illegal services. In 14 of the cases the vulnerability is critical, since the leaked information includes passwords for digital services used by Spanish parliamentarians through their official emails.
The revelation comes from an analysis conducted jointly by cybersecurity firm Constella Intelligence and Proton, a Swiss company that offers private email and VPN services. The identities of the Spanish politicians whose information is being marketed on the dark web have not been revealed. “All data is anonymous to limit the risk of exposed people,” Proton sources explained to elDiario.es.
The company has personally contacted each affected person to inform them of the situation. “A single breach could mean a serious national security problem. At a time when political figures are increasingly in the spotlight for their cybersecurity practices, it is more important than ever for those in the public eye to ensure that their digital identity enjoys the greatest protection. possible,” he says.
It is common for cybercriminals who trade in stolen information in the dark web They buy and resell databases in different places, multiplying the severity of each vulnerability. According to the investigation, the data of the 39 affected Spanish deputies and senators are exposed in at least 117 different leaks. “These leaks took place when politicians registered on third-party services (LinkedIn, Adobe, Dropbox, etc.) using their official email addresses and these services were subsequently attacked,” he details.
Although the dark web was not born as a place intended solely for illegal activities, the anonymity it provides has made it an ideal place for these types of transactions. As this elDiario.es report documented, it is a market with standardized prices and increasingly professionalized where you can acquire the raw materials that cybercriminals use to commit scams. The bank code of a Spanish credit card, for example, It can be worth about 20 euros.
The most common vulnerability in the case of the Spanish politicians analyzed who have their passwords exposed is that this is the LinkedIn password. “While a hostile takeover of one of these accounts would not give the attacker or a foreign government access to state secrets, it could reveal private communications and other sensitive data that could be used to defraud or blackmail the politicians involved,” the researchers say. .
Worse in France, Italy and the United Kingdom
However, Spanish deputies and senators are the ones who come out the best in the study, which also included French, Italian and British parliamentarians. In percentage terms, 6.4% of the 615 members of Congress and the Senate have had their information leaked. In France this proportion rises to 18% and in Italy, 14%. Britons are by far the most targeted, with almost half of them (44%) having their information exposed on the dark web.
“A total of 402 leaks were identified in Italy, 1,306 in France, 2,110 in the United Kingdom and a total of 2,311 among MEPs,” states the study, which describes the situation in these countries as “alarming”: “320 were disclosed. plain text passwords associated with compromised accounts of members of the French National Assembly, 216 in the case of their counterparts in the United Kingdom, 161 among MEPs and 118 in the case of their Italian counterparts.”
The author companies recommend that the authorities increase the cybersecurity of these public representatives. For example, they highlight that the fact that their official email addresses identify them with first and last names increases the possibility that cybercriminals can select them as a target in a security breach, which is why they advise using “email aliases.” “With an email alias, the identity of an account is hidden. Additionally, if an alias is leaked or falls into the wrong hands, the user can easily delete it without affecting their real email address or other aliases.”
They also remember the usefulness of password managers (services that generate a unique and robust key for each service, making it difficult to hack and preventing its reuse) or analyzing the dark web from time to time to check what data may have been leaked.
“In a context in which cyber defense is a major concern at the national and European level, public authorities are at the center of strategic and decision-making problems. They are a prime target for state aggressors of any origin. This research highlights that it is urgent to implement good practices and raise awareness among politicians of the growing cybersecurity problems,” its authors highlight.
#politicians #Congress #Senate #data #exposed #dark #web
