They are on DropMeFiles, a Ukrainian service. They were stolen from the body with ransomware and asked for 4 million in reward for not publishing them.
After more than 2,000 people downloaded the stolen information from the National Migration Directorate (DNM), the agency dependent on the Ministry of the Interior formalized a request before the Justice to stop the spread of search engines such as Google and contain access to 2,200 documents hosted in a service called DropMeFiles of Ukrainian origin.
The link first circulated in the deep web, but it leads to a link that can be accessed from any browser. And that is the URL that Migrations asked to be restricted, as he could learn Clarion.
Government sources confirmed to this newspaper that, after the release of the stolen data, a precautionary measure was presented to the Guillermo Marijuan prosecutor’s office, who instructs in the case at the request of Judge Sebastián Casanello. “I request that you consider the extremes of the requested precautionary measure as credited and while the investigation of the crimes reported continues, the Internet search engines (including the main search engines, such as: Google, Yahoo, Bing, Baidú, Yandex, Ask, AOL, Duckduckgo, etc) “, they ask the federal prosecutor in the text.
Its intention is that the search results that show the link can be blocked so that anyone can download the files seized on August 27, through a coordinated attack by a group of cybercriminals that operates with Netwalker, the ransomware that they injected Migrations.
It happens that there are already about 2 thousand people already have that stolen information in their possession. For this reason, and although the Government insist that it is “sensitive but not critical information”, There is concern about the spread of these files.
“We request that search results be blocked, we want to prevent download links from spreading,” official sources explained.
There are two strategies to stop the spread: either target the search engines, as the Government does, or the service where the information is hosted ─DropMeFiles─. The problem with this last way of proceeding is that this Ukrainian page is not one of the best known, so it is not clear if an official request would take effect.
However, the request for the files to disappear directly from the web can be made: “DropMeFiles is a Ukrainian company, the Argentine government should send a complaint to the site administrator to request that they download it,” explained information security specialist Javier Smaldone.
However, there is the key: so far it is unknown from which jurisdiction the stolen documents were uploaded. Anyway, DropMeFiles marks that each person or entity affected can send a complaint email arguing their reasons for removing the content.
Beyond the information that is already circulating, there is a latent concern: “Deciphering exactly what happened and how much information was stolen is very difficult: it requires forensic expertise that can take weeks,” he specified to Brett Callow, analyst and computer security expert at Emsisoft .
And he said that in many cases cybercriminals publish part of the stolen data, and save another part for future operations or “freelance” the information (sell it to an interested party).
“It is sensitive information, but not critical for National Security”, qualified (and insisted) the Government, since Clarion revealed last Friday that a group of cybercriminals was talking about a Hack Migrations.
Now, after the leak, they ratify their words. “It is administrative information, they did not access the database or biometric data; only to files related to administrative tasks in management areas: notes, documents, judicial reports, reports on criminal records ”, they explained in the DNM, where an evaluation of all the violated information was made and it was decided to present a precautionary measure to prevent it from being replicate the download link.