Who and how hacked the database with personal data of Hemotest clients. Details of a high-profile case.
In 2023, unnoticed by the public, a trial was held over one of the hackers who committed a high-profile hack and stole the database with personal data of Hemotest customers last year. The guilty person received 1.5 years of restriction of freedom for this episode. TAdviser studied the sentence which came into force this fall, and found out under what circumstances the crime was committed, and also why punishment to the hacker was taken out rather soft.
The verdict was handed down to Fuad Maarifa oglu, a 4th-year student of the St. Petersburg Mining University, who had no previous convictions. He was charged under article 272 of the Criminal Code of the Russian Federation part 3 "illegal access to legally protected computer information by a group of persons by prior agreement, resulting in copying of computer information" and Article 273 of the Criminal Code of the Russian Federation part 2 " use of a computer program deliberately intended for unauthorized destruction, blocking, modification, copying of computer information..."
According to the criminal case, Alekperov met with unidentified accomplices, having received the administrator's credentials. [email protected], installed no later than April 21, 2022 on the corporate TV website at corptv.gemotest.ru open-source web-shell remote control program p0wny-shell and used it to gain access to two databases: Ordersfromkash and Ordersfromkash .MIS", which just contained the data of the companies "Laboratory Hemotest" and the clinic of personal medicine "Medexpert Plus".
In addition, a remote control tool for Linux was installed on the hijacked server, which was identified as agent.ar. Using the corporate TV server, the hacker and his accomplices organized a data leak – according to the investigation, 7.79 GB of personal data was stolen in this way. After stealing personal data from the Hemotest information system, attackers in May 2022 placed them on two Darknet resources, where they were put up for sale.
However, in the criminal case of Alekperov, the amount of data specified is 7.79 GB, while in the administrative case against Hemotest, Roskomnadzor indicated 300 GB of information (for more information about the administrative case, see the article section below). The addresses where the attackers posted the stolen data are completely identical in the materials of both cases. Moreover, the agency's experts, who conducted an unscheduled check of the information systems of "Hemotest", confirmed the identity of the internal databases of" Hemotest " and those that were published on the site for the sale of stolen data.
The court found Alekperov guilty on two counts: illegal access to information as part of an organized group and installation of malicious software for Linux. For each of the crimes, the judge imposed 1 year of restriction of freedom. The court recognized as mitigating circumstances a full confession of guilt to the defendant, remorse for what he had done, positive characteristics, the presence of commendations, achievements, grants, assistance to relatives, participation in charity, and a young age. Taking into account mitigating circumstances, the judge sentenced citizen F. M. Alekperov to 1.5 years of restriction of freedom with the following restrictions::
"do not change the permanent place of residence and do not leave the territory without notifying the specialized state body that monitors the person sentenced to restriction of freedom; do not leave the residential premises at the place of residence during the time period from 22: 00 to 06: 00, except in cases related to obtaining education in a higher educational institution."
Moreover, the sentence does not prohibit access to information resources and the Internet.
In 2023, unnoticed by the public, a trial was held over one of the hackers who committed a high-profile hack and stole the database with personal data of Hemotest customers last year. The guilty person received 1.5 years of restriction of freedom for this episode. TAdviser studied the sentence which came into force this fall, and found out under what circumstances the crime was committed, and also why punishment to the hacker was taken out rather soft.
The verdict was handed down to Fuad Maarifa oglu, a 4th-year student of the St. Petersburg Mining University, who had no previous convictions. He was charged under article 272 of the Criminal Code of the Russian Federation part 3 "illegal access to legally protected computer information by a group of persons by prior agreement, resulting in copying of computer information" and Article 273 of the Criminal Code of the Russian Federation part 2 " use of a computer program deliberately intended for unauthorized destruction, blocking, modification, copying of computer information..."
According to the criminal case, Alekperov met with unidentified accomplices, having received the administrator's credentials. [email protected], installed no later than April 21, 2022 on the corporate TV website at corptv.gemotest.ru open-source web-shell remote control program p0wny-shell and used it to gain access to two databases: Ordersfromkash and Ordersfromkash .MIS", which just contained the data of the companies "Laboratory Hemotest" and the clinic of personal medicine "Medexpert Plus".
In addition, a remote control tool for Linux was installed on the hijacked server, which was identified as agent.ar. Using the corporate TV server, the hacker and his accomplices organized a data leak – according to the investigation, 7.79 GB of personal data was stolen in this way. After stealing personal data from the Hemotest information system, attackers in May 2022 placed them on two Darknet resources, where they were put up for sale.
However, in the criminal case of Alekperov, the amount of data specified is 7.79 GB, while in the administrative case against Hemotest, Roskomnadzor indicated 300 GB of information (for more information about the administrative case, see the article section below). The addresses where the attackers posted the stolen data are completely identical in the materials of both cases. Moreover, the agency's experts, who conducted an unscheduled check of the information systems of "Hemotest", confirmed the identity of the internal databases of" Hemotest " and those that were published on the site for the sale of stolen data.
The court found Alekperov guilty on two counts: illegal access to information as part of an organized group and installation of malicious software for Linux. For each of the crimes, the judge imposed 1 year of restriction of freedom. The court recognized as mitigating circumstances a full confession of guilt to the defendant, remorse for what he had done, positive characteristics, the presence of commendations, achievements, grants, assistance to relatives, participation in charity, and a young age. Taking into account mitigating circumstances, the judge sentenced citizen F. M. Alekperov to 1.5 years of restriction of freedom with the following restrictions::
"do not change the permanent place of residence and do not leave the territory without notifying the specialized state body that monitors the person sentenced to restriction of freedom; do not leave the residential premises at the place of residence during the time period from 22: 00 to 06: 00, except in cases related to obtaining education in a higher educational institution."
Moreover, the sentence does not prohibit access to information resources and the Internet.
