Cyber expert Konstantin Korsun commented on the situation regarding how attackers were able to hack a user’s «Diіa» and apply for loans from banks and microfinance institutions.
Cyber expert Konstantin Korsun commented on the situation regarding how attackers were able to hack a user’s «Diіa» and apply for loans from banks and microfinance institutions.
Recall, Founder and CPO of KARAKUM Soft Viktoriya Alexandrova stated that she became a victim of fraud. Now she is a «borrower» in a number of financial institutions and microcredit organizations, although the specialist herself did not issue any loans. Vaughan claims that fraudsters hacked her account in «Diіa». We wrote about the incident in detail here.
«Remember the days of 'loans through Diіa', when scammers would issue loans to victims without their knowledge? Well, those days are coming back. I thought this would never happen again. Deliveries of old and new problems for Diіa users have been resumed. As expected,» Korsun noted.
He says that other similar cases ended badly for the victim, except for the «very first, «image» victim, when the situation was resolved «manually» through the efforts of Fedorov himself, the Cyber Police, and the SBU. Dev.ua described this case in detail back in 2021.
«And today, what my colleagues and I wrote about back in early February 2022 actually happened: the main defect in the architecture of „Diіa“ — the separation of identification tools by trust levels — was implemented. This is when you shift your responsibility to someone else, to put it simply,» says Korsun.
The state service of electronic documents, in his opinion, should have had its own identification system — super reliable, super safe, with the highest degree of trust. «Instead, the digitizers shifted the responsibility for identifying citizens to the banking system with its own identification system. Which is not bad, but of a lower level, with a lower degree of trust. Because banks, in this case, risk only their own money, and financial risks were laid down when building the system and are covered from the funds provided for such cases. Ensuring the implementation of the functions of official state identification was not laid down in this system, as well as the corresponding risks of abuse and leakage of personal data. And these are no longer material interests, but national, national security, which banks could not and should not have laid down and prejudiced,» the specialist noted.
Konsun believes that «Diia» should simply be banned — while an independent international commission checks the degree of its danger to society.
«If you allowed the boys to play with dangerous toys, have the courage to admit your mistake as soon as possible so that it does not lead to even more devastating consequences. If the criminals were able to enter the „Diia“ of the victim through one bank, they will be able to do so through others. Because the erroneous principle remains unchanged. And left-wing loans may now appear in the hands of many citizens,» he explains his position.
dev.ua sent a request to the Ministry of Digital Affairs yesterday asking for a comment on the fraud incident. At the time of publication, we had not received a response.
