On Thursday, October 1, a group of anonymous Russian citizens launched Rusleaks, a web site providing open access to a significant volume of personal and corporate data from a variety sources, including highly confidential ones such as the databases of Russian tax service and law enforcement agencies. The site was no more accessible today after the Russian authorities announced measures to block it.
In the brief period of its operation, Rusleaks offered access to unfiltered information on official identities, addresses and phone numbers, tax declarations, registered economic activities or records of outstanding fines of virtually any Russian citizen or company.
Project initiators claim they created an instrument for “active citizen control” against the “universal corruption” that affects Russia. “When closed information will become partly open, ordinary citizens will be able to make inquiries and uncover corruption on their own, especially at the local level,” the site claims.
“Honest people have nothing to hide”
Some, who “fear to be unmasked,” will “not be happy” with the project, write the initiators, but “honest people do not need to hide information about themselves to society.”
Rusleaks claims it has neither breached the security of any network nor stolen any data. “We have used only databases that are already accessible and circulate freely on the Internet, indexed them and offered a convenient interface to search for information. Curiosity is not a crime.”
The site was hosted in Switzerland and accessible via three domain names: Rusleaks.com, Rusleaks.net and Rusleaks.org. The site became difficult to access over the week end and as of Monday evening is no longer available.
Roskomnadzor – the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications – announced this Monday that it took “a series of measures” to block Rusleaks from “providing access to personal data of private citizens of Russia without their consent.”
Roskomnadzor identified the domain names as having been designated by Miami, Florida based registrar Internet BS Corp., to whom it sent a request to withdraw the designation.
The Russian telecom regulator also filed charges with a Moscow court to establish the illegal nature of the site prior to blocking access to it from Russian territory.
A recurring issue
Roskomnadzor has already blocked access to “over 20 sites” in the past – including sites hosted outside Russia – for violating Russian legislation protecting personal data.
Data leaks have taken a variety of forms in Russia. In July of this year, some 8,000 text messages sent by clients over the supposedly secure website of MegaFon, a leading mobile operator, were found online in search results of major Russian language search engine Yandex.
In June, Moscow police cracked down on illegal database traffic. During a raid in Russia’s largest electronics marketplace – the Gorbushkin Dvor mall in Moscow – the police confiscated 40 CDs presumably containing police databases with the home addresses and criminal records of individual Russian citizens from 2009.
Update Oct. 9, 2011
Rusleaks announced it found a hosting solution through I2P – the acronym stands for Invisible Internet Project – an anonymizing network for identity-sensitive applications wrapping all data with several layers of encryption. But the site was still not accessible today via the URLs indicated on the Rusleaks home page:
http://rusleaks.i2p
http://ltgzl26nfapk7aegiqjdilc6orhj557yuxj5p23qbquc2t23chuq.b32.i2p
http://stats.i2p/cgi-bin/jump.cgi?a=rusleaks.i2p