However, according to data obtained by journalists, the Register Centre’s story may be only part of a much broader and more serious cybersecurity crisis.
Understand instantly
Undisclosed details of register theft: what and when was known and why was it kept silent?
The Prime Minister says that the Migration Department will also have to take responsibility for the data theft
Minister: “Anything is possible”
After initial reports in May, it was announced that several accounts of Migration Department employees had been hacked. However, 15min information gathered shows that the scale of the breach may be significantly larger and more serious.
According to 15min, not only the accounts of Migration Department employees may have been compromised. Responsible institutions are currently investigating the circumstances of possible intrusions into fifty employee accounts in information systems subordinate to the Ministry of Interior (MoI).
Minister of Interior Vladislavas Kondratovičius stated to 15min on Friday afternoon that he could not yet confirm or deny information about a potentially much more serious incident in the MoI’s information systems.
“We are preparing an answer for you, as far as I know. I cannot confirm or deny it yet,” said Minister V. Kondratovičius. He hinted that the hacked accounts could belong to different institutions subordinate to the MoI, but said he could not provide more precise data yet.
Asked if he had previously known about a possible intrusion into several dozen accounts of MoI system employees, V. Kondratovičius did not answer directly, but added that “anything is possible there,” as there are many subordinate institutions.
The Minister also did not answer whether the mentioned accounts had access to the MoI IT systems where particularly sensitive biometric data of residents is stored. However, the Minister assured that biometric data has not leaked.
“There is certainly no such information,” said V. Kondratovičius.
According to 15min, information about the intrusion into several dozen MoI IT system accounts may have been known to the ministry’s leadership as early as the beginning of May. This was also mentioned in some inter-institutional meetings.
When 15min asked if he could deny the information that the ministry’s leadership had known about a much more serious incident in the MoI IT systems earlier, ministry spokesman Mindaugas Bajarūnas replied:
“We cannot confirm, deny, objectively evaluate, or responsibly comment on this information, as all information related to the cyber incident has been handed over to pre-trial investigation institutions.”
Viktorija Rūkštelė, head of the MoI’s Informatics and Communications Department (IRD), initially stated to 15min on Friday that she had no information about a broader incident in the MoI IT systems. However, when asked more specifically if she knew about several dozen hacked accounts, she said she needed to verify the information.
A little later, V. Rūkštelė provided an answer that the IRD had handed over all information to pre-trial investigation institutions. Asked what information she meant and whether the Informatics and Communications Department itself was conducting an internal investigation into a broader incident in the MoI IT systems and the potentially hacked several dozen accounts, the IRD head repeated the same answer – about the information handed over to pre-trial investigation institutions.
The Informatics and Communications Department (IRD) manages or administers the ecosystem of internal affairs registers and information systems. A large part of it is related to law enforcement and the register of criminal activities.
However, the IRD is also connected to other information systems, such as the migration services system MIGRIS, eID used for electronic identity and electronic signature, DBSIS for institutional document management, and the ADIS information system used for issuing personal documents and managing their status.
On Friday afternoon, the MoI replied that the MIGRIS and ADIS systems were not compromised. It is in these systems that residents’ biometric data is stored.
This is data about a person’s physical characteristics by which their identity can be determined – this can include fingerprints, height, eye color, photo, etc.
“Whether several dozen MoI system accounts could have been hacked or taken over, we cannot confirm this information. The pre-trial investigation currently being conducted by the Prosecutor General’s Office will answer this,” the MoI replied in writing on Friday afternoon.
M. Bajarūnas noted that a Working Group for Ensuring the Continuity of Networks and Information Systems was established by the Minister’s order.
This working group is tasked with assessing potential future risks and providing recommendations to the Minister on necessary actions in the field of cybersecurity.
An external, independent security audit of internal affairs information systems is also currently being conducted. The completion of the first evaluation stage and the report are currently awaited. After this report, a second audit stage is planned. Both audit evaluations will form a consistent independent analysis of the situation.
The MoI stated that the National Cyber Security Centre is also conducting an audit related to the aforementioned cyber incident.
The Lithuanian Criminal Police Bureau stated to 15min that it would not comment on the situation, and would provide more detailed information when it would not harm the pre-trial investigation.
15min on Friday contacted the Prosecutor General’s Office and the National Cyber Security Centre; we will update the publication once we receive their answers.
600,000 Real Estate Register entries leaked
Last week 15min was the first to report on a large-scale data theft from the Register Centre’s systems.
It turned out that from January to April this year, criminals, using two hacked accounts of Migration Department employees, connected to the Real Estate Register managed by the Register Centre. Logins occurred not only during working hours but also at night and on weekends. Using stolen accounts, they downloaded data about residents’ real estate, including personal identification numbers.
Available data shows that information about some residents interested the criminals more than once. Cases were recorded where the same individuals’ data was accessed repeatedly – for example, information about one real estate object was downloaded in February, and about another in April.
According to preliminary data, over 600,000 Real Estate Register entries were illegally downloaded in this manner over several months.
Law enforcement has launched a pre-trial investigation into this incident. After the incident was publicly reported, the head of the Register Centre also resigned.
