Russia's Illicit Data Market Backfires as Ukrainian Spies Exploit Leaks, Prompting Kremlin Crackdown

Russia's 'Probiv' Market Under Scrutiny

Russia's extensive illicit market for leaked personal data, commonly referred to as 'probiv,' has become a critical vulnerability, with Ukrainian intelligence services now actively exploiting its porous landscape. For over a decade, this shadowy ecosystem, built on a network of corrupt officials, bank employees, and low-level security staff, has allowed access to restricted government and corporate databases for a fee, sometimes as low as $10. This unique Russian phenomenon, rooted in the country's corrupt state infrastructure, has historically been tolerated, even used by domestic law enforcement and investigative journalists.

Ukrainian Exploitation Intensifies

The ongoing conflict has transformed this tolerated market into a significant national security threat for the Russian Federation. Ukrainian spies and pro-Ukrainian hacker groups are leveraging the readily available data to identify and target Russian military officials and critical infrastructure.

• The Ukrainian hacker group KibOrg reportedly published a database belonging to Alfa Bank, one of Russia's largest private commercial banks, allegedly containing personal data on approximately 24 million individuals and over 13 million organizations.
• A massive leak of the FSB Kordon-2023 database, detailing individuals who crossed Russia's borders between 2014 and 2023, has also surfaced online.
• Ukrainian cyber specialists have gained access to servers in occupied Crimea, reportedly obtaining over 100 terabytes of intelligence data, including official correspondence and lists of Ukrainian children transferred to Russia.
• In another significant operation, Ukrainian cyber operatives disrupted the Filanco Group, a Russian internet service provider, rendering 3,100 network devices inoperable and destroying more than 800 terabytes of stored data.
• The hacktivist collective Anonymous has also claimed responsibility for leaking personal information of 120,000 Russian soldiers in Ukraine.

Kremlin's Scramble to Rein In the Market

The Kremlin, which once viewed the 'probiv' market as a convenient, albeit illicit, resource, now perceives it as a direct threat. This shift in perception was underscored when President Vladimir Putin himself admitted to falling victim to a phone scam.

In response, Russia has initiated a scramble to control the situation:

• In November 2024, President Putin signed new laws significantly increasing administrative and criminal penalties for data breaches and the illegal circulation of personal data. Fines can now reach up to 15 million rubles ($141,000) for illegal transfers of personal information and health details, and up to 20 million rubles ($188,000) for biometric data.
• The new legislation also mandates the creation of a state-run information system designed to track individuals involved in cyber offenses.

Despite these measures, the crackdown appears to be inadvertently exacerbating the problem. Some leading data brokers have reportedly relocated their operations abroad, where they operate with fewer constraints, leading to an unprecedented volume of sensitive information being leaked online. The chief executive of state telecom giant Rostelecom has stated that the personal data of all Russian citizens has been compromised, with Sberbank estimating that approximately 90% of Russian users' data has been affected. In 2024, financial cybercrime reached record levels, with 27.5 billion rubles ($300 million) stolen from Russian bank accounts, marking a 74.4% increase from the previous year. Furthermore, 438 million phone numbers and 227 million email addresses of Russian users were leaked in 2024.