A local resident has been arrested on July 23, 2021, by Estonian officials, and as per the report, the officers of Estonia claimed that the suspect has used a vulnerability to obtain access to the state database.
Apart from this, the suspect has been also charged for uploading photos of 286,438 people from the accessed database. According to the officials of Estonia reports, this attack has been exposed due to a definite increment in the number of requests.
Hacker Abused RIA Database
The hacker has used a vulnerability to gain access to the database, and the officials have asserted that they have found a vulnerability in a database that is controlled by the Information System Authority (RIA).
After the attack being exposed, RIA declared that its database normally went through with five different subsystems for examination, before retorting a query to demonstrate a user’s government ID photo.
Moreover, RIA declared that the hacker had provided the name of an Estonian citizen, to exploit the vulnerability, and not only this but it has also provided a correct identification code that convince them to give access to the database.
Incident’s Timeline
The officers of an Estonian has mentioned the incident’s timeline, and here they are given below:-
- July 16 – SK ID Solutions notifies regarding the huge number of queries to RIA.
- July 21 – RIA identifies the mass download of data from the Identity Documents Database (KMAIS) via extra monitoring and concludes the service.
- July 22 – RIA follows the possible IP address applied to download the photos and forwards the data to the police.
- July 22 – RIA starts an internal investigation to discover the reason how manipulation of the control mechanism of the image storage system was feasible.
- July 23 – The police arrests the man speculated of downloading the data and executes the fundamental procedural acts.
- July 23 – RIA reopens the attached image system that again enables people to download their document photos.
- July 23-27 – RIA also examines the possibility of using a related attack vector in some other services.
Authorities Retrieved The Stolen ID Photos
Apart from this, the cybersecurity experts are not yet confirmed that the hacker has transferred the photos to another party or not, and therefore, the experts have conducted an investigation that will help them out to know the exact matter.
Moreover, the agency claimed that this attack was not severe enough, and now the experts are notifying the Estonian citizens regarding the attack through emails, and not only this, but the citizens don’t have to take new photos and change their IDs as well.
