The personal information of 29 congressional deputies and 10 Spanish senators is exposed in the Dark webthis corner of the Internet hidden from search engines and traditional browsers where forums proliferate to deal with drugs, weapons, stolen data or other illegal services. In 14 cases the vulnerability is critical, since the information disclosed includes passwords for digital services used by Spanish parliamentarians through their official emails.
The revelation comes from a joint analysis by cybersecurity firm Constella Intelligence and Proton, a Swiss company that offers private messaging and VPN services. The identities of the Spanish politicians whose information is traded on the dark web have not been revealed. “All data is anonymous to limit the risk of people being exposed,” Proton sources explained to elDiario.es.
The company has contacted each affected person personally to inform them of the situation. “A single breach could result in a serious national security problem. As politicians are increasingly highlighted for their cybersecurity practices, it is more important than ever for public figures to ensure their digital identities have the greatest protection possible,” says -he.
It is common for cybercriminals to exchange stolen information in the Dark Web They buy and resell databases in different locations, thereby multiplying the severity of each vulnerability. According to the investigation, the data of the 39 Spanish deputies and senators concerned is exposed in at least 117 different leaks. “These leaks took place when politicians registered on third-party services (LinkedIn, Adobe, Dropbox, etc.) using their official email addresses and these services were then attacked,” he explains.
Although the dark web was not born as a place intended solely for illegal activities, the anonymity it offers has made it an ideal place for these types of transactions. As this report from elDiario.es documents, it is a market with standardized prices and increasingly professionalized where you can acquire the raw materials that cybercriminals use to commit scams. The bank code of a Spanish credit card, for example, It can be worth around 20 euros.
The most common vulnerability in the case of Spanish politicians analyzed and whose passwords are exposed is that it is the LinkedIn password. “While a hostile takeover of one of these accounts would not give access to state secrets to the attacker or a foreign government, it could reveal private communications and other sensitive data that could be used to defraud or blackmail the politicians involved,” the researchers say. .
Worse in France, Italy and the United Kingdom
But it is the Spanish deputies and senators who stand out best in this study, in which French, Italian and British parliamentarians also participated. As a percentage, 6.4% of the 615 members of Congress and the Senate had their information disclosed. In France, this proportion rises to 18% and in Italy to 14%. The British are by far the most targeted, with almost half of them (44%) having their information exposed on the dark web.
“In total, 402 leaks were identified in Italy, 1,306 in France, 2,110 in the United Kingdom and a total of 2,311 among MEPs,” specifies the study, which describes the situation in these countries as “alarming”: “320 were disclosed. plaintext passwords associated with the compromised accounts of members of the French National Assembly, 216 for their British counterparts, 161 among European deputies and 118 for their Italian counterparts.
The author companies recommend that authorities increase the cybersecurity of these public officials. For example, they point out that the fact that their official email addresses identify them with their first and last name increases the possibility that cybercriminals can select them as a target for a security breach, which is why they advise using “email aliases”. “With an email alias, the identity of an account is hidden. Additionally, if an alias is leaked or falls into the wrong hands, the user can easily delete it without affecting their real email address or other aliases.
They also recall the usefulness of password managers (services that generate a unique and robust key for each service, making it difficult to hack and preventing its reuse) or from time to time analyzing the dark web to check what data may have been disclosed.
“In a context where cyber defense constitutes a major concern at national and European levels, public authorities are at the center of strategic and decision-making issues. They constitute a privileged target for state aggressors, whatever their origin. This research highlights the urgent need to implement good practices and raise policy awareness of growing cybersecurity issues,” its authors emphasize.
