Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead
All it took was a close friend (who knew he had one?) falling victim to fraud over the phone for Russian President Vladimir Putin’s crackdown on the probiv market used by the police, journalists and criminals alike to tap and use leaked personal data. Though the president’s directive may have had an opposite effect.
The illegal market, The Guardian said, was birthed by Russia’s “corrupt state infrastructure” and has blossomed and spread over the past decade, leaking databases and trading data through a web of brokers, corrupt officials, bank workers and other operators.
Can purchase anything from passports (sometimes at the bargain basement price of $10!) to metadata. And journalists have used it in their investigations, notably a probe into the FSB’s role in the poisoning of Putin foe Alexei Navalny.
“It is one of the paradoxes of modern Russia: On the one hand, these services are illegal and rely on leaked data, yet on the other, they are far more convenient for day-to-day police work than the multitude of official departmental databases,” The Guardian cited journalist Andrei Zakharov, who wrote a book on probiv, as saying.
“Russia’s crackdown on the probiv market exposes a core paradox of authoritarian systems: the same data corruption that enables control also creates national-security risk,” agrees Heath Renfrow, co-founder and CISO at Fenix24. “For years, leaked personal data functioned as an unofficial tool for law enforcement, intelligence services, journalists, and criminals alike.”
All that began to change after Russia invaded Ukraine and the Kremlin eventually came to view the network as threatening and began to crack down on data leaks, bolstering laws, and going after brokers and others.
“What changed is the threat model. During the war in Ukraine, those same leaks enabled fraud, foreign intelligence operations, and even targeted killings, turning a tolerated convenience into a strategic liability,” says Renfrow.
But the real pivot point seemed to come when Putin’s buddy was scammed, which seemed to spur the Russian president to ramp up its crackdown on probiv.
The government’s efforts have met with some success. For instance, law enforcement was able to identify and nab Kirill Mironov and Mikhail Seifetdinov, the creators behind the Solaris platform, which collects and sells personal data.
Mironov reputedly was an employee of a federal service and Seifetdinov has previously worked for the Ministry of Defense and had even won accolades from the Ministry for the work he did on information security systems used by Russian strategic missile forces.
Still, there is plenty of evidence that Putin’s push to neuter probiv may have bolstered it, at least according to Zakharov, who sees the market’s disconnect from security services and the migration of many brokers to other countries as diminishing the fear factor and eroding boundaries.
“Before, they still worked with the security services, or would think twice before releasing something extremely sensitive. Now all their brakes are off,” The Guardian quoted Zakharov as saying. “They’re dumping one sensitive leak after another” from the FSB Kordon-2023 database dump detailing people who had crossed Russian borders over a nine-year period to a leak of an Alfa Bank clients’ database by Ukrainian hacker group KibOrg.
Regardless, Renfrow says the takeaway is universal: data integrity is national security. “When access controls fail and insider abuse goes unchecked, personal data becomes a weapon—regardless of whether the victim is a citizen, an enterprise, or a state,” he says.
