adUnits.push({
code: ‘Rpp_tecnologia_mas_tecnologia_Nota_Interna1’,
mediaTypes: {
banner: {
sizes: (navigator.userAgent.match(/iPhone|android|iPod/i)) ? [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100]] : [[300, 250], [320, 460], [320, 480], [320, 50], [300, 100], [320, 100], [635, 90]]
}
},
bids: [{
bidder: ‘appnexus’,
params: {
placementId: ‘14149971’
}
},{
bidder: ‘rubicon’,
params: {
accountId: ‘19264’,
siteId: ‘314342’,
zoneId: ‘1604128’
}
},{
bidder: ‘amx’,
params: {
tagId: ‘MTUybWVkaWEuY29t’
}
},{
bidder: ‘oftmedia’,
params: {
placementId: navigator.userAgent.match(/iPhone|android|iPod/i) ? ‘22617692’: ‘22617693’
}
}]
});
After ASBANC complained about a metasearch engine that got access to Peruvians’ confidential data in order to sell it through a bot Telegram baptized as “Run, run, fox” this information has been disclosed. Once launched on this fraudulent system, it was inevitable that the clones would use the same file extracted with Peruvians’ personal information to create “as a service” accounts to exchange addresses, photos, and even signatures of compatriots. Now we’re facing “Himiko’s Date”. New bot in Telegram.
According to a complaint circulated on the METADATA technology podcast, a product of Grupo RPP, a user reported the existence of this new bot that accesses previously filtered data and that, with a simple search, allows access to data stored in the National Identity and Civil Registry file. state (RENIEC).
V results According to the RPP, various levels of access have been identified, such as searching for an identity card all the way down to the photograph and the signature that appears on the identity document. These quests, unlike the “Zorrito Trun Run” of the time, do not require payment.
As you can see, access via the /cmds command is enough to display the bot’s options menu:
DNI (includes additional verification number), full names and surnames, gender, date of birth and age, department, state, district, level of education. Marital status, height, date of registration, names of parents, date of issue and validity of the current document, except for restrictions.
Along with this information, the full address is provided, including the extension number. Depending on the search level, we can query the DNI, document status, refer to the RENIEC file, search for the name, check the verification number, and return DNI information without photos.
Little Fox Run Run, ASBANC and our data
In May 2022, the chairman of the Association of Banks of Peru (ASBANC) asked the authorities to conduct a comprehensive investigation into the extent and extent of the leakage of personal data of Peruvians, which included various government organizations such as RENIEC, SUNARP, SUNAT, the AFP system and others. In this case, access was much higher because some of these instances have strict processes in place to protect data.
After this event, a multi-industry table was formed, led by the PCM and with the support of organizations relevant to the topic: operators, ASBANC, the Ministry of Internal Affairs and others. After several months of work, the controls to prevent new systems with the same data from appearing seem to be working.
At the time of this writing, the bot is listed as inactive. However, he continued to work until last Wednesday, when a complaint was filed in the METALIVE section, interaction with NIUSGEEK subscribers on Telegram.
What is the problem? Well, we can disable every bot or system that has appeared on the dark sides of the Internet, but our data will still be exposed. Unlike a Facebook password or activating multiple 2FA systems – two-step verification – we can’t go into RENIEC to get a new DNI number or change RUC in SUNAT in a matter of minutes. Our personal information is exposed and we need to contain the growth of these criminal systems, but also start to reduce the availability of this information. Unfortunately, we are far from it.
What we can do? In the meantime, we share the information we have. This will allow an insensitive topic such as computer security to be treated as a topic similar to the custody of our physical assets. Just like you take care of your home and car, you should take care of your data.
Another measure is to start strengthening our security on digital services with two-step verification on systems that allow it. This adds an extra layer of protection against, for example, attempts to impersonate our identity on social media.
On the other hand, we need to know our status in the financial system: the total amount of debt, our payments, our position in risk centers, our recent consumption, traces of our packages requested by e-commerce. All. Such a review will not allow a scammer to take you by surprise.
Also, try not to share card codes, CVVs, or full numbers in private messages on social networks such as Instagram, Facebook, or others. If a criminal impersonates you and enters one of them, he can check your mailbox and get data from there. Delete sensitive data from these trays and make a copy on your device or cloud system with an optional password.
Source: RPP
I am Ben Stock, a passionate and experienced digital journalist working in the news industry. At the Buna Times, I write articles covering technology developments and related topics. I strive to provide reliable information that my readers can trust. My research skills are top-notch, as well as my ability to craft engaging stories on timely topics with clarity and accuracy.