Half of the websites of law enforcement agencies of Russia use public mail servers

In connection with the recent massive overflow of logins and passwords from mail services that are popular in Russia ( Yandex , Mail , Gmail ), the idea came to carry out a small analysis of the use of such public mail servers in the work of our state structures. It was decided to dwell on the three main power structures - the investigative committee , the prosecutor's office and the Ministry of Internal Affairs , which, it would seem, must observe the law more than others. The results are not difficult to guess from the topic header ...

Under the cat detailed analytics and polls.

Prologue

Mr. Zharov (head of Roskomnadzor) commented on the leakage of identification data of users of popular mail services:

“Unfortunately, hacking public mail or cloud services is a fairly common phenomenon today. As practice shows, not a single Internet giant can boast of effective protection of its services from hackers - be it Yandex, Mail.ru or Google. Roskomnadzor, as the authorized body for the protection of personal data of Russians, closely follows that the personal information of citizens is not publicly available. In fact, the last "high-profile" leaks of mail passwords on the Internet to Roskomnadzor received about two dozen appeals from citizens.
It must be said that in the terminology of the current legislation, the logins and passwords of email or accounts in social networks are not personal data. Therefore, we have no legal basis for conducting any checks against Internet companies that have leaked. Another question is that by gaining access to postal identifiers, the attackers get at their disposal the content of your correspondence - where, of course, there may be your personal data: images, contact information, documents sent, etc. Our task is to quickly identify when such information will appear on the Web, and stop its distribution.
Now we are actively using the practice of stopping the dissemination of personal data of Russians in court. In recent months, the courts have made appropriate decisions to restrict access to 12 websites violating personal data law, and Roskomnadzor’s lawsuits against more than 60 sites are at the trial stage. It is gratifying that in two cases the courts rendered decisions on preliminary interim measures - this practice allows us to seek the removal of personal data from Internet resources before the lengthy trial is completed, and within a month the court decision will come into force. In the case of personal data, the speed of our reaction is critical, because there is always a risk that your personal information will be used by criminals, and there will be a threat to your physical security, health, life or reputation. ”

Counting Method

I wanted to analyze what a citizen actually sees when contacting the agency’s site, so addresses were collected manually (thanks to content managers who manage to create not only with the layout of individual pages, but also to shuffle the menu sections in random order) without using any reference books.
')

1. Investigative Committee

The email address was specified only in 39 divisions, the other 55 easily manage without it:

The investigative committee turned out to be the most patriotic - they use only domestic services (the category “other” includes vologda.ru and nm.ru). The guys even remember the Rambler! Well done, cho.

2. Prosecutor's office

This department has a hell of hell with the sites of territorial divisions. There is no single portal, everyone freaked out what he wanted. The quest titled “find the Contacts section on 80+ sites” took quite a lot of time. Sincerely sorry for people who have to navigate in these wilds.

31 email sites did not show up in contacts, the other 52 were distributed as follows:

More advanced employees are already working here - Rambler has been sent to a landfill and Gmail appears! Various city portals and providers' servers fell into the numerous “Others” category, which is obviously related to the identity of each individual site.

3. MIA

The best situation in our police. Only 7 subsites did not find a box at all, 51 is located on the departmental server mvd.gov.ru , 26 in public:

While the ring of enemies is being compressed around the country, as many as 3 structural units keep mailboxes on the servers of an increasingly likely enemy. It's a shame, comrades!

It happens that the police, as if nothing had happened, offer to send appeals to Yandex and Mail.ru:





Sometimes the external address is indicated together with the departmental, but I also considered this case as a flyover, since an ordinary citizen does not understand the difference and is able to send confidential information to any of the addresses:

Total

Approximately assess the extent of the use of such addresses for the Ministry of Internal Affairs and the UK can be using simple search queries .

Why am I all this

Citizens apply to these addresses with reports of crimes, often want to preserve anonymity, so a violation of the confidentiality of this kind of information can actually threaten their life and health. These are not any photos of naked girls or even personal data.

In the central offices of these departments there are people who are responsible for the content of sites, there are people and entire departments responsible for public relations, there are departments for information security and state secrets. Why don't they work?