Russian Major Cellular Company Client Database Stolen

It seems that the company does not care about its clients at all

Russian media have caused a commotion regarding the fact that the client base of Russia's largest cellular operator has been stolen. Mobile TeleSystems (MTS) allegedly conducts the internal investigation of the incident. There is no information about the process of the investigation, though. Compact disks containing the stolen confidential information are now available on market places and on the Internet. However, no one tries to detect the thieves and to organize a demonstrative trial on them, convicting them to the maximum imprisonment. Mobile TeleSystems did not even ask law-enforcement bodies for help, as if everything is quiet and nothing happened. It seems that nobody cares about the fact of human rights violations - the rights, which are guaranteed by the Russian law, by the way. Even MTS clients evince no wish to stand up for their rights. They do not hurry to sue the cellular operator.

The following letter was sent to the company Mobile TeleSystems on February 6th. However, no response has been received yet.

“Good afternoon! Today I received an email, the contents of which can be seen below. As a client of the cellular communication company MTS, I would like to find out, which measures the company is going to take in connection with this problem. There is a telephone number mentioned in the email that I received. There is a mailbox on mail system. They ask to email orders to that mailbox. It is possible to find out the sender’s whereabouts on that website. As a responsible person from the online newspaper PRAVDA.Ru, I would like to see or to hear the comments from MTS’s competent people regarding their work on the issue.”

The email that has been distributed on the Russian Internet today arrived in PRAVDA.Ru’s office mailbox as well: “From: "МТS" Sent: Thursday, February 06, 2003 7:43 PM Subject: MTS telephones database

There is an opportunity to search the database with: - a telephone number; - name, middle name, last name; - legal entity name; - tax-payer identification code of a legal entity.

Search results are categorized as follows:

For natural persons: - telephone number of seven digits without the code, bill payment, the characteristics of the person to contact, the characteristics of the person, who signed the contract; - name, middle name, last name, birth date, citizenship, passport series number, passport’s issuer, residing address.

For legal entities: - telephone number of seven digits without the code, the characteristics of the person to contact, his initials and full name, his birth date, citizenship, passport data are possible to be shown as well. The same things will be shown for the person, who signed the contract. - legal entity’s name, the tax-payer’s identification code, address and telephone number.

The unique compact disk costs $150. Our emails: or Telephone number: 8-926-227-92-87. Please call from 10 a.m. till 9 p.m.

P.S. The given email was sent according to part 4 of article 29 of the Russian Federation Constitution and in compliance with part 1 of article 27 of the Federal Law of February 16th, 1995. Your email address was obtained from open sources. You can unsubscribe from the list by replying to this message, putting ‘Delete’ in the subject line.”

This is what we and many other people found in mailboxes today. The strange and unexplainable silence of the Russian major cellular communication company can not but cause anxiety. The seller of the stolen goods does not hide his identity, having mentioned the contact information in the body of the email. It seems that it would not be a hardship for security services or law-enforcement bodies to investigate the matter carefully. However, there is an impression that the MTS administration does not care about their own subscribers, as well as about the information that clients entrusted the company on the confidential basis. MTS assures that there has been only a part of the client database stolen. The company counts six million clients in total. Everyone is left to guess, if the thieves got the confidential data at their disposal or not.

When the fact of the stolen client database came into the public eye, it caused a commotion for mass media. This news was a piece of sensation that editors of every newspaper and magazine demand from reporters daily. The sensation is gone, although it is still not known, if MTS addressed to law-enforcement bodies, if there were criminal proceedings instituted on the fact of stealing the confidential information and its further commercial use. Respectable Western companies would hold daily briefings in this case. They would not be that slow with their police report. If there is a suspicion that a company’s employee is implicated in a scandal, it would make everything a lot faster for a Western company. However, we live in Russia. This is probably the explanation of the company’s indifference to its own failures.

Who stole the client database of the company, and what should be done about that? As it was informed, MTS has been conducting the internal investigation for more than a weak already. Nevertheless, according to the information from Gazeta.Ru website, MTS’s internal security service does not question its employees that have access to the database. As it was said, the security service of the company used other methods in its work to investigate the incident. It was not specified, which methods were used in particular. The investigation has not led to any results yet. They just keep saying that it is still going on.

Which versions are there to explain the situation? It goes without saying that the first version draws the suspicion aside from MTS itself. It was reported that the client database was allegedly stolen by negligent special services employees, who were on duty in MTS offices during the hostage crisis in Moscow’s music theatre in October. They could access all the information about the company’s clients. Yet, it is obvious that it would be too dangerous to insist on such version. That is why, MTS does not insist on it. Eva Prokofyeva, the press secretary of the cellular company said that the MTS administration was rather sceptic about the version of special services agents: “We have nothing to claim from them. We do not link the hostage crisis events and the fact that the client database of the company has been stolen,” said she.

However, the public relations center of the Russian Federal Security Bureau (FSB) stated such a possibility is absolutely out of the question, since there was absolutely no internal investigation conducted on the fact of stealing the client database. “We perform our activities on the ground of the law “About efficient and investigation operations on court approval,” said the FSB press service. Furthermore, FSB agents can access the information of cellular companies on court approval “within the scope of an undertaking.” In other words, if special services suspect something about a cell company client, agents will not be able to access the information of other clients. This is what Gazeta.Ru believes about the whole matter. There is no reason not to believe the website.

The second version seems to be more believable: MTS employees stole the database themselves. Yet, the company asserted that only few people had access to the client database. It was particularly said that all of those people are controlled by the security service. There is a conclusion to make about this: why not making some sort of agreement between those who control and the ones that are controlled? Why not coming to consent and then dividing the profit? No comments from the peanut gallery, so to speak.

The third version is the most innocent one: the database was stolen by some bad hackers. They penetrated into the base on the Internet, broke the protection system, and downloaded the entire database on their own computer. They packed everything and disappeared. This has been a plot of so many movies. An organization that is concerned about the secrecy of its information will never put such data on the world wide web, no matter how tough and cool the computer security system might be. Reporters attacked MTS spokespeople with that question. MTS said that the company’s nets were protected very well. However, they did not specify, if the database was available on the net or on some local carriers. It is an open secret that there is no protection that hackers can not break. Permanent trials against Russian hackers in the United States of America are a very good example of that.

There is another fact that is very suspicious: Mobile TeleSystems has not yet decided to attract law-enforcement bodies to the investigation. This fact works for the first two versions: either it is dangerous to deal with the thief, or the people from the company’s administration are implicated in the fact of stealing. The MTS administration has not provided any understandable explanation both to its clients and to the public. On the other hand, LUKOIL Vice President Sergey Kukura’s kidnapping last year showed, to which extent Russian companies are ready to trust Russian law-enforcement bodies.

Furthermore, it is not really clear, why MTS needs so much confidential information about its clients. MTS uses the prepay system in its activities. As soon as your money is over on your account, the company will disable your phone immediately. Mobile TeleSystems has not made any comments on this issue either. The press service of the company Bee Line, another big cellular company of Russia, said that the collection of the detailed information about clients is conducted on the ground of the adequate instruction from the Central State Communication Control committee. Yet, the latter rejects the fact that such an instruction exists. To crown it all, it is not clear, if a cellular company can be punished by supervisory state bodies for the loss of such kind of information. Anatoly Yermolayev, the chief of the Communication and Information Control Department for Moscow and the Moscow region said that the license of a cellular company contains a paragraph about the restricted access to a client’s information. Yermolayev believes, though, that it is extremely hard to withdraw the license from MTS on the base of this violation. The legal awareness of the Russian people is not that advanced in order to file lawsuit after lawsuit against Mobile TeleSystems, claiming the moral and material damage compensation. This is probably why MTS does not seem to be troubled a lot, taking into consideration the fact that incidents like this have happened before.

Such a trouble happened with the company Bee Line in 1998. Spokespeople for this company acknowledge that compact disks with the confidential information of its clients are still available on marketplaces. Bee Line did not go to police, it was not afraid of any lawsuits. One can easily guess the reason why. A contract that is concluded between a Russian cellular company and its client does not have a paragraph of the company’s responsibility to keep the client’s information confidential. Therefore, this is an issue of a Russian consumer's vulnerability in the country.

The law “About the Protection of Consumer’s Rights” does not actually protect the rights of a consumer. As a matter of fact, sellers of goods and services are not responsible to a client. This situation will last until a Russian citizens goes to a court, being offended with the fact that his or her rights have been violated. Yet, this seems to be just a dream in the situation, when the prime goal for the Russian people is to survive and not to go below the poverty line.

Kira Poznakhirko PRAVDA.Ru

Translated by Dmitry Sudakov