Personal data of Kuwaitis and expats exposed for sale online, raising concerns over privacy and security

This news has been read 22582 times!

KUWAIT CITY, June 14: Do not be surprised if an unknown person suddenly calls you and tells you private information about yourself such as your name, your marital status, the number of children you have, the place you work, and so on. The data of citizens and residents in the country has become a commodity offered for sale at the lowest prices on social media, which is being exploited by international gangs for extortion or siphoning of bank accounts, reports Al-Qabas daily.

In this context, the daily monitored a group of accounts through communication sites such as Facebook, Twitter and WhatsApp, which offer to sell a large amount of information and private data in exchange for KD 50. Some of the secret methods used by individuals and gangs to access personal phone numbers of citizens or residents in Kuwait using local numbers, were revealed. It was found that the largest percentage of these gangs operate in Arab or Asian countries.

One of the officials in those groups, who resides in an Arab country, revealed that the data available to him was originally leaked from the Facebook application, especially in Kuwait, and it contains 4.5 million phone numbers of citizens and residents.

He said, “This data can be filtered using Excel or a special program, such that the phone numbers are divided according to the job, address, account names on Twitter and Facebook, email address, and the marital status of the person.”

He admitted that the aim behind selling this data was to provide marketing companies with it to target these people, and to carry out marketing campaigns based on specialization.

The official revealed a surprising fact, which is the data of Kuwait residents is currently discounted by up to 70 percent.

However, the most dangerous aspect in the issue of data leakage is the announcement by some pages specialized in data provision via Facebook about the availability of Kuwaiti phone numbers, which can be used to activate WhatsApp or Telegram, and thus making it possible to communicate with their owners inside Kuwait. This is what is actually happening now whereby citizens and residents receive frequent fake calls with the aim of stealing from their bank accounts.

One of the networks selling local numbers abroad was contacted in order to activate them in the applications. The person in charge said the volume of demand for them is high, and that the value of one number is 70 fils only.

Meanwhile, other accounts on Facebook announced the sale of Kuwaitis’ data for Facebook users who registered until October for an amount not exceeding 50 fils. The data includes the person’s name, phone number and account link.

Data brokers own more sensitive files with the names of individuals, companies, personal data, and phone numbers. They are provided to customers after obtaining the amount transferred via Paypal, Wise Transfer or bank transfer.

By spending only KD 50, the daily obtained an integrated file of the leaked local data, which includes information of about 4.5 million phone numbers, their owners and links to their Facebook accounts. It also included another section for sorting the data according to the residential areas of the owners of the phone numbers. There were a total of 27 thousand files with data about citizens living in different areas such as Abu Al-Hassaniya, Abu Halifa, Ahmadi, Raqqa, Sabahiya, Dhahr, Adan, Egaila, Fahaheel, and even Hadiya.

In the third file, the data was distributed in a number of files, whereby each file contained the names of people according to professions and sectors such as oil or banking. There were a total of 46 thousand phone numbers in each file within the Excel software. Another file was also present with the numbers of major companies and their employees.

For KD 49, you can buy 4.5 million Kuwaiti phone numbers. For 70 fils, you can activate a Kuwaiti “WhatsApp” number abroad. For KD 41000, you get numbers for important personalities and companies.

Head of the Kuwait Society for Information Security Dr. Safaa Zaman stressed the need to take a number of measures to stop data leakage, and warned citizens and residents against interacting with fake communications.

In a press statement, Dr. Zaman called for “amending legislation by adding articles criminalizing data leakage in any form, and obligating various state institutions to use data and privacy protection methods and programs such as encryption, tracking programs and other programs that limit data leakage, as well as the use of artificial intelligence to carry out the process of monitoring the systems and warning in the event of suspicions of infiltration or illegal entry into the systems (IDS: Intrusion Detection System).

She highlighted the importance of conducting security tests on all government applications, such as evaluating security loopholes and hack testing, before using them, due to the data contained in these applications and systems, and the frequent use of security analysis and security testing techniques to identify weaknesses and backdoor outlets in all electronic systems used in all state institutions. She insisted on the need to conduct investigations and periodic analyzes of cyber attacks and benefit from the results to strengthen the electronic systems of state agencies.

Dr. Zaman affirmed the importance of ensuring the availability of risk management systems (Disaster Recovery) in various state institutions, the availability of appropriate security and privacy policies for various state institutions, and commitment to apply them, hold violators accountable, and apply Kuwaitization in sensitive sectors that deal with cybersecurity and data analysis in all state institutions.

She called for a reformulation of contracts with companies that deal with the various sectors of the state, so that a clause related to the intellectual rights of data is added.

Dr. Zaman explained that it is forbidden to store it outside the institution or to specify its locations so that it does not go outside the borders of the state, in addition to obliging the contractors to have the intellectual rights of the systems and their codes.

She highlighted the need to spread security awareness among the various segments of society, assign an authority to receive complaints in this field and deal with them confidentially, hold the defaulters and fraudsters accountable, and sign international agreements with other countries and major companies for data protection and confidentiality such as the European General Data Protection Regulation (GDPR) by focusing on the protection of persons in relation to the processing of personal data and the rules regarding the free movement of personal data.

Dr. Zaman said sensitive data must be stored in places that are not connected to the Internet, especially in the military and oil sectors, to be supervised and followed up by citizens, and to limit the use of public and commercial applications (such as: WhatsApp) to complete the tasks of state institutions or transfer data or official letters.

She stressed the need to use local applications and replace the commercial applications in circulation with them, especially with regard to social networking applications.

This news has been read 22582 times!