In the past few months, Russia has experienced a disturbing explosion of the black market for personal data called “probiv.” This murky digital underworld allows anyone—which in itself is a risk—to obtain extremely personal data. You can purchase passport numbers, home addresses, travel histories, car registrations, and even internal police records. Andrei Zakharov, a leading Russian advocate, has just published a landmark book on the topic. He calls “probiv” a booming underground economy that functions for a small fee, often just $10.
The issue gained further traction following the leak of a massive database by the Federal Security Service (FSB), known as Kordon-2023. This latest online breach is said to contain personal information of nearly 24 million people. It impacts over 13 million entities that have passed Russia’s borders since 2014-2023. It’s not simply the size of this leak that has prompted panic and concern among experts and law enforcement, too.
Zakharov points to the importance of “probiv” in big name investigations. This innovative tool has proven indispensable in tracking the FSB unit responsible for the Novichok poisoning of opposition leader Alexei Navalny. The market’s very existence ignites debate among Russian journalists. They are committed to continually addressing the ethical implications of using leaked data.
In an attempt to curb this growing problem, President Vladimir Putin recently signed laws imposing stricter penalties for data leaks. Offenders would be subject to a maximum of 10 years in jail for improper access or dissemination of sensitive information. Despite these efforts, Zakharov asserts that “it has never been easier to find private Russian data on the market.”
The “probiv” market thrives due to a web of bribed officials and corrupt traffic cops. Bank tellers and junior security personnel are equally complicit, allowing dangerous rogues’ access to their data. Ukrainian hackers, in particular organized groups like KibOrg, have flooded into this space. They’ve hacked into other Russian systems, too, such as a database owned by Alfa Bank, Russia’s largest private commercial bank.
Pro-Ukrainian hackers have converted to the offensive, routinely penetrating Russian state and commercial networks. Their efforts state this central reality—they’ve uncovered a significant vulnerability in Russia’s information warfare. Intelligence agencies have used these weaknesses to track down and kill high-ranking military leaders inside Russia. President Putin was forced to acknowledge that even his close friends sometimes fall prey to outdated phone scams. Unfortunately, this scam may have fueled some of the recent breaches.
Zakharov wants to underscore just how much the climate has shifted in recent years. “Before, they still worked with the security services or would think twice before releasing something extremely sensitive. Now all their brakes are off,” he said. Though subtle, this change is indicative of a larger movement. Illicit services on “probiv” are now easier and more convenient for everyday police work than the legitimate databases that officers are legally obligated to use.
Legal ramifications and growing enforcement of Russia’s data localization requirements are the least of worries. The convenience and low cost of personal information continue to fuel the “probiv” market. As law enforcement continues to face these issues, experts caution that the future holds more of the same unless something is done.