    .      
  


            .   ,      ,        .           :     ,     ,       ,         .       ,        .

   ,          ,        .      ,       ,    .





 

    .      



   ,          

  

  . 

  . 

 . , . 

  . 

    . 



 , 2022

  , 2022



  .           () .  ,  ,   ,  ,   ,          .  ,   ,     ,  ,          ,      ,   ,       .

,      ,  ,   ,        () ,        ,    .


* * *


      ,  ,     ,    .

 . 1984








   !


  ,    . 堖   ,    .        ,   ,                ,  .  ࠖ   ,   .  ࠖ        ,    ,  .        .

 ,
     . 2018.[1 - https://tass.ru/pmef-2018/articles/5232044 (https://tass.ru/pmef-2018/articles/5232044).]

      ,    ,             2018.,        . , ,       .      ,  ,    ,     .   ,               .   : , ,    .          .              ,  ,  ,  ,     :    .

          ,       ,  .  ,  ,        ,     ,      .    ,     SocialDataHub,       ,            ,            [2 -    Big Data:     ?.     // . 2018. 15.].

       ,     .      ( ,   )                .        : 25 2018.         [3 - GDPR, General Data Protection Regulation, https://gdpr-info.eu (https://gdpr-info.eu/).],                  .         152-.                :     ()     ,       , ,  ,   .

        (  ,     ,    :    ,   , ...  ,  ,       ,  ,  ,    ,      ).       ,   ,   ,      ,        ,         -,    ,               .         .  ,      ,   ,          . ,       ,         ,     - ,    ,        . ,     ,  frappening (      ),     [4 - https://www.rbc.ru/finances/16/02/2021/602bd7959a7947398c66c895 (https://www.rbc.ru/finances/16/02/2021/602bd7959a7947398c66c895).]   Cambridge Analytica (    87  Facebook[5 -  Meta     .])   .              (  ,    ). ,     -[6 - ,     .   ,     , . .]     ,        ;       ,           .    ,        PwC  20142019.,          20 [7 - https://vk.com/video-90241001_456239093 (https://vk.com/video-90241001_456239093),    GDPR  , 25 2018.].

 ,        ,         .           ,    .       ,     (   ,    ,    ),  (            ), ,              (,         ).  ,    (     ..)         ,       .

 ,        , ,          .            .     ,         ,     ,          .

        ,      ,    .          (           ),      ,  ,     ,     .

          .      ,      ,   ,      .  ,    ,     ,      .   ,   ,          ⠖  ,   ,      .

    ,     ,     . ,    ,      ,        .   ,  ,       ,     ,        .  ,             .    ,        ,       ,    !  ,    ,      ,      -,    ;         ,      . , ,        ,        ,            .

   ,         ,           (      ).           ,    -     .

          ,        .    堖        .




 1

 ,      



      ,     ,   .     ,     .   ,  .   ,     -      .       ,      .

 . 2016.[8 -  .,  .   蠖    // . 2016. 20.]






     ,  , ,    .          ,       ,        .        ,        ,      ,        .



.,        ,     , , ;      ; ; , ,  ; ; ; ;      ,       (,      ),        [9 -             . https://pd.rkn.gov.ru/library/p195/ (https://pd.rkn.gov.ru/library/p195/).].


                      ;      .         ,      .    :       ,     ,    DDOS-,    ࠖ ,             ,        .   ,  ,    ,           ,          .    , ,     ( )   ,      ,        .       .  ,        ,   ,          .        ,   ,       .      ,    ,          ,   .

          ,      .




 


   (  ) 蠖   .     ,      ,     (,    ,   ;   ,     ).  ,     ,             .     ,   .

      (  ,     ):

?   ?

    : / ,  , ,  ,        ,    ,    ,    ()  ..       :         (,   )      ,    ,   .  :          .

?   ,   ?

,  ; ,  ,     (    );   (     );    (Internet of Things,  IoT). ,       ,   ..

?           ?

 ; ,    ; ; ; ; ;    ..      ,          . ,   ,  ,     ,        (),   flash-,    () .         ,   ,    (  )     .    ,       ,        .

?     ?

        ?    :   /     (,   ..),    ?  (  )  :  (,          ,      ),  (          ,    ),  (蠖   ,  ,   (   ),          ).

?    ,      ?

     ,   ;        (,  ),  ?       ?     ?        (, , ,    ..)?    ?     ,   ; , ?      ,       ?    ?       ?

       ,     . ,   -       ,   ,  ,    ,    ,   .     .  :         ;    ,                    ;   ,    .

?    ,    ?

         ?     /  ,  ?     /    ,  ,   ?      (,   ,     ),      .  ,     ,        ,         - ,      ,        .

?     ,    ?

       /?     ?            /?            ?  ,            ,       ,         ,      .       ,      ,     .           ,               ,      .          ,   .    ,   ,         ,                .

     ,         , ,      .       ( , )    .  ,     ,    (   )     .     ,     ,   .

    ,          ,      .




 


  ,        ,       ,      .      ,        .

     .

?        : ,    ,  ,    .  ,  , ,    ,       ,   .

?  蠖     ,    ,       ,          .       ,       .

       . ,     ,               ,      .          (    )        ,    ,      [10 - https://www.tcinet.ru/press-centre/technology-news/6004/ (https://www.tcinet.ru/press-centre/technology-news/6004/).].       ,  ,            .        ,        /          .         ,     (, ),         ( )  ,    .



Ѡ                     .        : , ,   .    ,        .        ,   ,  ,      .          -,      ,       SIM-   [11 -  .       ?    //   . 2017. 8.].


        .     -蠖 ,                   (    ),     ,     .   ,   ,  ,      .

            .        ?




  


    ,       ,       ;                 .      .

         ,         ,     .         ,        (,             ࠖ ,    [12 -          ,                ,      ,             .]),    堖   ,   .      ,       (      ).       :  ,    .

       , ,  ,  ,                     (                 ).       ,     ,    . ,           ,     .       ,          ,   .

 ,          , ,  ,  ,       .              .        ,            /.


   

                     .             . ,    ,       ,   .   ,           (,        ,    ),     .   ,        ,    ,        .

        (. 1.1),        ( 蠖  ) .  :

? .          : ,   ,  ;    ,        ,    ..   .        ,        ;           ࠖ    ,     ( ;     ..) /    , ,   ,  ,   Wi-Fi  ..

? .       ,       /  ,   .           ,    .  ,         ,          ,    .        : -         ,          ,    .

? ,        ,      (    /  )     .            ,           (        ).    ,     (,     ), ,         /  .      (    )        . ,  ,   ,   ,              (     ),        ,    ,         (,  ,        ..).       ,      ..






:          . http://pd.rkn.gov.ru/library/p195/ (http://pd.rkn.gov.ru/library/p195/).



         .  ,      / ,    /       .

    蠖   .            .  ,     ,     ,     / ( [13 -          . . .]),   ()     (      ,      ,     ,     ).     ,            : ,  ,     , ,    /,      ,     .                     : , ,     ..         ;      . 1.2.

    ,        .  , ,       ,       , ,        . ,              (  ,   )[14 -            . . .],        [15 -         . . .],   ,   ,           ,      ,      ..         (),   ,             .






:          . http://pd.rkn.gov.ru/library/p195/ (http://pd.rkn.gov.ru/library/p195/).






 


1.   .

2.  .

3.  .    ,        ?

4.  . ,         ?       .







    ,              蠖      .            .                  .




 2

      



39%  頖 .     8 ,    1 .     10 ⠖ 591 .

Trustwave Global Security Report[16 - https://www.trustwave.com/Resources/Library/Documents/2015-Trustwave-Global-Security-Report/ (https://www.trustwave.com/Resources/Library/Documents/2015-Trustwave-Global-Security-Report/).], 2015.






        .             ,      , ,    .          ,   -,        ,     .        .    ,  ,      , ,  , ,     (  ,     ..).             ,       ,       ,  .   (..          )       ,    ,    ,   ,                , ,     ,   GPS-.       -  ,     . ,       Microsoft, Google  Apple,       ,     .   ,                  . ,   ,          ,  ,           .

     ,        , ,   (   ,  :    ,    ,           ..).    ()     ,     ,   ,  ,              .           , ,          ,    .         .      ,  -      SIM-       (   -).   ,    ,    ,         -   ( ,   ) .    ,       (,    ), ,         ,        .           ,   .

    ,        ,             .         ,           (  ,    ,    ..),     ,      .




 


  2015.          AshleyMadison.com (      )       30       ,     .   ,      ,    ,  : 123456, 12345, password, DEFAULT, 123456789, qwerty, 12345678, abc123, pussy  1234567[17 - https://arstechnica.com/information-technology/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/ (https://arstechnica.com/information-technology/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/).].



Ѡ  2021.       2,28    MeetMindful.   1,2      ()  ,   ,   ...,   ,  ,  , IP-,      .   ,    ,       , ,    [18 - https://xakep.ru/2021/01/25/meetmindful/ (https://xakep.ru/2021/01/25/meetmindful/).].


  : AshleyMadison.com ,   .        30    ,         ,       .           ,    [19 -  ,   AshleyMadison.com    ,          19.     The impact team,         ࠖ  Avid Life Media,      ,         , https://xakep.ru/2015/09/04/ashley-madison-fall (https://xakep.ru/2015/09/04/ashley-madison-fall).]    ,      ,        .    ,  ,     ,   .     ,        ( ).   ,        .  ,    ,   ,    .

 [20 - https://www.esetnod32.ru/company/press/center/eset-usilit-resheniya-odnogo-iz-liderov-rynka-utm/ (https://www.esetnod32.ru/company/press/center/eset-usilit-resheniya-odnogo-iz-liderov-rynka-utm/).],   Eset, 90%        ,  76%   -    [21 - https://www.popmech.ru/technologies/44764-slabye-paroli-prichina-76-kiberatak-na-kompanii/ (https://www.popmech.ru/technologies/44764-slabye-paroli-prichina-76-kiberatak-na-kompanii/).].   60%            ,       .  WP Engine  ,    10  ,     .    50        ,   ; 10%   ,   . ,          ,       .     ,  ,  qwerty.           ,     love. ,   love     1980-  1990- . ,    ,         ,  [22 - https://revisium.com/kb/weak_passwords.html.].

,          10000   ,            ,       .        30% [23 - https://www.spy-soft.net/samye-chastye-paroli/ (https://www.spy-soft.net/samye-chastye-paroli/).].

    ,     .      ,      .      ,    ,   .




   


   ,  ,   , ,    ,    .    ,          ,     . ,    //  ?

?  .  ,     ,   ,  .   ,         .          ,       ,   :         [24 - http://www.garant.ru/news/1297198/ (http://www.garant.ru/news/1297198/).].

? .    ,        .     [25 - https://xakep.ru/2017/08/16/edpr-nvidia-passcrack/ (https://xakep.ru/2017/08/16/edpr-nvidia-passcrack/).]:

?   .      credential stuffing:            .           IP-,  ,    ,       -.          [26 - https://www.securitylab.ru/blog/company/PandaSecurityRus/345574.php (https://www.securitylab.ru/blog/company/PandaSecurityRus/345574.php).].

?  .        ,  ,       ,  , , 10000   ,    .. (       ,  ).

?  .    ,    . ,   ,      ,           ,     .

? .   ,     ,      ,    ,     .      ,        .            .

?  [27 - https://www.anti-malware.ru/threats/brute-force (https://www.anti-malware.ru/threats/brute-force).].     (      )    :     ,  ,   ..         ,     ,      .       ,    ,  ;     .  ,   ,        (  + 2 ; ,   ;     ..),      .    ,    (    ),    (,       )   .      ,        (  ,          ).     , ,     .  ,   ,   :     ,  ,        :

?;

? ;

? ;

?;

?.

     , , ,   .      , ,      [28 - https://revisium.com/kb/weak_passwords.html.].

? /.   蠖    , ..   .         -  .    -,   .         .    ,             ,         .           ,               ,          .            .          (,  IP-,   ,    ),      -  ,  IP-,   .

       ,                   CAPTCHA[29 -   .] - (   ()  ,   ).     ,                 CAPTCHA-.  ,  ,   ,            .  ,  ,         ,            .

?   .    ,          (      )      -  .



  

-ࠖ   ,      (      蠖 MD5, SHA-1, SHA-3  .).         .        SHA-1 (         ).     SHA-1  ,  - 94d6ad7efefe1b647da47625e75712f87405c3c1 (       ).  ,    ,     5 ,   ,  100  :    -    40   (       ).   ,    ,       (9281eea3837f94218b04024d23c9d20a71811b4a).         https://www.hashemall.com (https://www.hashemall.com/)       https://crackstation.net (https://crackstation.net/).   ,        ,  ,  ,    -.  /        .

 :

?       , 

?     (  ),        ,

?  ,   (   )  ,     -,  SHA256,  -.

?   -     .

 /:

?      (     /,       -)  , 

?   -     ,

?              -.

? -     -,    .     ,       .        .

  ,     - ,      , ,         -  (,           ,                   ).        -  ,    (, ,         -).            ,     .   ,      ,     .

, -    http://site.ru  ,        ,     .  -       ,  http://site2.ru,        ( , ,  ).     http://site2.ru   ,       http://site.ru.  ,         http://site2.ru,         (      ).

      ,        .        .      , ,       .   ,   ,   (,   ࠖ ,        )  ..          ,               .

  ,      ,     .

        - , ..          ()      ,  [30 -  (   -)  ,   -      ()    ().      salt.],    -.      ,    ,      ,    -   () .      ,            -,   ,   -  ,    ,  .

,         ,          (, 422a41    a5ed85     [31 - ,  .]),   젖  (, 422a41       a5ed85    fc1a95   ( )).

,      , ..   () ,  - ,  ,  ,          .           ,     .        ,    HTTPS (TLS)[32 - https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html (https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html).].

     ,      -    .     -,   (SHA-256, SHA-512, whirlpool  .),   (, MD5  SHA-1).      ,   .    ,     ( , )    ,   .   :        ,     .            [33 - https://habr.com/post/322478/ (https://habr.com/post/322478/).].


  ,       .   ,          -         .

            -.    ,   (            ,      )[34 -    .:https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html (https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html).].     ,     ,    .      ;     ,    .

  ,     ,  ,        .       ,            .

   ,    .   ,       ,               (),  ,     .  ,      . ,        ,       .

       , ..  ,       :     -  ,      .    ,       .



Ѡ  2013.  ,     Ars Technica,  :        (..    ,        )     .        8000 ,        [35 - https://arstechnica.com/information-technology/2013/03/how-i-became-a-password-cracker/ (https://arstechnica.com/information-technology/2013/03/how-i-became-a-password-cracker/).].


        ,   .      :   ,       .   ( )   ,       ( ,   ).         (   )        .  ,       頖   .    ,     ,  ,    [36 - https://habr.com/company/mailru/blog/271245/ (https://habr.com/company/mailru/blog/271245/).].

, ,     ( )         (..   ,     ),    ;    ,    .   ,      OclHashCat,     ,      .

?  .  ,  (    ),      :  (,       ),  (   ),   ..[37 - https://habr.com/post/118499/ (https://habr.com/post/118499/).]        ,   .

  ,     ,     .




   


                ,     ,  IT-     [38 - https://xakep.ru/2020/05/08/passwordless-stats/ (https://xakep.ru/2020/05/08/passwordless-stats/).],      .   ,    ,        , ,     ,     .

         :

1.        .

2.         .

3.   .

4.   .

5.         .

6.       .

7. ,    .       ,   .



Ѡ   4  5 2018.     Bycyklen,    ,    ,    .      1660 ,       .         Android           Bycyklen.           [39 - https://securityonline.info/the-public-city-bikes-system-in-copenhagen-was-hacked-and-the-database-was-deleted/ (https://securityonline.info/the-public-city-bikes-system-in-copenhagen-was-hacked-and-the-database-was-deleted/).].



        

   ,    .    :   ,        .  ,           ,       :   ?       ,        .     .          ,    .      , , ,     (       ,         ).        ,    ,            .



Ѡ 2014.           Sony Pictures        :   47000  ,         (   ,  ,  ,        );   ,     ;     ;          Twitter  - .         , -   Sony Pictures    [40 - https://en.wikipedia.org/wiki/Sony_Pictures_hack (https://en.wikipedia.org/wiki/Sony_Pictures_hack).]. ,     ,    Sony Entertainment,  : sonyml3[41 - https://twitter.com/kevinmitnick/status/545432732096946176.].


     :        12  ( )        ,    . ,      : ,       ,        ,      1  ..     ,       .   https://www.betterbuys.com/estimating-password-cracking-times/ (https://www.betterbuys.com/estimating-password-cracking-times/)  ,             젖   : 1982-   .  ,    ,    -  1991.   4000,  30    9,5.

               (, aaa  111)      (, abc  123).    ,      ,   .  ,     ,    ,    /       (   )        .. ,       ,   , ,       : 1486.        ,      ,         ..           :          (, o  0  g  9).



  

   ,         .       Core 2 Duo   Ultimate Distributed Cracker    5   .     31790   41037 MD5-.          11    5  15759 .         ()     (     ),          1111111111123123.     358 .       5767   7 .           :     ,    -    ,   CAPS LOCK    ,             (2010, 2011  .),             (123, 1111  .),       ,      /   ,    ( = 1, s = $, a = @ ..),     (    ,  ).  30    5213 .        ,        (     (    ),   ,     10000   ,   -   ).       -    .    7,    4693    [42 - https://habr.com/post/122633/ (https://habr.com/post/122633/).].


     ,  ,   ,  ,  ,  ,       .           .  ,        ,          .           -[43 - https://howsecureismypassword.net/ (https://howsecureismypassword.net/).],[44 - https://password.kaspersky.com/ru/ (https://password.kaspersky.com/ru/).].

       .        ,     .  ,       ,         .



. 2019.  DeviceLock  4         ,    .     (   ): ; ; ; ; ; ; ; ; ; [45 - https://www.devicelock.com/ru/blog/analiz-4-mlrd-parolej-chast-vtoraya.html (https://www.devicelock.com/ru/blog/analiz-4-mlrd-parolej-chast-vtoraya.html).].


,       ,   ,       . ,         ,             .

         +       /  ,       .      ,        .



Ѡ 2013.     Adobe     150  [46 - https://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online (https://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online).] (,        Adobe,     ).         ,     :   https://zed0.co.uk/crossword/ (https://zed0.co.uk/crossword/)    ,    .



         

  -        ,      .      ,   ,          ,           .



Ѡ  2015.            TV5Monde.      ,     , ,  .    ,           .      :                  ,           .          YouTube, Twitter  Instagram ,       YouTube  lemotdepassedeyoutube,         YouTube[47 - https://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers (https://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers).].


     ,  ,         ,   ,     ,          .

   ,    ,     ,           ;        -  .   ,             .       ,    .   ,    ,             ,         ,        [48 -     .]   .       .

        ( )     (, MT_FREE,     ).       ,       (      ).  ,       (  )         ,          ,     .

     ,   HTTPS (  HTTP)   ,        (     ).    (       ,          ),        .  ,            ,   .        :           ,        .        ,       .

     ,       ,       ,  12   URL- (, https://www.mircosoft.com (https://www.mircosoft.com/)  https://www.microsoft.cm (https://www.microsoft.cm/)  https://www.microsoft.com (https://www.microsoft.com/))     ,    ,    .     ,      ,    ,     ,         .



.     .          ,  .



   

          , ,  , , ,   ,             . ,         (                  ).    ,          (    ,    ).                .  ,  ,              PayPal      /     ,        (       ..)       .  /            ,    .      ,              ,        .



   

 DeviceLock,      ,       ,     .   1900 ,   ,  52%     ,  10%          ,  4%    ,     .      :     (https://finservice.pro)  157 ,  , ,    ,       ;     (https://zvonok.com (https://zvonok.com/))  21 ,      ;         18 ,      ,  ,    [49 - https://threatpost.ru/moscow-region-ambulance-service-database-leaked-due-to-bad-mongodb-settings/32197/.];     DOC+   3 ,       ( );      . ,        , ,    ,          [50 - https://www.devicelock.com/ru/press/v-runete-obnaruzheno-okolo-tysyachi-otkrytyh-baz-dannyh.html (https://www.devicelock.com/ru/press/v-runete-obnaruzheno-okolo-tysyachi-otkrytyh-baz-dannyh.html).].


   ,    Facebook,   頖      .    ,       ,      ,        [51 - https://www.facebook.com/notes/facebook-security/preparing-for-the-future-of-security-requires-focusing-on-defense-and-diversity/10154629522900766/.].  B2B International   ,    35%         ,       ,  8%      .   69%  ,   ,     [52 - https://www.kaspersky.ru/blog/ukradeno-dva-milliona-parolej-a-vash/2477/ (https://www.kaspersky.ru/blog/ukradeno-dva-milliona-parolej-a-vash/2477/).].


   

           ,     ,   .         ,  ,    3    Yahoo[53 - https://www.rbc.ru/rbcfreenews/59d43b919a79478e96f9d326 (https://www.rbc.ru/rbcfreenews/59d43b919a79478e96f9d326).].         ,        ,      .

 2016.     AshleyMadison.com    AdultFriendFinder[54 - https://leakedsource.ru/blog/friendfinder.],      ,   .        Adultfriendfinder.com (https://adultfriendfinder.com/), Cams.com, Penthouse.com, Stripshow.com  iCams.com.     412 :    ,    20.  ,          email@address.com@deleted1.com, ..      ,     .  ,      6000 ,    ,   78000      .     : 123456 (900000 ), 12345 ( 635000 )  123456789 ( 585000 ).

        ,   - ,       .        ,    ,     [55 -  .    // The New Times. 2016. 29 (417).].         ,         .

 2019.      450000  (    )     - Ozon.      ,    .       Cisco Systems  ,      :     Ozon,    ,   , , ,        ,       .       [56 - https://www.rbc.ru/technology_and_media/10/07/2019/5d25c3d99a794775f79f0816 (https://www.rbc.ru/technology_and_media/10/07/2019/5d25c3d99a794775f79f0816).].

,        ,       ,        .              :            .     :     ,   :

1.     ,      (      ).      , ,     ,     ,       .            ,    .

2.    ,          ,       .

        (   )  30.  ,           .  ,           -.    ,       ,     .    [57 - Zero Trust, https://www.kaspersky.ru/blog/zero-trust-security/28780/ (https://www.kaspersky.ru/blog/zero-trust-security/28780/).],       ,              . ,       ,     ,       ,     . , ,       .

      頖    . ,         /  ,     ,     젖   (.).



 

 ,   ,     (/)      . ,   ,       (-)    ࠖ    (    )     .

.              [58 - https://xakep.ru/2014/09/08/password-manager-pentest/ (https://xakep.ru/2014/09/08/password-manager-pentest/).].     (   ;     ;    DLL-)      ⠖ KeePass (https://keepass.info (https://keepass.info/)).

      (  ),      .   ,   ,        -  (  ,   LastPass[59 - https://threatpost.com/lastpass-network-breached-calls-for-master-password-reset/113324/ (https://threatpost.com/lastpass-network-breached-calls-for-master-password-reset/113324/).]).      ,     ,     (       ).

.  ,                ,   :        .           ,         .

         ,          ,     .    ,        (,  Google Drive).   ,             .             ( KeePass      Resilio Sync[60 - https://android.mobile-review.com/articles/50451/.]).

 2021.      Click Studios,    Passwordstate,    370000  29000    .              Moserware.      Moserware     ,            [61 - https://xakep.ru/2021/04/26/passwordstate/ (https://xakep.ru/2021/04/26/passwordstate/).].

       ,    (  ).   :           .        .



         

        ,             .  ,           ,     .      ,      ,              ,   ,     ,    -    .  ,    ,      . ,           ?  pizza  burger,          .

   (  )  ,            .          ?    ,    (   ۻ   ).        .        ,               .          蠖  ,            ,          ,   .



Ѡ  VPNMentor ,       (  ) Dalil        5       .    ,  , IMEI     ; IP-;  GPS   ;    ,   .                .  , ,              ,       ,        Dalil        ,   ,    ,       [62 - https://www.vpnmentor.com/blog/dalil-data-breach/ (https://www.vpnmentor.com/blog/dalil-data-breach/).].


                   ,      , , .


       

      100%- ,         -,  .            .



Ѡ 2020.    1800      Roblox.              ! #MAGA2020     ,         :         .     ,         .  ,       paste-[63 - ,      ,    ,     https://pastebin.com.https://www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it (https://pastebin.com.https//www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it).]   /  Roblox[64 - https://xakep.ru/2020/07/03/pro-trump-hack/ (https://xakep.ru/2020/07/03/pro-trump-hack/).].



 

        . ,    :     ,     .              () .

 , ,   ,          (    ,    )   ,       ,    .       ,    ,       -   .      ,              ,           .  ,     ,      ,            .  ,         , ,    .                .       (),    .

         .          ,            ,   .         .




 


       ,          .            .         蠖    ,   SMS-        ,       Mos.ru.      ,      ( /  ),    .         ,    ,     .



.  https://twofactorauth.org (https://twofactorauth.org/)   ,   .



  SMS-

   ,          ,     .      ,  ,   (    ),   젖 -,   SMS-     .       ,       ,     ,  ,   .



. -      SMS-,       .  , -        ,        .


      ,  - ,           SIM-    ,      - (      ).  ,         ,       .    , ,        ,  ,    ,      .               (, ),          .



   

 ,        ,              ,                  .         ,       (         IP-),      ,      .


     : SMS-      ,         .     ,                 SIM-,      . ,        ()   SMS-,       , , PUSH-.    -     ,        .  ,      ,       COVID-19        .      -    ,     . -           ,      .

,       Google  Facebook    ,        .    ,      ,     .

    SMS-,       (NIST)       ,   [65 - https://fortune.com/2016/07/26/nist-sms-two-factor/ (https://fortune.com/2016/07/26/nist-sms-two-factor/).].    ,         SIM-        -7[66 -   7,  -7 (   7, . Common Channel Signaling)    ,       (PSTN  PLMN)           .   -7             .],        .           SMS-      .


  -

 ()     - ( Google Authenticator  Microsoft Authentificator),     .       (   QR-)       (3060).      .          ,  ,    .

    堖  Authy (https://authy.com (https://authy.com/)).        ,                 (, ,     ).      ,      .      -,  ,    ,  [67 - https://www.kaspersky.ru/blog/multi-factor-authentication/8705/ (https://www.kaspersky.ru/blog/multi-factor-authentication/8705/).].

  -    ,           , ,   ,     .        ,          ,     ,     (         ). ,      SMS-,            ,    .

 ,  - ,        :  ,     SMS-    .     -   .    ,     SMS-,        ,  ,  SIM-.



  20182020.      :         200000.       SIM-    .       ;  ,       [68 - https://journal.tinkoff.ru/kibermoshennichestvo-zhaloby/ (https://journal.tinkoff.ru/kibermoshennichestvo-zhaloby/).],[69 - https://journal.tinkoff.ru/kibermoshennichestvo-sud/ (https://journal.tinkoff.ru/kibermoshennichestvo-sud/).],[70 - https://journal.tinkoff.ru/kibermoshennichestvo-poterpevshie-i-prestupniki/ (https://journal.tinkoff.ru/kibermoshennichestvo-poterpevshie-i-prestupniki/).].



   

    :     ,           ,     .     ,     .   ,    -.


   

 

          堖     USB- (  flash-     ).           .      ,   .        .      ,     ,  YubiKey (https://thekernel.com/ru/compare-yubikeys/ (https://thekernel.com/ru/compare-yubikeys/)).

       SecurID   RSA.      (  )      4- - (  ),   -,    (  -)     (      6 ).        ,         .            MiTM (Man in the middle  ):          ,      -.

    ,       ,            .  ,   ,     -   ,                (    ),      .



.     Usenix Enigma 2018   Google   , ,   ,  10%    Google    [71 - https://www.usenix.org/conference/enigma2018/presentation/milka (https://www.usenix.org/conference/enigma2018/presentation/milka).], .. 9 10         .




         ,       .     ,       ,      .            ,       .

      ,         ,  .   ,    Bluetooth  NFC.      ,     ,   ,     ,  .           : , ,   ,      IoT-.    ,  ,     ,       .         ,         .  ,       ,       -  [72 - https://www.kaspersky.ru/blog/bionic-man-diary/7050/ (https://www.kaspersky.ru/blog/bionic-man-diary/7050/).].



     

             Bloomberg L.P.         Pixie:         ,     ;  -    ,              .       ,       .  ࠖ     (,  ,  ,        )[73 - https://www.theverge.com/2017/10/26/16553900/2fa-two-factor-authentication-pixie-mobile-devices (https://www.theverge.com/2017/10/26/16553900/2fa-two-factor-authentication-pixie-mobile-devices).].              ,    ,      .   ,                  ( ),       ?


 ,          ,         .    -         ()    (      ).                   (,  )      .    ,  ,           /,         ,        .     ![74 - https://www.kaspersky.ru/blog/facebook-account-hijack-through-notes/30006/ (https://www.kaspersky.ru/blog/facebook-account-hijack-through-notes/30006/).]



!           ,     SMS-      ,         . ,   .


     , ,  ,    ,           ,                 ,    ,         .




 


    ,    ,     ,     .       ( ,  ,      ,  ,        )   (,   ) ,    .



Ѡ  Chaos Communication Congress 2018            ,       .    , ,      .              .        ,         .


        (    ),         , ,      (   )   .     ,  SMS-        䠖               .      ,              .    ,      ,       ,     (   ), ,   ,  , ,    .

        :

1.  .    , ,   ..       .

2.  .    (,        ,    ..).   -,    .

3.  .   㠖    .      ,      .      ,           .

4.  .     ,        .        .            .    (  ,       )  ,   (    )     .

   ,  . -,    ,       .     (     )     ,       (,  iOS-)       .               (  ).             ,     .        ,    , ,   ,  . -,     ,       蠖  .       ,     (),     ,   .           ,          .  ,    ,        . -,    .   (spoofing attack)       ()  [75 - https://www.lb7.uscourts.gov/documents/17-m-85.pdf (https://www.lb7.uscourts.gov/documents/17-m-85.pdf).]




  .


   .

   ,     (https://www.litres.ru/mihail-raytman/starshiy-brat-sledit-za-toboy-kak-zaschitit-sebya-v-cifrovo/)  .

      Visa, MasterCard, Maestro,    ,   ,     ,  PayPal, WebMoney, ., QIWI ,       .



notes








1


https://tass.ru/pmef-2018/articles/5232044 (https://tass.ru/pmef-2018/articles/5232044).




2


   Big Data:     ?.     // . 2018. 15.




3


GDPR, General Data Protection Regulation, https://gdpr-info.eu (https://gdpr-info.eu/).




4


https://www.rbc.ru/finances/16/02/2021/602bd7959a7947398c66c895 (https://www.rbc.ru/finances/16/02/2021/602bd7959a7947398c66c895).




5


 Meta     .




6


,     .   ,     , . .




7


https://vk.com/video-90241001_456239093 (https://vk.com/video-90241001_456239093),    GDPR  , 25 2018.




8


 .,  .   蠖    // . 2016. 20.




9


            . https://pd.rkn.gov.ru/library/p195/ (https://pd.rkn.gov.ru/library/p195/).




10


https://www.tcinet.ru/press-centre/technology-news/6004/ (https://www.tcinet.ru/press-centre/technology-news/6004/).




11


 .       ?    //   . 2017. 8.




12


         ,                ,      ,             .




13


         . . .




14


           . . .




15


        . . .




16


https://www.trustwave.com/Resources/Library/Documents/2015-Trustwave-Global-Security-Report/ (https://www.trustwave.com/Resources/Library/Documents/2015-Trustwave-Global-Security-Report/).




17


https://arstechnica.com/information-technology/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/ (https://arstechnica.com/information-technology/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/).




18


https://xakep.ru/2021/01/25/meetmindful/ (https://xakep.ru/2021/01/25/meetmindful/).




19


 ,   AshleyMadison.com    ,          19.     The impact team,         ࠖ  Avid Life Media,      ,         , https://xakep.ru/2015/09/04/ashley-madison-fall (https://xakep.ru/2015/09/04/ashley-madison-fall).




20


https://www.esetnod32.ru/company/press/center/eset-usilit-resheniya-odnogo-iz-liderov-rynka-utm/ (https://www.esetnod32.ru/company/press/center/eset-usilit-resheniya-odnogo-iz-liderov-rynka-utm/).




21


https://www.popmech.ru/technologies/44764-slabye-paroli-prichina-76-kiberatak-na-kompanii/ (https://www.popmech.ru/technologies/44764-slabye-paroli-prichina-76-kiberatak-na-kompanii/).




22


https://revisium.com/kb/weak_passwords.html.




23


https://www.spy-soft.net/samye-chastye-paroli/ (https://www.spy-soft.net/samye-chastye-paroli/).




24


http://www.garant.ru/news/1297198/ (http://www.garant.ru/news/1297198/).




25


https://xakep.ru/2017/08/16/edpr-nvidia-passcrack/ (https://xakep.ru/2017/08/16/edpr-nvidia-passcrack/).




26


https://www.securitylab.ru/blog/company/PandaSecurityRus/345574.php (https://www.securitylab.ru/blog/company/PandaSecurityRus/345574.php).




27


https://www.anti-malware.ru/threats/brute-force (https://www.anti-malware.ru/threats/brute-force).




28


https://revisium.com/kb/weak_passwords.html.




29


  .




30


 (   -)  ,   -      ()    ().      salt.




31


,  .




32


https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html (https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html).




33


https://habr.com/post/322478/ (https://habr.com/post/322478/).




34


   .:https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html (https://www.internet-technologies.ru/articles/solenoe-heshirovanie-paroley-delaem-pravilno.html).




35


https://arstechnica.com/information-technology/2013/03/how-i-became-a-password-cracker/ (https://arstechnica.com/information-technology/2013/03/how-i-became-a-password-cracker/).




36


https://habr.com/company/mailru/blog/271245/ (https://habr.com/company/mailru/blog/271245/).




37


https://habr.com/post/118499/ (https://habr.com/post/118499/).




38


https://xakep.ru/2020/05/08/passwordless-stats/ (https://xakep.ru/2020/05/08/passwordless-stats/).




39


https://securityonline.info/the-public-city-bikes-system-in-copenhagen-was-hacked-and-the-database-was-deleted/ (https://securityonline.info/the-public-city-bikes-system-in-copenhagen-was-hacked-and-the-database-was-deleted/).




40


https://en.wikipedia.org/wiki/Sony_Pictures_hack (https://en.wikipedia.org/wiki/Sony_Pictures_hack).




41


https://twitter.com/kevinmitnick/status/545432732096946176.




42


https://habr.com/post/122633/ (https://habr.com/post/122633/).




43


https://howsecureismypassword.net/ (https://howsecureismypassword.net/).




44


https://password.kaspersky.com/ru/ (https://password.kaspersky.com/ru/).




45


https://www.devicelock.com/ru/blog/analiz-4-mlrd-parolej-chast-vtoraya.html (https://www.devicelock.com/ru/blog/analiz-4-mlrd-parolej-chast-vtoraya.html).




46


https://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online (https://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online).




47


https://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers (https://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers).




48


    .




49


https://threatpost.ru/moscow-region-ambulance-service-database-leaked-due-to-bad-mongodb-settings/32197/.




50


https://www.devicelock.com/ru/press/v-runete-obnaruzheno-okolo-tysyachi-otkrytyh-baz-dannyh.html (https://www.devicelock.com/ru/press/v-runete-obnaruzheno-okolo-tysyachi-otkrytyh-baz-dannyh.html).




51


https://www.facebook.com/notes/facebook-security/preparing-for-the-future-of-security-requires-focusing-on-defense-and-diversity/10154629522900766/.




52


https://www.kaspersky.ru/blog/ukradeno-dva-milliona-parolej-a-vash/2477/ (https://www.kaspersky.ru/blog/ukradeno-dva-milliona-parolej-a-vash/2477/).




53


https://www.rbc.ru/rbcfreenews/59d43b919a79478e96f9d326 (https://www.rbc.ru/rbcfreenews/59d43b919a79478e96f9d326).




54


https://leakedsource.ru/blog/friendfinder.




55


 .    // The New Times. 2016. 29 (417).




56


https://www.rbc.ru/technology_and_media/10/07/2019/5d25c3d99a794775f79f0816 (https://www.rbc.ru/technology_and_media/10/07/2019/5d25c3d99a794775f79f0816).




57


Zero Trust, https://www.kaspersky.ru/blog/zero-trust-security/28780/ (https://www.kaspersky.ru/blog/zero-trust-security/28780/).




58


https://xakep.ru/2014/09/08/password-manager-pentest/ (https://xakep.ru/2014/09/08/password-manager-pentest/).




59


https://threatpost.com/lastpass-network-breached-calls-for-master-password-reset/113324/ (https://threatpost.com/lastpass-network-breached-calls-for-master-password-reset/113324/).




60


https://android.mobile-review.com/articles/50451/.




61


https://xakep.ru/2021/04/26/passwordstate/ (https://xakep.ru/2021/04/26/passwordstate/).




62


https://www.vpnmentor.com/blog/dalil-data-breach/ (https://www.vpnmentor.com/blog/dalil-data-breach/).




63


,      ,    ,     https://pastebin.com.https://www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it (https://pastebin.com.https//www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it).




64


https://xakep.ru/2020/07/03/pro-trump-hack/ (https://xakep.ru/2020/07/03/pro-trump-hack/).




65


https://fortune.com/2016/07/26/nist-sms-two-factor/ (https://fortune.com/2016/07/26/nist-sms-two-factor/).




66


  7,  -7 (   7, . Common Channel Signaling)    ,       (PSTN  PLMN)           .   -7             .




67


https://www.kaspersky.ru/blog/multi-factor-authentication/8705/ (https://www.kaspersky.ru/blog/multi-factor-authentication/8705/).




68


https://journal.tinkoff.ru/kibermoshennichestvo-zhaloby/ (https://journal.tinkoff.ru/kibermoshennichestvo-zhaloby/).




69


https://journal.tinkoff.ru/kibermoshennichestvo-sud/ (https://journal.tinkoff.ru/kibermoshennichestvo-sud/).




70


https://journal.tinkoff.ru/kibermoshennichestvo-poterpevshie-i-prestupniki/ (https://journal.tinkoff.ru/kibermoshennichestvo-poterpevshie-i-prestupniki/).




71


https://www.usenix.org/conference/enigma2018/presentation/milka (https://www.usenix.org/conference/enigma2018/presentation/milka).




72


https://www.kaspersky.ru/blog/bionic-man-diary/7050/ (https://www.kaspersky.ru/blog/bionic-man-diary/7050/).




73


https://www.theverge.com/2017/10/26/16553900/2fa-two-factor-authentication-pixie-mobile-devices (https://www.theverge.com/2017/10/26/16553900/2fa-two-factor-authentication-pixie-mobile-devices).




74


https://www.kaspersky.ru/blog/facebook-account-hijack-through-notes/30006/ (https://www.kaspersky.ru/blog/facebook-account-hijack-through-notes/30006/).




75


https://www.lb7.uscourts.gov/documents/17-m-85.pdf (https://www.lb7.uscourts.gov/documents/17-m-85.pdf).


