понедельник, 1 ноября 2021 г.

Russian defense industry and Rosfinmonitoring are in danger

Their information security is handled by the "exchange" for the sale of secrets





Created by him in 2015, SerchInform LLC is a major provider of information security services for companies such as VKO ALMAZ-ANTEY, Russian Corporation of Rocket and Space Instrumentation and Information Systems, VTB, Sukhoi and even Rosfinmonitoring.

Based on certificate RU 2015615812, SerchInform is the copyright holder of the so-called information security circuit (CIB SearchInform), which is used by a number of strategically important defense and critical infrastructure enterprises in Russia. The whole secret lies in this product.

However, how safe is SerchInform itself? It turns out that no. In reality, this structure is a real "sieve" from which the secrets of clients, including those from the defense industry, go right and left. The main thing is that the buyer of "secrets" should pay as much as necessary. In order not to be unfounded Rucrimibal.info will tell the story faced by a large company that had the misfortune to contact SerchInorm. Here's what our interlocutor said:

“Under the license agreement Serchinform, provided DLP software to our company ITSecurity, which in the company of our client X conducted analytics inf. flows and monitored the cash zones for theft, and also analyzed the financial integrity of the top managers of the company X.

IT Security, provides IT security services to companies in the HoReCa industry. Usually our customers are the owners of the company, and their goal is to control the hired top managers in order to prevent kickbacks and leakage of the company's secret.

About the work carried out in the companies of our clients, no more than 2 people know, they are the founder of the customer's company and our accompanying manager.

We knew that Serchinform also had access to license keys, but we could not assume that information was leaking through them. Moreover, an agreement was concluded between Serchinform and ITSecurity, where the conditions for maintaining confidentiality were clearly spelled out.

In October 2020, an employee of the Serchinform company (Alexander Kalitin), for reasons we do not understand, decided to share with the top managers of our customer X's company information about the integrity check conducted against them and other employees. Not only did A.V. Kalitin inform about the fact of the work carried out by our company, he also handed over the access keys to all the collected compromising evidence to the employees of company X. It is important to note that one of the employees who received the compromising evidence was already dismissed from the company NS.

(We have a copy of Kalitin's letter about information leakage)!

As a result, all employees of Company X, against whom the collection of compromising evidence was conducted for several months, learned about it, and later line employees also learned.

This whole story looked like the incompetence of our ITSecurity company, and as a result of this, the founder of company X refused to further cooperate with us and we suffered large losses due to the early order of the contract.

Our potential clients refused to conclude a contract with us, and the existing ones strongly doubted to continue working with us and we had to explain all this to them and make discounts.

As a result, several contracts with the ITSecurity company nevertheless flew off and ITSecurity suffered financial and reputational losses.

In fact, Serchinform, positioning itself as a company for the protection of confidential information, leaked to a third party all confidential information about the verification carried out in relation to it.

After what happened, we contacted the management of Serchinform to find out the reasons for the "failure" and find a joint solution, but instead of negotiations, they started playing the "fool", saying that the agreement between Serchinform and AichiSecurity was never signed on their part and they therefore do not owe anything to anyone. We went to sue them.

As a result, almost a year later, in court, we managed to prove that the Agreement between Serchinform and AichiSecurity was nevertheless concluded and there is a strict confidentiality clause in it.

The court decision has come into force and we have it in our hands.



Before the publication of this article, we tried to convey information to the owners of Serchinform (Lev Matveev and Sergey Ozhegov) in order to resolve the conflict outside the framework of publicity, but this did not bear fruit. As it turned out, the owners did not know about this situation, or rather knew, but a different "picture". But still, they refused to fire Alexander Kalitin and admit their involvement in such unprofessional behavior, offering us as compensation to use their software for 1 year without payment.



We do not want to work with them and are trying to save all our colleagues from working with such a "professional" information protection company.

If someone is already cooperating with Serchinform, beware of Alexander Kalitin and his sudden quirks! "

Roman Trushkin

To be continued

Комментариев нет:

Отправить комментарий