Account, gosuslugi.ru and FZ-152
A short story about how to lose an account on gosuslugi.ru if you do not use the second factor.
The story is not mine, but I participated in it and talked with tech support gosuslugi.ru. And now on the site gosuslugi.ru only with the second factor.
He volunteered to help one good person who was far from computers and not the first year to a pensioner find out the debt on taxes and other payments to the state.
It seemed that registration on gosuslugi.ru , the subsequent trip to the Multifunctional Center to confirm the account the most simple solution, which was advised.
Then I created a mailbox, with this mailbox I registered on the public services website, a good person confirmed the account personally by visiting the MFC. We paid the debt, there were not many. It turned out that the Federal Tax Service requires up to 14 days to note that there is no debt.
I wanted to know the fate of payments in a week. But it was not possible to enter the public services website - “there is no entry”, technical support responded and offered to draw up an appeal. Made up. In parallel, we checked the previously specially created (and therefore rarely checked) mailbox - it turned out that on the day the account was deleted there were two letters with a difference of 25 minutes. The first with the topic "Restoring Access to Your Account" and related content. The second with the topic "Account deleted" and the content:
I very much doubt that the username and password could be known to the attacker. It is unlikely to find a password (and it was like this / 71fge6HaRNP3ng ). The username / password pair was written on a piece of paper in “square” letters. The login / password pair from the site does not match the login / password pair from the mail (also written on a piece of paper). The entrance was through the “Incognito” mode without any plugins under the supervision of a good person - although he does not really understand what I am doing, but it disciplines.
I can’t imagine who might need to delete the account on the public services website.
When communicating with the support service, as mentioned earlier, it turned out that the record was deleted. Two days later, they called the appeal and referred to F3-152 about PD said:
The record was created on a new one, later it will be confirmed by a visit to the MFC, after which it will be possible to find out the fate of payments.
For myself, I concluded:
I myself use the public services website as necessary, the impressions up to this point have been purely positive.
Update
Update2
The story is not mine, but I participated in it and talked with tech support gosuslugi.ru. And now on the site gosuslugi.ru only with the second factor.
He volunteered to help one good person who was far from computers and not the first year to a pensioner find out the debt on taxes and other payments to the state.
It seemed that registration on gosuslugi.ru , the subsequent trip to the Multifunctional Center to confirm the account the most simple solution, which was advised.
Then I created a mailbox, with this mailbox I registered on the public services website, a good person confirmed the account personally by visiting the MFC. We paid the debt, there were not many. It turned out that the Federal Tax Service requires up to 14 days to note that there is no debt.
I wanted to know the fate of payments in a week. But it was not possible to enter the public services website - “there is no entry”, technical support responded and offered to draw up an appeal. Made up. In parallel, we checked the previously specially created (and therefore rarely checked) mailbox - it turned out that on the day the account was deleted there were two letters with a difference of 25 minutes. The first with the topic "Restoring Access to Your Account" and related content. The second with the topic "Account deleted" and the content:
Hello, XXXXXXXX XXXXXXXXXXXXXXXXXXXX!
Your account in the Unified Identification and Authentication System of e-government infrastructure has been deleted.
If you did not initiate the process of deleting your account, your account may have been hacked.
Please contact the support service of the Unified Identification and Authentication System.
I very much doubt that the username and password could be known to the attacker. It is unlikely to find a password (and it was like this / 71fge6HaRNP3ng ). The username / password pair was written on a piece of paper in “square” letters. The login / password pair from the site does not match the login / password pair from the mail (also written on a piece of paper). The entrance was through the “Incognito” mode without any plugins under the supervision of a good person - although he does not really understand what I am doing, but it disciplines.
I can’t imagine who might need to delete the account on the public services website.
When communicating with the support service, as mentioned earlier, it turned out that the record was deleted. Two days later, they called the appeal and referred to F3-152 about PD said:
- that record is deleted
- cannot be restored
- it is impossible to find out any details about the removal process (who, where, how, etc.) - they do not store information according to F3-152 about PD.
- only knowledge of the mail and password, i.e. access to the mail itself is not necessary, a confirmation letter is not sent and access to the mailbox itself is not checked
- the question of why access to the mail to which the record is being recorded is not checked remained unanswered - it is not necessary to know about this technical support.
The record was created on a new one, later it will be confirmed by a visit to the MFC, after which it will be possible to find out the fate of payments.
For myself, I concluded:
- to delete an account, it is enough to know the login / password, although how the attacker knew the password remains a mystery;
- on the public services website, it is imperative to use the second factor - the first is not checked;
- Something was not completed in terms of security on the public services website.
I myself use the public services website as necessary, the impressions up to this point have been purely positive.
Update
Mailbox contents at the moment 'now'
Update2
The mail account journal on yandex.ru