Netlock has forced a password reset for its customers after the company claimed that its web authentication system had been hacked, Azonnali has learned. The bigger issue is that the company’s services are also used by many government agencies, as well as the interesting timing between the hack, the takedown of a Russian dark-web site, and recent Russian aggression against Ukraine.
In the early morning of February 19, 2022 (Saturday), Netlock Ltd. was the target of a cyber attack …We informed our customers in due course, and ensured their safety. Among the potentially involved personal data there were hashed individual passwords used on the onlinessl.netlock.hu website. Thus, we forced reset all passwords on onlinessl.netlock.hu.
-reads part of a message on the English-language homepage of Netlock Kft.
Netlock, which provides e-signatures and other services, is a part of the Docler Holding group, owned by György Gattyán. Gattyán’s name has become more visible in public life over the past few months after forming a new party, Solution Movement, and taking part in Hungary’s parliamentary elections on April 3.
According to an “ethnical hacker” the news site corresponded with, the attackers essentially hacked into one of the company’s key products, as Netlock itself admitted, and from that point on had easy access to the data managed by the service provider.
It is also certainly possible that attacks were carried out against other parts of the company as well, since gaining successful entry in one area often encourages them to keep going.
Azonnali‘s sources claim that the attack happened on February 21, although the company’s website states it happened two days prior to that.
Netlock is one of the biggest players in Hungary’s online authentication market, with references such as Telekom (formerly Hungarian Telekom). But of even greater concern is the fact that Netlock also lists the Government Authentication Service Provider as among its list of references.
This means that whoever hacked into Netlock’s systems may also be able to access information related to a number of “e-government” services that use Netlock’s software.
Nothing is known yet about the identity of the attackers, but Azonnali‘s ethical hacker noted an interesting coincidence between the time of the attack on the company and recent Russian aggression against Ukraine.
As a member of the EU and NATO, the Hungarian government is now on the opposite side of Putin in this conflict whether it wants to be or not. It is also well known that the Russians have strong cyber warfare capabilities. Just days before the [Netlock] attack, the Russian Interior Ministry announced that it had taken down one of Russia’s largest dark-web sites, which had been selling a lot of login data that government agencies now had access to.
This is not to say that this is definitely what happened, but the coincidence is interesting.
–Azonnali‘s source told the site. [Azonnali]