How Personal Data Is Illegally Traded in Russia: Methods, Actors, and Prices

By Ava McKinneyOnline Safety

Who Sells Personal Data in Russia and for How Much?

“I’ll track you by your IP!” If you’ve ever received such threats online, you might not want to dismiss them too quickly. Because, in reality, someone can track you by your IP address. And not just that—they can also find you by your phone number, bank details, full name, or even a photo. And we’re not talking about the police or security services. This article explores how cybercriminals, known as “probers,” obtain and sell personal data in Russia.

What Is a “Probiv”?

“Probiv” is an illegal service where criminals obtain information about a person or organization from restricted databases—for a fee. This black market wouldn’t exist without insiders—employees with access to sensitive information as part of their job.

Insiders are at the bottom of the criminal hierarchy. Above them are recruiters, who find and pay insiders. At the top are the owners of probiv services, who promote their illegal offerings on the dark web, interact with buyers and information suppliers, and sometimes work directly with insiders, bypassing recruiters.

Every reputable dark web forum has a section for probiv services, and you can easily find offers on Telegram. Getting information is as simple as a few clicks and a payment.

Main Types of Probiv

Probiv services generally fall into three categories: government, mobile, and banking data.

Pricing

The probiv market is self-regulating. Sellers avoid undercutting each other, offer discounts for bulk or repeat orders, and will even buy information from competitors if they can’t fulfill a request themselves—earning customer loyalty instead of profit. Prices depend on how easily the data can be accessed. For example, if it’s cheap to get subscriber data from a certain mobile operator, it means many employees are willing to sell it.

Mobile Data Probiv

This is the most common type of probiv. Typical services include:

  • Phone number lookup
  • Finding numbers by name and date of birth
  • Call detail records
  • Call details with cell tower locations
  • “Flash” (locating a subscriber by their last call)
  • Number blocking
  • SIM card re-issuance or transfer

For example, data on Beeline subscribers is the cheapest—500 rubles for owner info, 1,500 rubles for call details, and 5,000 rubles for call details with cell tower data. Tele2 numbers are the hardest and most expensive to probe, possibly due to their internal systems. MTS and MegaFon numbers cost 800 and 1,500 rubles, respectively, but call details are much pricier—12,000 rubles for MTS and 14,000 for MegaFon.

Government Data Probiv

Government databases are the largest aggregators of Russian citizens’ personal data, collected from birth and not easily deleted or edited. Here are some popular government databases and their black market prices:

  • “Rospasport” (passports, marriage, photos): from 1,300 rubles
  • “Magistral” (all tickets bought with a passport): from 2,000 rubles
  • “Rubezh” (border crossings, passenger lists): from 5,000 rubles
  • Interpol: price on request
  • Ministry of Internal Affairs (criminal records): from 1,500 rubles
  • “Migrant” (foreign citizens): from 3,000 rubles
  • “Potok” (car photos from cameras): from 4,000 rubles/month
  • Traffic police (accidents, fines, VINs): from 1,300 rubles
  • FIS GIBDD (passport, driver’s license, car registration): from 1,300 rubles
  • IBD (passport, registration, criminal records): from 1,500 rubles
  • “Weapons” (registered firearms): from 2,500 rubles
  • Tax service (property, employment, accounts): from 1,300 rubles
  • Real estate registry: from 1,300 rubles
  • Credit bureau: from 1,500 rubles
  • Pension fund (work history, employer, contributions): from 3,000 rubles
  • Civil registry (marriage, children, residence): from 5,000 rubles
  • Bailiff service (asset restrictions, seizures): from 5,000 rubles

Recently, there was a stir over ads selling access to the Moscow video surveillance system (ECXD) for 30,000 rubles, allowing buyers to view any camera live and access five days of archived footage. This is straight out of Orwell’s “Big Brother.”

In one case, a volunteer sent her photo to a probiv service and, for 16,000 rubles, received a detailed report of her movements around the city. Authorities responded quickly, opening a criminal case against two police officers suspected of involvement.

Banking Data Probiv

Bank data leaks can have serious consequences. Here’s what you can buy about clients of Russia’s largest bank:

  • Bank card number: 3,500 rubles
  • Linked phone number: 5,000 rubles
  • Passport data, registration: 7,500 rubles
  • Security word: 15,000 rubles
  • Card balance: 5,000 rubles
  • ATM locations used: 8,000 rubles
  • Card statement: 12,000 rubles
  • Account statement: 18,000 rubles
  • Permanent card block: 2,500 rubles

Other banks aren’t much better. The fewer insiders and the better a bank’s security, the higher the price.

Other Types of Probiv

  • Social media account probiv (e.g., VK page info, email, registration date, IPs): 15,000 rubles
  • IP address probiv: 90,000 rubles
  • Instagram or Facebook page by phone number: from 5,000 rubles

Other services are available on request, with prices rising for rare or complex orders. Sellers may even find new insiders for specific jobs.

Legal Consequences for Probers

Probers are prosecuted under several articles of the Russian Criminal Code, including:

  • Art. 272.3: Illegal access to computer information (up to 5 years in prison)
  • Art. 138.2: Violation of privacy (up to 4 years)
  • Art. 137.2: Violation of personal privacy (up to 4 years)
  • Art. 183.3: Illegal acquisition/disclosure of commercial, tax, or banking secrets (up to 5 years)
  • Art. 201.1: Abuse of authority (up to 4 years)
  • Art. 285.1: Abuse of official powers (up to 4 years)

However, real prison sentences are rare. Most probers get probation, restrictions, or fines. Many cases are closed after settlements or fines. Most convictions are against mobile store employees, often due to low pay and easy access to subscriber data.

For example, in Ivanovo, an MTS employee sold subscriber data for 150 rubles per request, earning about 3,500 rubles in total. The court was lenient, ending the case with a 15,000 ruble fine.

Recently, there’s a trend to charge telecom employees under Article 274.1 (“Illegal impact on critical information infrastructure”), which carries up to 10 years in prison. In Khakassia, an MTS employee got a two-year suspended sentence for providing call details of four subscribers.

Banks rarely take employees to court, preferring to handle issues internally unless money is stolen. In Arkhangelsk, an Alfa-Bank employee was fined 50,000 rubles for leaking data on six clients, which was then sold for 140,000 rubles. The buyers used the data to steal nearly 8.5 million rubles from accounts.

Government employees are also rarely prosecuted, but when caught, the punishment can be severe. In Krasnodar, a police officer received 2.5 years in prison for leaking passport data at least 15 times.

How Cybercriminals Use Stolen Data

Most probiv services are ordered by jealous spouses, private detectives, debt collectors, corporate security, and petty scammers. But cybercriminals can do much more with this data.

Kevin Mitnick, in his book “The Art of Deception,” argues it’s easier to trick someone into giving up a password than to hack a system. Social engineering—manipulating people to gain information—is a key tool for cybercriminals. The more data they have on a target, the more convincing their attacks. Social networks and open sources help, but probiv gives access to closed data.

For example, the recent Twitter celebrity account hack targeted Twitter employees using social engineering. The attackers were amateurs, but the consequences could have been much worse in more skilled hands.

Probiv can also aid spear-phishing. If an employee recently vacationed in Turkey, an attacker could send a fake email from the Russian tourism agency about compensation, or from a hotel about a forgotten item. Travel data can be bought for 5,000 rubles from the “Rubezh” database.

With mobile probiv, criminals can get the phone numbers of a company’s boss and secretary, reissue the boss’s SIM card during vacation, and trick the secretary into downloading malware or sending sensitive documents. The possibilities are endless.

Banking probiv is used by cyber scammers to steal money, using the extra data to make their schemes more convincing.

Should We Fight Probiv—and How?

Some argue that “personal data” is an outdated concept since so much is already public. But as long as criminals can use our data for illegal purposes, it must be protected, and leaks must be punished.

Law enforcement in Russia has prosecuted many insiders, mostly young, low-paid mobile store employees. Recruiters are caught less often, and service owners almost never, as they use anonymization tools, electronic wallets, and Telegram for communication. Catching and proving their guilt is extremely difficult, so new low-level offenders quickly replace those arrested.

Company security teams should be more proactive—using modern technology, monitoring the dark web, and conducting internal audits. But the high number of dark web offers suggests these efforts are lacking. Greater media coverage, lawsuits, and regulatory fines (like Marriott’s $124 million penalty for a data breach) might motivate companies to act.

Until then, no one can be sure they aren’t being probed right now. Even if you’re not a spy and your passport data isn’t a state secret, your right to data protection matters. Ordinary citizens are the most common victims of cybercrime.

Leave a Reply