Official Press Release

regarding the publication posted on the Internet about the sale of access to the Documentolog EDS documents.

On the website darknet.ug, an anonymous user posted a message on 05.02.2020 about selling access to the Documentolog system with attached screenshots of documents. Potential buyers are offered access to internal messages and correspondence of companies such as Kazpost, KazakhExport, Baiterek, and others. The cost of access was estimated at 4500 US dollars, and payment must be made only via Bitcoin.

After the publication of this message, Documentolog received inquiries from clients requesting comments and the company's official position. In response, the management of Documentolog issued an order to conduct an internal investigation, especially concerning the companies mentioned in the message.

During the period from 06.03.2020 - 10.03.2020, the following were conducted..." {"content": "events:

- analysis of access logs to the infrastructure servers did not reveal any cases of unauthorized access;

- analysis of the source code of the systems did not reveal any cases of hacking, including XSS (cross-site scripting) and SQL injections;

- analysis of logs of viewed documents did not reveal any cases of unauthorized access to internal client documents.

Based on the results of the investigation, Documentolog declares the following:

1. 1. The company officially confirms that since June 2019, specifically after the restructuring of the company's infrastructure and the transition of the cloud to new technologies, no traces of hacking and unauthorized access to the company's client documents have been found.
2. 2. The documents published in the attacker's message are dated mid-2018. It should be noted that in August 2018, the company "TSARKA" carried out an unauthorized hack of Documentolog's infrastructure, during which "TSARKA" specialists had access to the documents of the companies mentioned in the message in 2018. The company does not rule out the possibility of information leakage within the framework of the 2018 incident. At the same time, the head of "TSARKA" signed a guarantee letter to Documentolog stating that all downloaded documents and system source codes would be deleted. The document is provided below.
3. 
   
4. 3. The attacker's statement about providing active access to the documents of Documentolog's client companies is false and aimed at discrediting Documentolog, as confirmed by the following facts:

3.1 The message offers access to the documents of the company JSC "NUH "Baiterek". This company has not been a client of Documentolog since August 2018. Accordingly, the attacker is selling access to the internal documents of the company, not"}"} "using the Documentolog EDS, and not being a current client of Documentolog. This leads to the conclusion that the purpose of this message is not to sell real access to documents, but to undermine trust in the company Documentolog.

3.2 The publication contains the names of companies whose documents are being sold access to. Obviously, after the publication, the mentioned companies would have conducted a check of the hacking fact, and if detected, access would have been blocked. Accordingly, the potential buyer would not have received the access they paid for. However, the investigation showed that there was no hacking or unauthorized access to the documents of the mentioned companies. In this regard, we believe that this publication aims not to find a buyer, but to harm the reputation of the company Documentolog.

3.3 The perpetrator posted screenshots of documents to confirm the authenticity of the published message. Since the documents can be uniquely identified, and all actions with them analyzed, these screenshots could serve as evidence in the event of a real hack and lead to the disclosure of the crime participants. However, a detailed analysis of the documents mentioned in the message revealed that these documents were only viewed by individuals with officially authorized access to them. Moreover, we want to emphasize once again the outdated date of the documents provided in the message: mid-2018 - early 2019.

3.4 The message was published by an anonymous user registered on the same day the publication was made. Apart from publishing the message, the user has not shown any activity on the site since the publication on 05.02.2020. Thus, the user was not interested in further reactions to the published message, as the goal was not the real sale of access, but the discrediting of the company Documentolog.

The company Documentolog intends to contact the competent authorities to hold the perpetrator accountable. 

We also ask Documentolog's clients to take note of the following information: 

- The company pays great attention to ensuring information security. After the incident published by CARCA in the fall of 2018, the company completely restructured the architecture of the physical and virtual levels of the system. Significant financial resources were invested, and a system for analyzing events and logs (SIEM) was developed and implemented, allowing real-time response to any abnormal events occurring in the clients' infrastructure.

- The Documentolog EDS instances of our clients are physically separated from each other. Access to the instance is fully monitored and logged. Our clients have access to the SIEM connection service, which allows client employees to analyze all events in real-time. For more detailed information about this service, please leave a request on the website.

- In case of doubts about the security of access and documents of their instance, Documentolog is ready to provide access to view the instance logs on a one-time basis to authorized Client representatives. For continuous monitoring of your own instance, we recommend purchasing the SIEM connection service. 

- This publication is false and has been made by ill-wishers or competitors of Documentolog deliberately. Unfortunately, only such unscrupulous methods of fighting our company can be used by ill-wishers, as market or legal methods do not work. The ultimate goal of such publications is to discredit the company's image, damage the business, and possibly exert pressure on the company's management.

- Documentolog conducts business as transparently as possible, striving to develop its products technically and functionally on an ongoing basis.

We are confident that our clients have chosen us on fair and market terms, appreciate our product, our efforts, and the benefits we bring. We believe that Documentolog's clients will not take unverified publications from anonymous sources about our company seriously.

Sincerely,

General Director of LLP "Documentolog"

Kanafin Baizhan