The state fiscal service (GFS) currently abandoned the use of the most popular on the market programs tax reporting “M.E.Doc”. About it reported in Department of police.
It is reported that the SFS had ceased to use this program because of allegations of Department of police of National police of Ukraine to the address of the developer “M.E.Doc”.
In Kiev believe that the program was used in a massive cyber attack. The SFS said that they would be able to comment on the situation later.
In turn, the developer FOR “M.E.Doc” 27 Jun categorically deny the use of the program in the cyber attack, July 5, acknowledged “the unprecedented fact of burglary”, in which the product was introduced malicious code to run in a pack.
According to the report, the developer has created an update that “is guaranteed to eliminate threats to users”, but in the course of the search police with the participation of the security service on 4 July the company’s servers were temporarily withdrawn for the analysis of penetration.
“Thus, while we are deprived of the opportunity to release an update with a higher degree of security,” says the developer, at the Department of police under his strict control and with the use of additional methods of protection as soon as possible to release an update.
Earlier GFS in terms of the risk of using “M.E.Doc” offered to taxpayers to use the service “Electronic office of taxpayers” to date reporting.
At the same time, in the comments on the page of the SFS in the network Facebook the message of normal operation “of Electronic office taxpayers”, some taxpayers argued that the service is working properly, and also criticized him for minor adaptation for the needs of medium and large businesses.
As stated earlier the interior Minister Arsen Avakov, a second attack of the virus started on 4 July at 13:40, but by 15:00 the specialists of the Police managed to block the activation of the virus on the servers “M.E.Doc”.
Experts have previously drawn attention to the vulnerability M.E.Doc.
“The program’s authors wanted to make their product as accessible as possible, focusing on the users of outdated versions of the OS, and not to spend money on an SSL certificate, so updates were distributed via insecure http. The tendency, when hackers are looking for vulnerabilities in the older hardware, communication protocols, etc., there has been a couple of years ago”, — said PR-Manager of company DDoS-GUARD Olga Bride.