8 Government Agencies Across Colombia Hacked, Thousands of Contractors, Users, Administrators, Employees & Personnel Exposed in Data Breaches

I’ve told different hackers and hacking groups in the past that I want to see them leave their hands off Colombia, but I cant control them anymore than I can control the news now can I? To this effect, throughout the course of the day Tuesday, March 19th 2019, “Al1ne3737” of “Pryzraky” announced a new round of hacks and leaks – this time effecting the six Government agencies across Colombia. More specifically implicated in today’s release were Colombia’s Secretary of Education, Observatory of Interinstitutional Environmental Agendas, Municipal Council of San Jose de Cúcuta, the Developmental Department of Planning of Tolima, Hospital of San Rafael de Tunja and ESE Moreno y Clavijo.

The most significant of the data breaches implicated the first round of leaks was the Secretary of Education, exposing the names, login and passwords of 313 global users, along with access to the emails of 517 users. The website was also defaced with Alne3737‘s cover photo and a repeating sentence reading “Hacked by @Al1ne3737.” Meanwhile, the logins of the primary administrator of the Observatory of Interinstitutional Environmental Agendas was also exposed in the data breach, as was the logins of 46 other users and access to the personal emails of 48 more – including government employees. Lastly, the hack of the Municipal Council of San Jose de Cúcutam revealed the logins of 2 site administrators, granting full access to the pages back-end.

Targets Round 1:

SedTolima: hxxps://sedtolima.gov.co/
Observatorio de Agendas Interinstitucionales Ambientales – CAR: hxxp://oaica.car.gov.co/
Corporación Concejo Municipal De San Jose de Cúcucta: hxxp://concejocucuta.gov.co/

Deface Location: https://www.sedtolima.gov.co/administrador/modulos/instituciones/noticias/vista_previa_noticia.php?cod=682
Deface Mirror: http://www.zone-h.org/mirror/id/32278133?hz=1
Original Leak: https://www.hastebin.com/aguqamuwav.nginx
Leak Backup: https://pastebin.com/3d9GxdFS

The most significant data breach of the evening hours effected the Developmental Department of Planning of Tolima, exposing the login username and passwords of 171 politicians. As of the early morning hours of March 20th 2019, the website belonging to the Department of Tolima has been shut down and remains offline, presumably “for repairs” – lol. Additionally, the login user names and joint passwords of 256 contractors of the Hospital San Rafael de Tunja were also exposed by the data breach, trimmed from a larger table of 758 contractors. Lastly, the hack/leak of ESE Moreno y Clavijo exposed the login usernames and passwords of 9 site administrators.

Serving as proof of how she gained access to each of the websites, Alne3737 also released the SQL Injection (SQLi) points of vulnerability attached to each website – as well as the SQLi point of vulnerability of two additional website not named in the leaks. As for why the hacks were pulled off or why she decided to hack Colombia here today, Al1ne3737 said she did it as a favor for a friend – lol. In a message accompanying each leak, Al1n3737 also left behind a message translated from Indonesian reading “A child will be born today and grow old with no conception of privacy. They will never know what it means to have a private moment to themselves, or thoughts which aren’t registered and analyzed. And this is a problem because privacy is important; privacy and peace of mind is what we all need to determine who we are and who we want to be.

Targets Round 2:

Ejecutor Tolima: hxxp://www.ejecutortolima.gov.co/
Hospital San Rafael de Tunja: hxxp://www.hospitalsanrafaeltunja.gov.co/
ESE Moreno y Clavijo: hxxp://www.esemorenoyclavijo.gov.co/

Additional SQLi Target 1: hxxps://www.idrd.gov.co/SIM/CS_RendimientoDeportivo/Presentacion/MedalleroDeportista.php?id=1016084157
Additional SQLi Target 2: hxxps://www.emserpa.gov.co/modulos/contrato.php?id=38

Leak: https://www.hastebin.com/yomipemozi.nginx
Leak Backup: https://pastebin.com/ubjnir0y

Screen Shot of Defaces:

Image may contain: 1 person

Image may contain: text



Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.