Behind The US’s Use of Hacktivists Groups As Cover for Cyber Campaigns Targeting Brasil

As someone whom has covered hacking news and hacktivists quite heavily for the last 5 years now, I found many events which took place between the later half of 2018 and beginning of 2019 particularly interesting. For those of you whom might not have been paying attention, over this time period the country of Brasil came under heavy fire from seemingly every direction – with many local, state and federal political/Government agencies and organizations getting hacked/leaked.

However, as a hacking news journalists whom got many exclusives over this time period, what was particularly interesting to note were the people whom were behind at least some of these attacks. While some were Brasilians, such as Pryzraky, the longer all of the hacks went on, the more different groups began outing themselves as internationals – particularly Americans. Such as was the case of the group known as “Shadow Squad Hackers” whom were Americans and claimed they were targeting Brasil because they were “disgusting and dirty people.” They claimed they were targeting Brasil for know other reason that they “hate Brasil and Brasilians.” Many also claimed to the be former members of the US Department of Defense at the same time.

While those are just some examples, they were far from alone. As you can see by following the tag below, the number of new or previously unknown hacktivists groups targeting Brasil in 2018/2019 were almost too many to count.

Read More – Brasil Tag on Rogue Media: https://roguemedia.co/tag/brasil/

Why Is This Happening?

This is a two part answer. The first is the fact that Brasilian Government and political websites are far behind the rest of the world when it comes to sound cyber security practices. For example, the vast majority of hacks were all pulled off via SQL injection (SQLi) – because their website’s IT staff apparently doesn’t know how to block bad query strings. Upon further investigation, many political websites leave their login pages out in the open, on the front end landing page, making themselves an easy target for brute force attacks. Still even further, many of the smaller, local government websites don’t even utilize a Secured Socket Layer (SSL) – making them easier targets for DDoS attacks and defacement campaigns, of which there were many.

https://twitter.com/geekwiresec/status/1148940713167663106

However, the second reason is far more interesting – geopolitics. What you may not know is that Brasil is a member/signatory the the BRICS Alliance. Built by an international outreach campaign by Russian President Vladimir Putin over the years, what you should know is that BRICS is built on a long term economic/military strategy to lock the United States out of South Pacific and South Atlantic trading routes, opening up trade routes for developing countries and emerging economies – such as Brasil, Russia, India, China and South Africa (BRICS).

If you think about it logistically or tactically it makes sense, Brasil has potential for the largest economy in South America and sticks the furthest out into the South Atlantic, which gives them the best chance at controlling the South Atlantic and sealing out countries from doing business in those waters. South Africa, for example, can control the Cape of Good Hope – the only route for Western Countries to cross over the African continent and reach Eastern markets by sea. Moving further East, India could have full control over the Indian ocean and has already begun sealing out the US from shipping rubbage to their country. And still yet, further East, Russian and China have the military power necessary to completely lock out the US from reaching all Eastern countries if they really wanted – with an all out attack on Japan not withstanding (RIP).

With that established and with countless coverage of all the Brasilian attacks, along with interviews with each of the hackers and hacking groups behind the hacks, it is my firm belief that the United States Government was using “hacktivist” groups as a cover for the hacks of major political parties and Government websites across Brasil, as revenge for the Brasilians having signed new alliances with Vladimir Putin and the Russian Government. Moreover, do you believe that all of these cyber attacks targeting Brasil occurring over the same exact timeline of the US’s attacks against Venezuela were any coincidence?

It is my firm belief that the US Government used these groups and these tactics not only to expose information on the Brasilian Government and its members, but also to show them how weak their cyber security practices were. As we already know, the USA does also have a long and extensive history of “meddling” in South America as well. Many of these attacks were no different, they just didn’t have computers in the 60s and 70’s.

Read More – Declassified Documents from CIA Reveal US Political Interference Throughout South America During Cold War: https://roguemedia.co/2019/04/20/newly-declassified-documents-from-cia-depict-interesting-timeline-of-us-political-interference-meddling-in-south-america-throughout-the-cold-war/

Indigenous Tribes & Commercial Loggers On The Verge of War In Amazon Rain Forest as Deforestation Continues To Grow

(AI) – There is an imminent risk of violent clashes in Brazil’s Amazon region unless the government protects Indigenous peoples’ traditional lands from increasing illegal land seizures and logging by armed intruders, Amnesty International warned today.

Amnesty International recently visited three different Indigenous territories in northern Brazil where illegal intruders had begun or expanded efforts to seize land and/or cut down trees. Indigenous leaders told the organization that they had received death threats for defending their traditional lands. They also fear new intrusions in the dry season (May/June to October/November) when easier physical access to forests facilitates clearance and burning.

Brazil’s Indigenous peoples and their land face enormous threats and the situation will soon become untenable in the dry season,” said Richard Pearshouse, Senior Crisis & Environment Advisor for Amnesty International. “The government must protect Indigenous peoples who are defending their land, or blood will be shed.

In April 2019, Amnesty International interviewed 23 Indigenous people in three territories in northern Brazil: Karipuna and Uru-Eu-Wau-Wau in Rondônia state, and Arara in Pará state. Amnesty International also interviewed 13 people knowledgeable about intrusions in Indigenous territories, including government officials, Public Prosecutors and representatives of non-governmental organizations.

According to representatives of non-governmental organizations and authorities, intruders are often local individuals who are encouraged and supported to occupy plots of land and/or sell the timber by local farmers and politicians. Indigenous peoples in some territories conduct patrols to monitor and protect their land from these intrusions. As the intruders are often armed, there is a high risk of violent clashes with Indigenous peoples. In all three sites, Indigenous leaders have repeatedly denounced recent illegal land seizures and logging to government authorities. However there have been only limited responses from government authorities, and illegal land seizures and logging have continued.

An intrusion by some 40 illegal intruders into Uru-Eu-Wau-Wau territory in January 2019 resulted in a government surveillance operation in the area a few days later in which one person was arrested and later released. A much larger intrusion into Uru-Eu-Wau-Wau territory followed, in April 2019, estimated to involve many hundreds of illegal intruders. A government surveillance operation led to two people being arrested a week after the April intrusion.

Gunshots during the night

Indigenous peoples from all three territories told Amnesty International that illegal intruders had recently cut new paths into the forest near their villages and roads. In some territories they also described frequently hearing sounds of tractors and chainsaws inside the territories.

A 22-year-old Uru-Eu-Wau-Wau woman described how she felt in the days after the intrusion in January 2019:  “When I heard about the invasion, I was scared because it is very close to the village. I had never seen one so close. I was afraid they would come here. I couldn’t sleep anymore. There were gunshots during the night for several nights. I was scared. I put the children to sleep, but I couldn’t sleep.

Amnesty International’s researchers observed traces of roads and paths inside the Indigenous territories previously used by intruders, as well as pictures and videos of markers delineating plots and paths, and a tractor carrying timber. A Karipuna leader told Amnesty International about fears the situation may escalate to violent clashes in the dry season: “They [the illegal intruders] left a message that we [the Indigenous leaders] should not walk in their paths, we would disappear … If government doesn’t protect the territory, a tragedy between intruders and Indigenous might happen. During the dry season, intrusions will increase even more because authorities haven’t taken any measures.

The government’s response to these illegal land seizures and logging remains inadequate. The surveillance of Indigenous territories depends in large part on coordination among different governmental bodies. Brazil’s National Indian Foundation (FUNAI) lacks police powers and relies on the support from other institutions, such as the Brazilian Institute of Environment and Renewable Natural Resources (IBAMA) and the Federal Police (Polícia Federal). Experts told Amnesty International that surveillance operations have been reduced because of budget constraints over recent months.

Indigenous people expressed their frustration to Amnesty International that few intruders are held accountable, while experts highlighted the need to investigate those supporting and funding the illegal land seizures and logging.

Between January and April 2019, the Federal Public Prosecutor’s office (Ministério Público Federal) sent at least four letters to the Ministries of Justice and Women, Family and Human Rights – the Ministry responsible for the National Indian Foundation (FUNAI) since January 2019 – describing a deterioration of the security situation in the Karipuna and Uru-Eu-Wau-Wau territories and warning of a risk of conflict. The office requested the immediate support from the National Security Force (Força Nacional) while authorities develop a long-term protection plan for the territories.

To date, the Ministries of Justice and Women, Family and Human Rights have not coordinated with the National Security Force to protect the Karipuna and Uru-Eu-Wau-Wau territories and the long-term protection plan remains unresolved. “Unless FUNAI and the other authorities step up the fight against illegal land seizures and logging, violent clashes between Indigenous peoples and intruders are incredibly likely,” said Richard Pearshouse. “The government should promptly affirm its commitment to the protection of Indigenous territories and ensure they are respected.

Deforestation in Indigenous territories worsens

Illegal land seizures and logging are usually less common in rainy season (October/November to May/June) than dry season (May/June to October/November). The NGO Imazon has reported the loss of 12 square kilometres of forest inside Indigenous territories in the Amazon during the first three months of the year. This represents a 100% rise compared to the same period in 2018.

Studies indicate that, where traditional lands of Indigenous peoples are primary forests, demarcation of Indigenous territories can play a protective role against deforestation. Conserving primary forests is key in the fight against climate change because when forests are cleared or burnt, stored carbon is released into the atmosphere mainly as carbon dioxide.

Protecting the human rights of Indigenous peoples is key to preventing further deforestation in the Amazon. The international community should be watching carefully and supporting those Indigenous communities on the front lines of the fight to protect the world’s most precious forests,” said Richard Pearshouse.

No photo description available.

ADDITIONAL BACKGROUND AND TESTIMONIES

In addition to the three territories researched by Amnesty International, other Indigenous territories in Brazil also face increasing pressure from illegal intruders. In February 2019, the non-governmental organisation Repórter Brasil reported the existence of at least 14 demarcated Indigenous territories with recent invasions or intrusions from illegal intruders.

Indigenous territories are protected by Brazil’s laws and international human rights law. The Constitution recognizes Indigenous peoples’ rights to the land, its use and natural resources. Illegal land seizures and logging inside Indigenous territories constitute crimes under federal law. Brazil has ratified ILO Convention 169 which guarantees indigenous peoples the right to free, prior and informed consultation over projects that affect their lands and rights.

The Uru-Eu-Wau-Wau territory

Uru-Eu-Wau-Wau territory comprises an area of 1,867 thousand hectares in Rondônia state, northern Brazil. The process of demarcation of the territory was concluded in 1991. The Uru-Eu-Wau-Wau people with a population of 200 live in six villages in the northern part of the territory. In April 2019, Amnesty International visited two of the villages close to the locations of recent intrusions and interviewed community members.

Uru-Eu-Wau-Wau people told Amnesty International that on 11 January 2019 they confronted about 40 invaders, who were armed with sickles and machetes, cutting a path into their territory about two kilometers away from one Indigenous village and just beside the road they use to enter and leave their territory. When told to leave, the intruders allegedly replied that more intruders would be coming and threatened to kill the Indigenous children.

Another intrusion into Uru-Eu-Wau-Wau territory took place in early April 2019. Local media reported intruders saying they entered the Indigenous territory under the assumption the government would divide up the territory and allocate titles to them. Local media reported the presence of more than one thousand intruders in the Nova Floresta area, while FUNAI communicated to local indigenous people that the intrusion likely involved 500 intruders. The actual number of illegal intruders involved in the April 2019 intrusion is uncertain.

Soon after the Uru-Eu-Wau-Wau people denounced the invasion to authorities, FUNAI and federal police officers went to the start of the path which had been cut by the illegal intruders but did not arrest anyone. In late April 2019, a new operation conducted by FUNAI, Federal Police, IBAMA and ICMBio arrested two people.

The Karipuna territory

The Karipuna Indigenous territory comprises an area of 153 thousand hectares in the municipalities of Porto Velho and Nova Mamoré (Rondônia state) and was demarcated as such in 1998. The Karipuna are a Indigenous people with 58 members and the only village lies on the banks of the Jaci Paraná river. Beside the village, there is a plantation where they grow manioc, pumpkin, sweet potato, banana and corn.

Karipuna leaders told Amnesty International that the closest paths into their territory are two kilometers away from their village and they had been recently re-cleared. The presence of intruders, even during the rainy season, coupled with death threats they received few months ago, limit their activities such as hunting and collection of cashews. They fear the risk of conflict as illegal intruders get even closer.

A 26-year-old Karipuna leader said: “We are few to do the surveillance and we don’t have police powers. It is very risky and we are already being threatened. If government doesn’t act, we might lose our territory, it might be the end of the Karipuna. I don’t know if there are new paths, because we don’t patrol so often to avoid contact with intruders. They are armed with guns.

Despite an interim court decision from June 2018 ordering federal and state authorities to implement a plan to protect the territory with a minimum of 10 days of surveillance per month, government patrols have been severely curtailed.

The Arara territory

The Indigenous territory Arara is located in Pará state, northern Brazil. Demarcated in 1991, the territory with 274 thousand hectares is home to about 400 Arara people living in six different villages. Four of them lie along the Iriri river, while two others are in the northern limits of the territory, adjacent to route BR-230, also known as the Trans-Amazonian highway.

Arara people told Amnesty International in December 2018 illegal intruders began opening new paths into their territory from along the highway and marking plots of land with their names. The plots were separated by a few hundred metres. Confronted by FUNAI’s agents in an operation in late December 2018, they reportedly told the agents that Bolsonaro will authorize the sub-division of the land and logging.

After reports made by FUNAI, in January 2019 IBAMA and Federal Police flew over the Arara territory and identified three new sites of deforestation. Another attempt of illegal land seizure was identified in a more remote location of the territory in February 2019. At that time, Arara people submitted a letter to the Public Prosecutor’s Office denouncing the invasions and requesting government support to avoid a conflict. According to Arara people and authorities, illegal land seizure has been temporarily halted by government intervention, while illegal logging remains a problem.

During a visit to the territory in April 2019, Amnesty International researchers saw paths and roads used for illegal logging. They also heard a chainsaw being used nearby as they walked along one of the paths. Arara people told Amnesty International illegal logging continues to take place in the territory. According to a 43-years-old Arara man: “FUNAI used to go with us to inspect sometimes. The last mission was in February. Since then, they didn’t provide more. We denounced and they [FUNAI] claim they don’t have resources. If measures are not taken, there will be more land seizures.


This report was originally published by Amnesty International on May 9th 2019. It was republished, with permission, under a Creative Commons BY-NC-ND 4.0 International License, in accordance with the Terms & Conditions of Amnesty International | Formatting Edits and Tweet’s added and embedded by Rogue Media Labs

Declassified Documents from CIA Reveal US Political Interference South America Throughout The Cold War

So, this article is going to be a little bit difficult to piece together and involves a lot of information you were never technically supposed to see, but now can. This is because, for those of you whom might not have been aware, the US intelligence community just finished wrapping up a declassified document dump 3 years in the making last Friday – April 12th 2019. Officially entitled the “Argentina Declassification Project” and originally ordered by Barack Obama in 2016, the now browse-able archive is home to literally tens of thousands of declassified documents centering around Argentina and Argentinian history – including up on through the end of WW2 and into the Cold War.

However, what makes these documents particularly unique, and just as equally controversial, are direct references to operations carried out by the US Central Intelligence Agency, US military and our allies abroad – including France and England. What I mean to say is that the documents almost accidentally reveal/outline US War strategy throughout the course of the Cold War, and chronicle top-secret CIA missions that no one has ever heard or seen of before – because these documents have remained classified for the better part of the last 5 decades! In a weird way, the documents released last week almost throw the US and some of our closest allies completely under the bus – something I don’t believe was Obama’s original intention – or maybe perhaps it was? 🤔

Browse Full Archive – Argentina Declassification Project: https://www.intel.gov/argentina-declassification-project/records

Interestingly enough, in 2016 President Obama initially referred to the directive to release these documents as a “humanitiarian gesture” extended towards Argentina, hoping to expose and/or shine light on human rights violations which have crippled the country/region throughout the past. Taking a look at these documents first hand here today, in retrospect, while Obama wasn’t necessarily wrong in his inclinations, he may have wildly under-estimated what would be revealed or how bad it would make the US and CIA look. But then again, maybe Obama did know all along, and this is exactly why he ordered the release – who knows, really?

I bring this up because what appears to be catching the eyes/attention of some of my fellow “comrades” are details surrounding something referred to as”Operation Condor” – a delf describeda cooperative effort by the intelligence/security services of several South American countries to combat terrorism and subversion,” spearheaded by US intelligence with help from our counterparts in “France, United Kingdom, Western Germany, Canada, Australia and New Zealand.

Learn More – Operation Condor from CIA Reading Room: https://www.cia.gov/library/readingroom/search/site/%22Operation%20Condor%22

As you can read for yourself within the newly declassified document below, and as was explained in more detail by Chilean reporter Whitney Webb, “Operation Condor was a plan by the CIA that targeted leftists, suspected leftists and their “sympathizers” and resulted in the forced disappearances, torture and brutal murders of an estimated 60,000 people, as well as the political imprisonment of around half a million people. Around half of the estimated murders occurred in Argentina.” However, what caught my attention was the CIA’s use of the term “Psychological Warfare” to describe what they were attempting to do in South America as a means of subverting their enemies. This is because I have previously covered the US Governments use of psychological warfare as a means of combating Russia under Donald Trump.

Browse 4 Page Document – Operation Condor Strategy 08/22/1978:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/04/780822cia.pdf”%5D

Regardless, Web then goes on to explain how “several other documents in the recent release discuss a decision made by Condor member countries in May 1976 to train and send a military unit to “conduct physical attacks” against left-wing Latin American exiles and their supporters in France, in what was codenamed “Teseo.” Adding that “several Condor countries, aside from Brazil and Bolivia, were eager to participate and the training of the “Teseo” unit did occur, though the CIA was apparently unaware whether the unit was actually sent to France.” However, further research by Rogue Media Labs confirms the movements of these very operations in and around Europe – as you can see from the FOIA CIA reading room documents provided below, a resource I do not believe Web had access to at the time.

Learn More – Operation Teseo from CIA Archives: https://www.cia.gov/library/readingroom/search/site/%22Teseo%22

Browse 10 Page Release of Teseo Agreement To Enter Europe:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/04/combinepdf.pdf”%5D

Unfortunately, I really wish it ended there, but it does not. As Webb goes on to explain, sponsored by the US Military, Central Intelligence Agency and their counterparts in Europe, Operation Condor ultimately went on to overthrow and installed new Governments in 6 South American countries throughout the course of the 1970’s – in Chile, Brasil, Uraguay, Bolivia, Ecuador and Argentina, forever altering history.

Snipet from MintPress News:

Image may contain: text

Read Whitney Webb’s Full Article Here: https://www.mintpressnews.com/declassified-cia-docs-uk-france-and-west-germany-wanted-to-bring-operation-condor-to-europe/257541/

A separate report published by The Guardian on April 15th 2019 called Operation Condora secret programme in which the dictatorships of Argentina, Brazil, Paraguay, Uruguay, Chile, Bolivia, Peru and Ecuador conspired to kidnap and assassinate members of leftwing guerrilla groups in each other’s territories” – implying that all those killed or imprisoned were all terrorists, militant members or enemies of the state. However, as The Guardian also points out, “many — and one could convincingly argue the majority — of those killed, tortured and imprisoned were not members of guerilla groups, as there are thousands of documented cases of college students, musicians, writers, journalists, priests and nuns, pregnant women, teachers, indigenous leaders, union members and others who were subject to the extreme prejudice of Operation Condor despite not being combatants in any capacity.

According some reports, as many as 60,000 people were killed and/or assassinated as a result of these very operations – nearly half of which came from Argentina alone. Once again, as was previously stated in the lead to this article, President Obama released these documents as a favor to Argentina to help them understand their past and the human rights violations which have occurred their throughout their checkered past – though it is anyone guess how aware Obama was at the time of just how great/large of a role the United States actually played in those same human rights violations. I guess that is what you call “irony.

Regardless, thanks to multiple document dumps released by the CIA and US Intelligence community over the course last two years, together with some good ole fashion research, even though we already kind of knew these sorts of things happen, it’s just a little weird/eerie to see literal proof of it all – showcasing the very documents/treaties/back-room agreements we drafted and signed to pull it all off. Imagine if this information was made public at the time? How different would our world look today? Now that they are all out in the open for the world to see, how pissed off do you think people will be? How much will these sorts of documents influence future US relations? Your guess is as good as mine.

Lastly, when I look around at the world today, I see the US active in “regime change” in Syria, Libya, Iraq, Afghanistan, Egypt and North Korea throughout the course of the 21st century. Moreover, we have carried out these operations/War efforts in the name of “terrorism” – quite literally fighting a “War On Terror.” Looking back at CIA documents from the 1970’s and seeing the same terminology of “terrorism” and “regime change” frightens me, quite frankly, and makes me feel a whole lot less proud to be an American as I sit here today. I just cant help but wonder, when will the US’s luck run out? The proof is on the table, we have meddled in the affairs of and seemingly overthrown half the worlds leaders just to suit our own political interests. Surely it is only a matter of time before all our “interference” and “meddling” in other countries political affairs will come back to haunt us – right Russia?

New Hacking Group Known as Karamujo Official Claims Responsibility for 5 Hacks Across North & South America

No photo description available.

Over the course of the last several days/weeks a new hacking group has been attracting my attention, which they now have. The group officially refers to themselves as “Karamujo” aka “#SST Stealers Team” and at least on the surface level, appear to have no discernible nationality amoungst themselves – nor commonality between their targets. The group also has an extremely unique style when it comes to leaking information, the type of information they leak and the manner in which they leak it – all styles/techniques I have never seen assembled like this before, which also goes to tell you a little something about them.

Considering that I’ve never covered them before and Defcon Lab has already covered their other hacking campaigns last week, for the purposes of this article I would like to cover 5 of their most recent and highest profile attacks – targeting various institutions and organization across North and South America.

Geographic Military Institute of Ecuador: hxxp://igm.gob.ec/
INFOS/LEAK: https://hastebin.com/apobulinoq.cs

hxxps://apod.nasa.gov/
hxxps://nasa.gov/
hxxps://heasarc.gsfc.nasa.gov/
[+] FTP: 129.164.179.23/software/
[+] LEAK: https://hastebin.com/ganowiwidi.cs (By @SSTowna)

Brasilian Institute of Geographic Statistics: hxxps://ibge.gov.br/
[LEAK/INFOS]: https://hastebin.com/ebotiyoguv.cs
[FILES]: https://www.sendspace.com/file/hu0q2o (via @DebochadoSST)

City Hall of Rio de Janeiro: hxxp://rio.gov.br/
[INFOS / LEAK]: https://hastebin.com/lulobipiyo.http

Virtual Library of The Constitutional Court of Ecuador: hxxp://bivicce.corteconstitucional.gob.ec/
[LEAK/INFOS]: https://hastebin.com/junewogece.http

https://twitter.com/Karamujo18/status/1118340403223252993

https://twitter.com/Karamujo18/status/1118531440998797313

https://twitter.com/Karamujo18/status/1118688948770021378

https://twitter.com/Karamujo18/status/1118889549093056512

https://twitter.com/Karamujo18/status/1119057309316067335

NASA’s Chandra X-Ray Observatory, UAE’s Sharaj Exports Development Center & Mackenzie Presbyterian Institute of Brasil Hacked by Al1ne3737 of Pryzraky

Last night, April 8th 2019, “Al1ne3737” of “Pryzraky” announced a hack/leak associated with 3 different international organizations – NASA’s Chandra X-Ray Observatory in the United States, the Sharaj Exports Development Center in the United Arab Emirates and Mackenzie Presbyterian Institute of Brasil. While leaks effecting the USA and UAE were simply limited to the names and passwords of site administrators, granting access to the back-end of the websites, the leak of the Mackenzie Institute was significant – literally over 1 Megabyte (MB) of data contained within a text file.

The file itself contains the names, emails, cell phone numbers, accounts and passwords of countless thousands of individuals – one of the largest text files I have seen in the last half year of online leaks. The file itself is contained below, and is certified safe to the public.

Targets:

NASA Chandra X-Ray Observatory: hxxp://chandra.harvard.edu/
Sharaj Exports Development Center: hxxp://sharjahexports.gov.ae/
Mackenzie Presbyterian Institute: hxxp://news.mackenzie.br/

Data Download (1.72 MB): https://anonfile.com/o41457a7nc/_ep1_al1ne3737_txt

https://twitter.com/al1ne3737/status/1115358701005824002

Partido Democrático Trabalhista & Ministério da Educação Hacked by Shadow Squad, Access To Party Politicians & Gov Leaders Leaked Online

Far be it from me to pass up an opportunity to publish leaks effecting major political parties, politicians and Government offices/agencies across any country. To this effect, I am proud to present a new round of leaks brought to the world’s attention by a new group of hackers going by the name of “Shadow Squad Hackers” – whom have dumped an interesting set of data online over the last several days. More specifically, the leaks implicate several prominent party leaders, politicians, civil activists and government agencies across Brasil. While the group has released 3 leaks online to date, for the purposes of this article I would like to focus on two of them – implicating the Democratic Party of Trabalhista and National Association of Internal Audit Servants of the Ministry of Education. I know, that last one is a bit of a mouthful – the Brasilian Government clearly needs to work on their acronyms 😂.

Given that the group is new to the hacking scene as of this week, really, I was skeptical at first, but upon doing some research it appears as though their leaked data pans out – which is why I am publishing it here today. The leaked data itself implicates some high level politicians across Brasil, including party leaders and members of the international rotary club. For no other reason that, these leaks were actually kind of fun to investigate – enjoy!

Partido Democrático Trabalhista: hxxp://pdtap.org.br/
Data Leak: https://hastebin.com/epusemaxip.rb

Associação Nacional dos Servidores Integrantes das Auditorias Internas do Ministério da Educação: hxxp://www.fonai-mec.com.br/
Data Leak: https://hastebin.com/yonudovexu.pl

3 Federal Universities, 1 State Owned Bank Hacked by Pryzraky – (10.91 MB zip) of Data Leaked Online

Earlier today, April 6th 2019, the now infamous group of international hackers known as “Pryzraky” teamed up for a massive string of hacks and leaks effecting institutions across Brasil. More specifically implicated in the leaks are the State University of Rio de Janerio (UERJ), Federal University of Mato Grosso (UFMT), Faculdade Integrada Tiradentes (FITS), a Brasilian based medical training facility, as well as Interlegis, a state funded Development Bank administered by the Federal Senate of Brazil.

Honestly, the amount of information contained in the leak is extremely large, something which should go without saying – especially given the compressed file size and the SQL files acting as TXT files within it. For this reason, it would literally take hours to document everything contained within the leak – something you can do for yourselves. What I can tell you though is that the files contain information on thousands to tens of thousands of individuals, such as their names, emails, phone numbers, CPF numbers, usernames and passwords to their online accounts – granting access to God knows how much more information on each individual person.

Pryzraky claims that the hacks are being carried out to stand up against the corruption of the Brasilian Government, as their own unique form of protest. This is also why the Government of Brasil will continue to find itself a target of South American hacktivists such as Pryzraky throughout the future. As for the matter at hand, Rogue Media Labs has downloaded the file and certifies that its release is safe to the public. More importantly, should the file ever be taken down, you can reach out for a backup copy – enjoy!

Targets:

Universidade do Estado do Rio de Janeiro: hxxp://uerj.br/
Universidade Federal de Mato Grosso: hxxp://ufmt.br/
FITS – Faculdade Integrada Tiradentes: hxxp://fits.edu.br/
Interlegis: hxxp://interlegis.leg.br/

Database Download (10.92 MB Compressed): https://anonfile.com/2dXdEaZ4m9/PryzrakyLeaks_-_06.04.2019_zip

 

Associação Nacional do Auditores Fiscais, Conselho Federal de Estatistica & SigProJ Administration of Brasil Hacked by Pryzraky

Yesterday, April 4th 2019, “Al1ne3737” of “Pryzraky” announced a hack of 4 Government agencies, organizations and websites across Brasil, leaking sensitive information tied to their databases online. More specifically implicated in the hacks/leaks were the SigProJ Administration, National Association of Tax Auditors (ANFIP), the online web portal of the 8th Region of Brasil (Pará and Amapá), as well as the Federal Council of Statistics (CONFE).

The leaks are significant, exposing information such as CPF numbers, telephone numbers, email addresses, psychical addresses, usernames and passwords of literally tens of thousands government employees and registered users. However, while the entirety of all the file folders contained within the leak add up to tens of thousands, due to file/time constraints, Al1ne3737only” released a couple thousand records to the general public. You can find all of these and more via the leaks provided below. Please note that all of the downloads are safe to the public – enjoy!

Target: hxxp://sigproj1.mec.gov.br
Leak: https://pastebin.com/raw/D8nA97UT

Associação Nacional do Auditores Fiscais da Receita Federal do Brasil: hxxp://www4.anfip.org.br/
Portal do TRT 8ª Região – Pará e Amapá: hxxp://www2.trt8.jus.br/
CONSELHO FEDERAL DE ESTATÍSTICA: hxxp://confe.org.br/
Database Download (688.79 KB): https://anonfile.com/v7j2QfY3me/dates_confe_anfip_trt8_al1ne3737_txt

https://twitter.com/al1ne3737/status/1114053833460731904

https://twitter.com/al1ne3737/status/1114030177586118656

Agência Nacional de Águas Hacked by K4PP4K of PICOCASGANG, Site’s User Email Databases Leaked Online

Yesterday afternoon, March 4th 2019, “K4PP4K” of “PICOCASGANG” announced a hack/leak of the National Water Agency of Brasil (ANA). Reviewing the leaked data posted online, it appears as though K4PPAK was able to access approximately 16 databases attached to the back end of the website, dumping the contents of two of them to the general public. For example, in a leak of the vwUsario Folder, K4PP4K released the names, email addresses, user login names and passwords of 136 users – including site administrators. Additionally, in a leak of the Usario Folder, K4PP4K released the email addresses, names and passwords of 133 registered users of the website. You can view the leak in its entirety through the information provided below.

Target: hxxp://ana.gov.br/
Leak: https://hastebin.com/kulirurefo.rb
Leak Backup 1: https://ghostbin.com/paste/ky2vj
Leak Backup 2: https://pastebin.com/sVEGCnCS

Lastly, in a poetic message attached to the data leak, K4PP4K stated:

Another week, another leak. Corruption makes you weak.

As a muppet of the system, you never crack
But what is the cost
To never ever ask?

You call me a criminal
Because I hack, and for that
I could be arrested.

But you practice corruption
And smell like a murder
I think that’s enough

To call you as an
hypocritical bummer.

You can’t kill an a idea.
That’s a goddamn catchphrase.
But it’s justified
Why, to you and without fear
I keep gaze.

Conselho Nacional de Justiça Wholly Pwned by Al1ne3737 – 94 Site Databases, 53,270 Individuals Compromised by The Data Breach

In the early morning hours of April 1st 2019, “Al1ne3737” of the international hacking group known as “Pryzraky” announced a hack and data leak effecting the National Council of Justice (CNJ) of Brasil. While the leak itself was only hosted online for a short period of time, it was substantial. For example, the leak contains personally identifiable information, including logins, of approximately 2,936 people stolen across 94 site databases. This information includes state officials, government personnel members, judges, magistrates – et cetera. In a message attached to the leak, Al1ne3737 simply stated “F*ck Brasil!

It is also important to understand that this was also only a sample of the leak mind you, the entirety of the full raw leak contains personally identifiable information, including logins, of approximately 53,270 individuals in total. Due to file size limits however, Al1ne373 only decided to release 2,936 of them to the public – keeping the rest to herself. Included in the leak was sensitive information including full names, user names, physical mailing addresses, email addresses, telephone numbers, national CPF numbers, passwords and much more. You can see a break down of some of the most important folders contained within the leak below.

Highlights from Leak:

306 entries from the usario Folder of the SGT Database- including their full names, emails, login user names and passwords
256 entries from the usario Folder of the ADOCAO Database – of 8,529 total- including full names, login user names and their passwords
66 entries from the user_web_service Folder of the BNPR Database – including organization ID numbers and passwords
256 entries from the sag_usario Table in the CNCA Database – from 13,537 total- including full names, login email addresses and passwords
256 entries from the usario table of the comparilhado Database – from 12,967 total – including user name, login names, passwords and CPF numbers
15 entries from the usario Folder of the boletim_servico Database – including full names, email addresses, passwords, CPF numbers and IP Addresses
51 entries from the usario Folder of the CAPG Database – including user code numbers and passwords
241 entries from the paciente Folder of the CADNT Database – including full names, CPF numbers, email, telephone numbers, Addresses and CEP numbers
4 entries from the usario Folder of the contatos_cnj Database – including their usernames and passwords
256 from the usario Folder of the Corporative Database – from 11,972 total – including CPF numbers, user numbers, full names, user names and passwords
4 entries from the usario Folder of the infojuris_i2 Database – including first names, user names and passwords
46 entries from the intra_users Folder of the Intranet2016 Database – including names, emails, user names and passwords
8 entries from the lime_users Folder of the LimeSurvey Database – including full names, emails, user names and passwords
79 entries from the kdali_users Folder of the NoveIntranet Database – including names, emails, usernames and passwords
3 entries from the cx0pf_users Folder of the observatorionacional Database – including name, email, usernames and passwords
256 entries from the juscnj_users Folder of the portalcnj2017 Database – out of 383 total – including names, emails, usernames and passwords
162 entries from the usario Folder of the SAPRS Database – including  full names, CPF numbers, emails, usernames and passwords
– The administrator login username, email and password for the WikiDB Database
64 entries from the wikipjeuser from the WikiDB Database – including email addresses, user names and passwords
256 entries from the login Folder of the sistemaemprego Database – of 2,073 total including login user numbers and passwords
256 entries from the usario Folder of the SEI Database – out of 816 total – including names and user information
154 entries from the usario Folder of the processometro Database – including user names, CPF numbers, email addresses, telephone numbers and passwords
256 entries from the usario_sgq Folder of the SGQ Database – including usernames, emails and CPF numbers

Alvo: hxxp://cnj.jus.br/

** EDITOR’s NOTE: Al1n3737 has asked Rogue Media Labs to remove the File from the CLearNet as to make the job of any would be investigators harder. So I have complied 😉 **

Hazard Analysis & Critical Control Points/Análise de Perigos Hacked by Mr. Joker aka “Error Toxic”

Least week, March 22nd 2019, a hacker going by the name of “Mr. Joker” posted a data leak effecting the Hazard Analysis & Critical Control Points/Análise (HACCAP) de Perigos, Brasil – essentially a food and safety administration similar in many ways to the Food and Drug Administration of the United States. At the present moment in time not much is known about the hacker or their methodology/rationale, but their Twitter timeline was created a little less than 2 weeks ago and is full of 11 Tweets tied to various hacks, leaks and exploits effecting websites all over the world.

What we do know about this particular hack is that Mr. Joker was able to breach the site via SQL Injection (SQLi) granting him full access to the websites back-end. Moreover, I only covered their hack/leak of the HACCAP today because it effects a Government organization, exposing the name, email, passwords and addresses of 197 personnel members employed by the organization. You can learn more about the hacker and their leaks through the Twitter timeline provided below.

Full Raw Leak: https://ghostbin.com/paste/yvasx

https://twitter.com/ErrorToxic3/status/1109038091522723840

Agência Nacional do Petróleo, Gás Natural e Biocombustíveis Hacked by K4PP4K, Site Admin Credentials Leaked Online

Earlier this morning, March 17th 2019, a hacker going by the name of “K4PP4K” announced a hack and data breach effecting to the National Agency of Petroleum, Gas and Natural Combustibles (ANP) of the Federal Republic of Brasil. Contained within a data leak affiliated with the website are the file folders of 3 databases attached to the back-end of the agencies website, along with the email, usernames and passwords of 9 administrators granting full root access over the site and all of its content.

At the present moment in time not much is known about K4PP4K, but this is their second such major hack of a National Brasilian agency dating back to February 24th 2019, when K4PP4K released various SQL vulnerabilities attached to the website belonging to the state government of Rio de Janeiro. Similarly, it’s suspected that SQLi is also how K4PP4K breached ANP’s website this week. Unfortunately though, ANP was officially tagged in the release a little more than 13 hours ago, meaning that if those admin credentials haven’t already been changed they almost certainly will be very shortly.

Alvo: hxxp://anp.gov.br/
Raw Leak: https://hastebin.com/kilisodide.pl
Leak Backup: https://ghostbin.com/paste/yxb2v