Conselho Nacional de Justiça Wholly Pwned by Al1ne3737 – 94 Site Databases, 53,270 Individuals Compromised by The Data Breach

In the early morning hours of April 1st 2019, “Al1ne3737” of the international hacking group known as “Pryzraky” announced a hack and data leak effecting the National Council of Justice (CNJ) of Brasil. While the leak itself was only hosted online for a short period of time, it was substantial. For example, the leak contains personally identifiable information, including logins, of approximately 2,936 people stolen across 94 site databases. This information includes state officials, government personnel members, judges, magistrates – et cetera. In a message attached to the leak, Al1ne3737 simply stated “F*ck Brasil!

It is also important to understand that this was also only a sample of the leak mind you, the entirety of the full raw leak contains personally identifiable information, including logins, of approximately 53,270 individuals in total. Due to file size limits however, Al1ne373 only decided to release 2,936 of them to the public – keeping the rest to herself. Included in the leak was sensitive information including full names, user names, physical mailing addresses, email addresses, telephone numbers, national CPF numbers, passwords and much more. You can see a break down of some of the most important folders contained within the leak below.

Highlights from Leak:

306 entries from the usario Folder of the SGT Database- including their full names, emails, login user names and passwords
256 entries from the usario Folder of the ADOCAO Database – of 8,529 total- including full names, login user names and their passwords
66 entries from the user_web_service Folder of the BNPR Database – including organization ID numbers and passwords
256 entries from the sag_usario Table in the CNCA Database – from 13,537 total- including full names, login email addresses and passwords
256 entries from the usario table of the comparilhado Database – from 12,967 total – including user name, login names, passwords and CPF numbers
15 entries from the usario Folder of the boletim_servico Database – including full names, email addresses, passwords, CPF numbers and IP Addresses
51 entries from the usario Folder of the CAPG Database – including user code numbers and passwords
241 entries from the paciente Folder of the CADNT Database – including full names, CPF numbers, email, telephone numbers, Addresses and CEP numbers
4 entries from the usario Folder of the contatos_cnj Database – including their usernames and passwords
256 from the usario Folder of the Corporative Database – from 11,972 total – including CPF numbers, user numbers, full names, user names and passwords
4 entries from the usario Folder of the infojuris_i2 Database – including first names, user names and passwords
46 entries from the intra_users Folder of the Intranet2016 Database – including names, emails, user names and passwords
8 entries from the lime_users Folder of the LimeSurvey Database – including full names, emails, user names and passwords
79 entries from the kdali_users Folder of the NoveIntranet Database – including names, emails, usernames and passwords
3 entries from the cx0pf_users Folder of the observatorionacional Database – including name, email, usernames and passwords
256 entries from the juscnj_users Folder of the portalcnj2017 Database – out of 383 total – including names, emails, usernames and passwords
162 entries from the usario Folder of the SAPRS Database – including  full names, CPF numbers, emails, usernames and passwords
– The administrator login username, email and password for the WikiDB Database
64 entries from the wikipjeuser from the WikiDB Database – including email addresses, user names and passwords
256 entries from the login Folder of the sistemaemprego Database – of 2,073 total including login user numbers and passwords
256 entries from the usario Folder of the SEI Database – out of 816 total – including names and user information
154 entries from the usario Folder of the processometro Database – including user names, CPF numbers, email addresses, telephone numbers and passwords
256 entries from the usario_sgq Folder of the SGQ Database – including usernames, emails and CPF numbers

Alvo: hxxp://cnj.jus.br/

** EDITOR’s NOTE: Al1n3737 has asked Rogue Media Labs to remove the File from the CLearNet as to make the job of any would be investigators harder. So I have complied 😉 **

Corpo de Bombeiros Militares de Tocantins Hacked by Al1ne3737, 32.24 KB of Data Leaked Online

Earlier this morning, February 26th 2019, the Military Fire Brigade of Tocantins, Brasil was compromised by a massive data breach. The hack/leak itself was claimed by “Al1ne3737” of the international hacking group known as “M1n3 B0ys,” whom managed to leak approximately 32.24 KB of data across 6 databases via the text file provided below. The leak itself features some interesting information, including the login user name, email address and password of 26 users, along with the National Cadastro de Pessoas Físicas (CPF) numbers, email addresses and passwords of 29 employees/personnel, as well as the login username, email address and password of 361 members of the Brigade.

Alvo: hxxp://bombeiros.to.gov.br
Raw Leak: https://pastebin.com/raw/ykFuNgH5
Database Download (32.4KB): https://anonfile.com/z7i1nevfba/Military_Fire_Brigade_of_Tacontins_txt

Admin Login: hxxps://intranet.bombeiros.to.gov.br/
CPF: 65872665172
PASS: 53749273

Screen Shot from Hacked Database:

No photo description available.

Diretoria de Tecnologia da Informação e Comunicação de Cachoeirinha Hacked/Defaced Along with 3 Other Brasilain Government Agencies

Towards the end of last week and into the weekend, the international hacking group known as “M1n3 B0ys” was active in a string of hacks, leaks and defacement’s targeting various Government agencies and municipality’s across Brasil. More specifically implicated in the hacks/leaks below were the Municipal Council of Poco Branco, Government of the Municipality of Damianópolis, City Hall of Cachoeirinha and Government of The State of Piauí.  At the present moment in time it doesn’t appear as though the hacks were political motivated, rather just just carried out for ‘the Lulz.

In addition to releasing the login credentials necessary to access the websites Webmail portal, the hackers also deface the Municipal Council of Poco Branco – replacing the homepage with a message reading “Extra, Extra: Ceará hacker invades the net … to sleep, of course. You may think your mistake are all bullshit to be forgotten, but they have resulted in actions that have pointed us in a new direction. Steve Jobs.” As for the Government of the Municipality of Damianópolis, in addition to defacing its website, it also appears as though the hackers were able to gain access to the governments official online Webmail portal – literally providing screenshots of themselves making an email under a Government officials account. 

The hack of the Diretoria de Tecnologia da Informação e Comunicação de Cachoeirinha was much more significantrevealing information including the login codes, passwords, office numbers, personal cell phone numbers and emails of 100’s of registered users, along with the CPF numbers, email addresses and passwords of well over 600 government employees, officials, personnel members and politicians. The leak also features the login credentials and emails of 8 IT Directors granting root access to all of the sites data. Honestly, there was so much information included in the data leak that’s it’s almost impossible to all summarize here. Instead, you are invited to browse through the leak for yourself.

Database Download (77.03 KB): https://anonfile.com/k1x2gav0b7/dados_sistemas.cachoeirinha.rs.gov.br_txt

The hack of Government of The State of Piauí was also significant, revealing the agency ID numbers, locations and extensions of 500 personnel members/offices. You can find the contents of this leak and more by browsing the links provided below. 

Câmara Municipal de Poço Branco:

Alvo: hxxp://cmpocobranco.rn.gov.br
Deface Mirror: https://defacer.id/archive/mirror/6844086

Email: suporte@openmaster.com.br
Passe: open8952

Screen Shot from Hack:

Image may contain: text

Governo do Município de Damianópolis:

Alvo: hxxp://damianopolis.go.gov.br/site/
Deface Mirror: http://www.zone-h.org/mirror/id/32231428
Webmail Login Page: hxxp://www.damianopolis.go.gov.br/site/acessaremail/

Screen Shot from Hack:

Image may contain: text

Prefeitura Municipal de Cachoeirinha:

Alvo: hxxp://sistemas.cachoeirinha.rs.gov.br
Raw Leak: https://pastebin.com/raw/HT2p5Ev4

Screen Shot from Hack:

No photo description available.

Governo do Estado do Piauí:

Alvo: hxxp://siscon.pi.gov.br
Leak: https://pastebin.com/4LsRtqVK
Leak Backup: https://ghostbin.com/paste/wep99

Screen Shot from Hack:

No photo description available.

Secretaria Especial de Agricultura Familiar e do Desenvolvimento Agrário Hacked by Al1ne3737, +1,000 Users Compromised by Breach

Earlier this morning, February 15th 2019, “Al1ne3737” of the international hacking group known as “M1n3 B0ys” announced a comprehensive hack and leak of the Secretaria Especial de Agricultura Familiar e do Desenvolvimento Agrário in Brasil. Contained within a leak consisting of nearly 15,000 lines are the names, unique user ID numbers, email addresses, passwords, CPF numbers, telephone numbers and encrypted passwords of approximately 1,126 registered users of the Federal Ministry of Agrarian Development (MDA) – including site administrators.

It remains unclear exactly how the hackers managed to breach the site, but the leak adds to a flurry of recent hacking activity from the group throughout the course of 2019. For example, over the course of the last week alone different members of the M1n3 B0ys hacking group have also managed to hack and/or deface the web pages belonging to the Universidade Estadual do PiauÍ, the Escritório de Ligação da Escola de Engenharia da UFMG and Prefeitura Municipal de General Carneiro – all in Brasil.

Alvo: hxxp://mda.gov.br/
Raw Leak: https://pastebin.com/raw/yPmJqqRL

Alvo: Universidade Estadual do PiauÍ
Deface: http://www.uespi.br/preg/

Alvo: Escritório de Ligação da Escola de Engenharia da UFMG
Deface: http://www.zone-h.org/mirror/id/32196493?hz=1

Alvo: Prefeitura Municipal de General Carneiro
Deface: https://www.generalcarneiro.pr.gov.br/licitacao/1221/
Leak: https://ghostbin.com/paste/cf5cc

https://twitter.com/al1ne3737/status/1096308027139989504

https://twitter.com/m1n3B0ys/status/1095339071700795395

https://twitter.com/m1n3B0ys/status/1095051590258622474

https://twitter.com/m1n3B0ys/status/1094715765712916480

Brasilian Ministério da Saúde Hacked by L1r4, 1,200 Dados Records Leaked Online by Sr.Alto

In news first brought to my attention via Defcon Lab, a member of the hacking group “HYS Team” going by the name of “L1R4” has claimed responsibility for a major data breach effecting the Brasilian Ministry of Health. Included in a leak first published to Ghostbin by another member of HYS Team going by the name “Sr. Alto,” the document contains approximately 1,200 records – including CNES, CPF / CNPJ, addresses, telephone contacts, banking details and much more.

Additionally, as was explained by Defcon Labs, “there is evidence to suggest that the volume of data accessed exceeds 45,000 records from that database.” Adding that other than taking the hacker at their word, “there is also no information indicating that SUS systems were the at the origin of the data.” However, it is highly suspected that the hacker stole the data from various clinics, medical offices and hospitals across Brasil, all connected the SUS’s online web portal. The hacker also failed to disclose how SUS systems were compromised in the first place.

Raw Leak: https://ghostbin.com/paste/4aysz

Leak Backup – Browse Through Leak:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/lira.pdf”%5D

Anonymous BlackSheep Releases Doxx of Brasilian President Jair Messias Bolsonaro

Earlier today hackers going by the name of “Anonymous Blacksheep” released the alleged Doxx of Brasilian President elect and former military officer Jair Messias Bolsonaro, including his Federal Cadastro de Pessoas Fisicas (CPF) number, personal telephone number and personal (non-Governmental) email address. It remains unclear how the hackers obtained the data, but the city of Jio de Janeiro has come under heavy attack from various angles over the course of the last two months alone, with various protesters upset about the current state of affairs inside the country, growing poverty rates and all-time record arrests under the now President.

The hackers could not be reached for comment, but their dump on the Ghostbin service is featured below. Additionally, it appears as though the hackers created their Twitter account exclusively for this release, so it is unknown how long they will be active or how long the post will remain up – which is why I have backed it up via screen shot.

Full Leak: https://ghostbin.com/paste/ggy9k 

No automatic alt text available.

https://twitter.com/anonblacksheep1/status/1075918261232001024