This morning, December 28th 2018, “Shawty Boy” of Pryzraky announced a hack and data leak effecting the City of Campo Grande, Brasil. In a data dump posted to Ghostbin, Shawty Boy explained how he was able to hack the back end of the city’s official website via SQL injection, granting him access to 3 databases. While he kept the exact payload used to breach the site private, to serve as proof of the hack, Shawty did leak the login user name and passwords for 3 website administrators – theoretically giving anyone in the world the ability to login into the site for themselves if they really wanted.
It should be noted that Shawty did tag the city in the leak, meaning that if the passwords have not already been changed, they almost certainly will be in the near future. In a message attached to the hack, Shawty also stated “Happy New Year half in advance! In 2019, we come back!” In a message to Rogue Media Labs, Shawty explained that after a brief break away from the hacking scene to end 2018, he plans on returning back to hacking activities in the new year.
Website Effected: hxxp://campogrande.ms.gov.br
Raw Leak: https://ghostbin.com/paste/jhar7/raw
In conjunction with #OpNicaragua, over the weekend the Nicaraguan Ministry of Energy and Mines was hacked, defaced, and confidential log in information tied to various databases attached to the website were stolen/leaked online. The attacks were pulled off by a relatively new Anonymous hacker going by the name of “SystemD” – Twitter handle @sig_kill_9 – whom managed to bypass their Web Application Firewall, deface the site and ultimately record sensitive information belonging to various Government officials and web administrators – including emails and encrypted passwords.
Rogue Security Labs has reached out to the Nicaraguan Government and some of the officials compromised in the breach to confirm whether or not the information exposed in the leak provided below was indeed legitimate, but as of November 5th 2018 Nicaraguan officials have declined comment on the matter. Though, upon analysis, the website targeted by the attack – http://www.mem.gob.ni/ – lacks fundamental and basic security measures, such as an active SSL Certificate, indicating that the hack may have been easier than not to pull off.
#OpNicaragua has been launched by Anonymous to fight back against the repressive actions of the Nicaraguan Government, whom have repeatedly attempted to forcefully silence or outright kill legitimate protesters and protest movements inside the country. The actions of the Nicaraguan Government have caught the worlds attention and as of November 2018, the country is considered one of the worlds worst violators of human rights. If you would like to learn more about the ongoing situation in Nicaragua, you are invited to educate yourself utilizing the following links:
Nicaraguan Reports – Amnesty International: https://www.amnesty.org/en/search/?country=38314
Nicaraguan Reports – Human Rights Watch: https://www.hrw.org/sitesearch/nicaragua