Behind The US’s Use of Hacktivists Groups As Cover for Cyber Campaigns Targeting Brasil

As someone whom has covered hacking news and hacktivists quite heavily for the last 5 years now, I found many events which took place between the later half of 2018 and beginning of 2019 particularly interesting. For those of you whom might not have been paying attention, over this time period the country of Brasil came under heavy fire from seemingly every direction – with many local, state and federal political/Government agencies and organizations getting hacked/leaked.

However, as a hacking news journalists whom got many exclusives over this time period, what was particularly interesting to note were the people whom were behind at least some of these attacks. While some were Brasilians, such as Pryzraky, the longer all of the hacks went on, the more different groups began outing themselves as internationals – particularly Americans. Such as was the case of the group known as “Shadow Squad Hackers” whom were Americans and claimed they were targeting Brasil because they were “disgusting and dirty people.” They claimed they were targeting Brasil for know other reason that they “hate Brasil and Brasilians.” Many also claimed to the be former members of the US Department of Defense at the same time.

While those are just some examples, they were far from alone. As you can see by following the tag below, the number of new or previously unknown hacktivists groups targeting Brasil in 2018/2019 were almost too many to count.

Read More – Brasil Tag on Rogue Media: https://roguemedia.co/tag/brasil/

Why Is This Happening?

This is a two part answer. The first is the fact that Brasilian Government and political websites are far behind the rest of the world when it comes to sound cyber security practices. For example, the vast majority of hacks were all pulled off via SQL injection (SQLi) – because their website’s IT staff apparently doesn’t know how to block bad query strings. Upon further investigation, many political websites leave their login pages out in the open, on the front end landing page, making themselves an easy target for brute force attacks. Still even further, many of the smaller, local government websites don’t even utilize a Secured Socket Layer (SSL) – making them easier targets for DDoS attacks and defacement campaigns, of which there were many.

https://twitter.com/geekwiresec/status/1148940713167663106

However, the second reason is far more interesting – geopolitics. What you may not know is that Brasil is a member/signatory the the BRICS Alliance. Built by an international outreach campaign by Russian President Vladimir Putin over the years, what you should know is that BRICS is built on a long term economic/military strategy to lock the United States out of South Pacific and South Atlantic trading routes, opening up trade routes for developing countries and emerging economies – such as Brasil, Russia, India, China and South Africa (BRICS).

If you think about it logistically or tactically it makes sense, Brasil has potential for the largest economy in South America and sticks the furthest out into the South Atlantic, which gives them the best chance at controlling the South Atlantic and sealing out countries from doing business in those waters. South Africa, for example, can control the Cape of Good Hope – the only route for Western Countries to cross over the African continent and reach Eastern markets by sea. Moving further East, India could have full control over the Indian ocean and has already begun sealing out the US from shipping rubbage to their country. And still yet, further East, Russian and China have the military power necessary to completely lock out the US from reaching all Eastern countries if they really wanted – with an all out attack on Japan not withstanding (RIP).

With that established and with countless coverage of all the Brasilian attacks, along with interviews with each of the hackers and hacking groups behind the hacks, it is my firm belief that the United States Government was using “hacktivist” groups as a cover for the hacks of major political parties and Government websites across Brasil, as revenge for the Brasilians having signed new alliances with Vladimir Putin and the Russian Government. Moreover, do you believe that all of these cyber attacks targeting Brasil occurring over the same exact timeline of the US’s attacks against Venezuela were any coincidence?

It is my firm belief that the US Government used these groups and these tactics not only to expose information on the Brasilian Government and its members, but also to show them how weak their cyber security practices were. As we already know, the USA does also have a long and extensive history of “meddling” in South America as well. Many of these attacks were no different, they just didn’t have computers in the 60s and 70’s.

Read More – Declassified Documents from CIA Reveal US Political Interference Throughout South America During Cold War: https://roguemedia.co/2019/04/20/newly-declassified-documents-from-cia-depict-interesting-timeline-of-us-political-interference-meddling-in-south-america-throughout-the-cold-war/

Backbox Linux Releases Update To Version 6.0

While I was away last month I got an interesting email/request by Backbox Linux Community Staff to release an article covering the release of their latest version; upgraded to version 6.0. Before getting into that however, for those of you whom might be unfamiliar with the product, Backbox Linux is an increasingly popular ethical hacking and penetration testing Linux distro – complete with all of the most modern tools and programs utilized by professionals working in these fields. In fact, Backbox Linux made Rogue Security Labs list of the most popular/widely used hacking-based Operating Systems earlier this year after receiving a review of it from “Al1ne3737” – formerly of “Pryzraky.

Learn More About Backbox & Other Hacking OS’s: https://roguesecuritylabs.ltd/all-about-hacking-based-operating-systems/

But, without any further adieu, here is everything you need to know about Backbox Linux‘s update to version 6.0, along with everything that’s new and where you can go to download the latest version.

About Backbox Linux

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, automotive and exploitation. It has been built on Ubuntu core system yet fully customized, designed to be one of the best Penetration testing and security distribution and more.

About The Update

As usual, this major release includes many updates. These include new kernel, updated tools and some structural changes with a focus on maintaining stability and compatibility with Ubuntu 18.04 LTS.

What’s New:

  • Updated Linux Kernel 4.18
  • Updated desktop environment
  • Updated hacking tools
  • Updated ISO Hybrid with UEFI support

System Requirements:

  • 32-bit or 64-bit processor
  • 1024 MB of system memory (RAM)
  • 10 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port (3 GB)

The ISO images for both 32bit & 64bit can be downloaded from the official web site download section.

Download Latest Version Here: https://www.backbox.org/download

UAE Ministry of Presidential Affairs, Ministry of The Prime Minister, Airports, Oil Companies & Over A Half Dozen More Federal Agencies Exposed in Data Breach

I swear, the universe has such an interesting way of working itself out. A couple weeks ago I learned of a controversial new project being undertaken by US cyber-mercenaries on behalf of the United Arab Emirates, solely designed to spy on other Arab nations, news outlets, activists and journalists abroad. More specifically, their work is/was officially code-named “Project Raven,” an operation designed to spy on UAE counterparts in countries such as Qatar, including Qatari media outlets such as Al-Jazeera news.

Learn More – Project Raven: https://www.reuters.com/investigates/special-report/usa-spying-raven/

However, over the course of the last few weeks/months since news of Project Raven first became public, it appears as though the United Arab Emirates has now made itself a target as a result. I say this because last night I came across an interesting cache of documents left exposed online, all stolen from various offices and organizations throughout the UAE dating back to March 2019. Together with the help of PopTart from Pryzraky, Rogue Media Labs was able to extract, compress and back up each the files to be released to the browsing public here today. The leak in its entirety contains records stolen from 11 businesses, offices, agencies and organizations across the UAE – including information such as site webmail passes, user passes, web shells and much more.

Named In The Leaked Doc’s Below:

Abu Dhabi Airports
Abu Dhabi Statistics Center
CDHQ
Emirates Federal Competitiveness and Statistics Authority
Emirates Ministry of Presidential Affairs
Emirates National Oil Company
Emirates National Media Company
Emirates Policy Center
Emirates Prime Ministers Office
Etihad Airways
Lamprel Energy Limited

Download Full File Here: https://roguemedia.co/wp-content/uploads/2019/04/UAE_Dump.zip

Pryzraky Hackers Responsible for 39 International Hacks, Leaks & DDoS Attacks Over The Last 4 Days

Dating back to the weekend, “Pryzraky” hackers have been extremely active in a number of hacks, leaks and DDoS attacks targeting Government institutions in and around Europe, United States, United Kingdom and South America. However, while their hacks have primarily been carried out under the banners of #OpAssange, #OpEcuador and #OpUK, Pryzraky is doing as much as possible to distance themselves from the Anonymous hacker collective, whom been extremely active in publicizing these operations online.

All told, group members “Mecz1nho Markov” (@Mecz1nho), “Alne3737” (@Al1ne3737) and “PopTart” are responsible for a 39 cyber attacks over the last 4 days, including attacks targeting the Association of Police Investigators (Brasil), International Police (France), Department of Defense (USA) and National Police Association of the United Kingdom – with some attack bringing websites down for days at a time. A full list of their attacks is chronicled below.

Hacked/Leaked:

Association of Civilian Police Investigators: hxxp://sinpol-assinpol.com.br/
Faculdade Integrada Tiradentes: hxxp://fits.edu.br/
Data Download: https://anonfile.com/fem19fd4n9/PryzrakyLeaks_-_14.04.2019_zip

[Target]: hxxps://www.correosdelecuador.gob.ec/
[Database]: https://pastebin.com/raw/KQXRbqCQ

DDoS Attacks:

International Police (INTERPOL) – hxxp://interpol.int/ (Tango Down’d)
US Department of Defense (DoD) – hxxp://defense.gov/ (Tango Down’d)
UK National Police – hxxp://police.uk/ (Tango Down’d)
Supreme Court of The United Kingdom – hxxp://supremecourt.uk/ (Tango Down’d)

SQLi Injection Vulnerabilities:

hxxp://bedale-tc.gov.uk/
hxxp://www.exning-pc.gov.uk/
hxxp://www.rosstc-herefordshire.gov.uk/

.GOV
hxxp://www.wraysburyparishcouncil.gov.uk/cllr-profile.php?id=24%27
hxxp://www.localplan.charnwood.gov.uk/content/index.php?id=1%27

.CO
hxxp://www.thelexington.co.uk/event.php?id=311%27
hxxp://chatterboxvoices.co.uk/profile.php?id=351%27
hxxp://www.mexicolore.co.uk/can.php?id=1%27
hxxp://fieh.co.uk/index.php?Id=51%27
hxxp://www.facetpublishing.co.uk/title.php?id=301829%27#.XLPCxuhKjIU
hxxps://www.ileswastesystems.co.uk/index.php?id=1%27
hxxp://www.mcstone.co.uk/kitchens.php?id=11%27
hxxp://www.elmslie.co.uk/project.php?id=61%27
hxxp://www.sequoia.co.uk/news.php?id=134%27
hxxp://www.mwnuk.co.uk/resourcesDetail.php?id=97%27
hxxp://www.windowfrance.co.uk/about_infos.php?id=1%27
hxxp://emjplastics.co.uk/project.php?id=14%27
hxxp://dementiabuddy.co.uk/event.php?id=162%27
hxxps://www.fusionworcs.co.uk/news/article.php?id=579%27
hxxps://www.nottspeed.co.uk/news_item.php?ID=243%27
hxxp://www.falkirklocalhistorysociety.co.uk/home/index.php?id=124%27
hxxps://www.trinitycollege.com/news/viewarticle.php?id=502%27
hxxps://www.restons.co.uk/index.php?id=79%27

.ORG
hxxps://www.pysc.org.uk/new/article.php?id=426%27
hxxp://www.bicga.org.uk/hub.php?ID=41%27
hxxps://www.lmc.org.uk/page.php?id=17%27
hxxp://www.linksparkct.org.uk/course.php?id=47%27
hxxp://www.gracechurchgreenwich.org.uk/churchbuilder/medialib.php?id=384
hxxps://garyhall.org.uk/maths-resource.php?id=80
hxxps://www.outward.org.uk/vacancy.php?id=104%27

https://twitter.com/al1ne3737/status/1117578169496866816

#FreeAssange: Attacks Against Ecuadorian Infrastructure Carry On Into The Weekend

No photo description available.

On April 12th 2019, in what would go on to become one of my most read articles in weeks, Rogue Media Labs documented a string of ongoing cyber attacks targeting the Government of Ecuador and Ecuadorian infrastructure worldwide. However, as it would turn out, these attacks weren’t just limited to the 11th and 12th, but have instead evolved into something greater – with even larger and more pronounced attacks occurring throughout the course of the weekend. The attacks themselves are now being carried out under the banners of “Operation Ecuador” (#OpEcuador) and “Operation Assange” (#OpAssange), with promises to continue the attacks well into the foreseeable future.

I’ve done my best to document most of them, but I am certain I did not catch them all. If you would like to learn more, you are invited to follow the operations hashtags on Twitter as they are featured above.

Learn More About Last Weeks Attacks: https://roguemedia.co/2019/04/12/hacktivists-team-up-to-hack-deface-leak-or-crash-39-ecuadorian-websites-within-first-24-hours-after-assanges-arrest/

https://twitter.com/AnonymousWrId/status/1116923487875207169

CYB3R C0V3N S3CURITY (@Cyb3rC0v3nSec):

Superior Educational Consultants: hxxp://caces.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Los Angels: hxxp://losangeles.consulado.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Chicago: hxxp://chicago.consulado.gob.ec/ (Tango Down’d)
Ecuadorian Embassy of Malaysia: hxxp://malasia.embajada.gob.ec/ (Tango Down’d)
Ecuadorian Consulate of Houston: hxxp://houston.consulado.gob.ec/ (Tango Downd)
Ecuadorian Embassy of Venezuela: hxxp://venezuela.embajada.gob.ec/ (Tango Down’d)

Iznaye Cyber Team (@Iznaye):

Secretary of Environment: hxxp://www.quitoambiente.gob.ec/ (Tango Down’d)
Ecuadorian Council of The Judiciary: hxxp://www.funcionjudicial.gob.ec/ (Tango Down’d)
Municipal GAD of Latacunga: hxxp://latacunga.gob.ec/ (Tango Down’d)
Colegio Jimirwin: hxxp://colegiojimirwin.edu.ec/ (Hacked)
Ombudsman of Ecuador: hxxp://consulta.dpe.gob.ec/ (Hacked/Leaked)
Universidad Técnica del Norte: hxxp://eduvirtual.utn.edu.ec/ (Hacked/Leaked)

Tapi Combat Educational Unit: hxxp://www.uecombatientesdetapi.edu.ec/
Data Leak: https://ghostbin.com/paste/osohr

Fiscomisional Educational Unit of San Jose: hxxp://www.calasanz-saraguro.edu.ec/
Data Leak: https://ghostbin.com/paste/qkofa

Educational University of Hispanic Americans: hxxp://www.institutohispanoamerica-riobamba.edu.ec/
Data Leak: https://ghostbin.com/paste/xsyv7

Municipal del Cantón Sucúa: hxxp://sucua.gob.ec/
Deface Mirror: http://www.zone-h.org/mirror/id/32335260?hz=1

Target: hxxp://www.bomberosvalencia.gob.ec/
BombersValencia Leak: http://cryptb.in/M3Cp14FR9q
Archive: http://archive.fo/6lmty

Target: hxxp://sageslaut.democrat/
Leak: http://cryptb.in/WaYCs784
Archive: http://archive.fo/uY2PC

Pryzraky (@Pryzraky):

Ecuadorian Embassy of The United Kingdom: hxxp://reinounido.embajada.gob.ec/ (Tango Down’d)

Ecuadorian Military Intelligence: hxxps://www.inteligencia.mil.ec/
Ecuadorian Internal Revenue Service: hxxp://descargas.sri.gob.ec/
Cooperative CREA: hxxp://virtual.crea.fin.ec:9192/
Infos/Vul: https://pastebin.com/raw/r5K4DFJM

Empresa Eléctrica Regional del Sur: hxxps://www.eerssa.gob.ec/
Database Leak: https://pastebin.com/raw/uiLZjraE

Anonymous:

Ecuadorian National Police: hxxp://policiaecuador.gob.ec/ (Deface)
Ecuadorian Embassy of Ukraine: hxxp://bce.fin.ec/ (Defaced)
Central Bank of Ecuador: hxxp://bce.fin.ec/ (Tango Down’d)

FBI Mail Servers: 153.31.160.5
CF-RAY: 4c751ebe4e98a875-CDG

Broadcast IP’s : 147.67.255.255 (Leaked)

Liceo Military: hxxp://liceonaval.mil.ec/ (Defaced)

Ecuadorian University Leaks: https://ghostbin.com/paste/wx8rh

Ecuador’s School of the Judicial Function: hxxps://escuela.funcionjudicial.gob.ec/
Data Leak: https://ghostbin.com/paste/r4by3
Leak Backup: https://pastebin.com/GHcbk12n

#OpEcuador Hit List: https://hastebin.com/yavudususu.rb

https://twitter.com/AnonymousWrId/status/1117148232315019271

And perhaps most importantly of all, I know it’s the burning question on everyone’s mind, but have no fears, Julian Assange’s cat is indeed safe!

Hacktivists Team Up To Hack, Deface, Leak or Crash 39 Ecuadorian Websites Within First 24 Hours After Assange’s Arrest

At this point it should go without saying, but yesterday morning the Ecuadorian Embassy  in London decided against continuing Julian Assange’s protection/asylum and he is now going to be extradited to stand trial in the United States – where he faces life in prison. While every news outlet between here and the moon has already done their own spinoff story on these developments, what I haven’t seen anyone else covering is the response from at least some of the hacking/cyber security community – so this is what I will attempt to do here today.

First off, the very reason why Wikileaks founder was arrested yesterday was most likely for his open support for a number of leaked documents implicating Ecuador’s President recently – likely leaked for his decision to put so much pressure on Julian Assange in the first place over recent weeks. The leaked cache of documents in question is officially referred to as the INA Papers – which you can browse in their entirety below.

Browse INA Papers Leak: http://inapapers.org/

With that established, within the first 24 hours of Assange’s arrest different hackers from all around the world appear to have teamed up together to launch a massive and coordinated series of cyber attacks against the Ecuadorian Government and its infrastructure. While it would be impossible to find them all, here is everything I was able to research – 39 different targets of hacks, leaks, defaces and/or DDoS attacks April 11th-12th 2019. Among the participants were Anonymous, LulzSec, Pryzraky, CYB3R C0V3N and many more.

Defaced:

Target: hxxps://www.utpl.edu.ec/
Deface: https://www.utpl.edu.ec/salas/view_entry.php?id=103164

Target: hxxp://www.esmena.edu.ec/
Deface Mirror: http://www.zone-h.org/mirror/id/32332771?hz=1

Target: hxxp://reinounido.embajada.gob.ec/
Deface: pic.twitter.com/2cSkC3Zndy

Tango Downed:

Ecuadorian Embassy of the United Kingdom: hxxp://reinounido.embajada.gob.ec/
Ecuadorian Consulate of Chicago: hxxp://chicago.consulado.gob.ec/
Official Guide of Protocols & Procedures of the State of Ecuador: hxxp://gob.ec/
National Institute of Investigation: hxxp://inigemm.gob.ec/

https://www.bce.fin.ec/en/
https://www.ministeriointerior.gob.ec/
http://reinounido.embajada.gob.ec/
https://www.presidencia.gob.ec/
https://www.finanzas.gob.ec/
http://cti.administracionpublica.gob.ec/
http://encuestas.gobiernoelectronico.gob.ec/
http://viajes.administracionpublica.gob.ec/
http://www.cege.gob.ec/
http://www.reconstruyoecuador.gob.ec/
http://www.yogobierno.gob.ec/
http://viajes.presidencia.gob.ec/
http://innovacionlab.gob.ec/
http://cti.gobiernoelectronico.gob.ec/
http://acuerdosconsulta.cege.gob.ec/

Targets w/ SQLi Vulnerabilities:

http://www.palenque.gob.ec/docs.php?id=docs34
http://www.goberguayas.gob.ec/prensaexpose.php?cod=1986
http://www.latroncal.gob.ec/WEB17/NOTICIAS/CONTROL/VISOR_MUESTRA.PHP?valores=aut_445

http://www.espiritusanto.edu.ec/fes/noticia.php?id=192
http://www.uteq.edu.ec/revistacyt/contenidorevista.php?id=19
http://biblio.ecotec.edu.ec/revista/articulo.php?id=279
http://www.bluehill.edu.ec/news.php?id=8
http://www.lainmaculada.edu.ec/web/pagina.php?id=2
https://www.utpl.edu.ec/salas/view_entry.php?id=26072&area=1&day=03&month=12&year=2008
http://www.esmena.edu.ec/pages.php?id=1

http://www.windowfrance.ec/news_detail.php?id=106
http://www.emetebe.com.ec/blog/index.php?id=22
https://www.inmot.com.ec/accesorios.php?id=10002443
http://www.blacksun.com.ec/news.php?id=16
http://www.espiritusanto.edu.ec/fes/noticia.php?id=68
http://madetec.com.ec/en/proyecto.php?id=7
http://www.ales.com.ec/noticia.php?id=2
http://www.fritega.com.ec/panaderia.php?id=283

Press Releases:

Pryzraky: https://hastebin.com/zecicifade.coffeescript
Anonymous: https://hastebin.com/yavudususu.rb

More Information:

https://twitter.com/LulzSeguridad/status/1116533381607641088

https://twitter.com/cyb3rc0v3nsec/status/1116336514387066885

https://twitter.com/al1ne3737/status/1116603345181921284

https://twitter.com/cyb3rc0v3nsec/status/1116393682482139136

https://twitter.com/cyb3rc0v3nsec/status/1116541062217121793

https://twitter.com/cyb3rc0v3nsec/status/1116541062217121793

NASA’s Chandra X-Ray Observatory, UAE’s Sharaj Exports Development Center & Mackenzie Presbyterian Institute of Brasil Hacked by Al1ne3737 of Pryzraky

Last night, April 8th 2019, “Al1ne3737” of “Pryzraky” announced a hack/leak associated with 3 different international organizations – NASA’s Chandra X-Ray Observatory in the United States, the Sharaj Exports Development Center in the United Arab Emirates and Mackenzie Presbyterian Institute of Brasil. While leaks effecting the USA and UAE were simply limited to the names and passwords of site administrators, granting access to the back-end of the websites, the leak of the Mackenzie Institute was significant – literally over 1 Megabyte (MB) of data contained within a text file.

The file itself contains the names, emails, cell phone numbers, accounts and passwords of countless thousands of individuals – one of the largest text files I have seen in the last half year of online leaks. The file itself is contained below, and is certified safe to the public.

Targets:

NASA Chandra X-Ray Observatory: hxxp://chandra.harvard.edu/
Sharaj Exports Development Center: hxxp://sharjahexports.gov.ae/
Mackenzie Presbyterian Institute: hxxp://news.mackenzie.br/

Data Download (1.72 MB): https://anonfile.com/o41457a7nc/_ep1_al1ne3737_txt

https://twitter.com/al1ne3737/status/1115358701005824002

3 Federal Universities, 1 State Owned Bank Hacked by Pryzraky – (10.91 MB zip) of Data Leaked Online

Earlier today, April 6th 2019, the now infamous group of international hackers known as “Pryzraky” teamed up for a massive string of hacks and leaks effecting institutions across Brasil. More specifically implicated in the leaks are the State University of Rio de Janerio (UERJ), Federal University of Mato Grosso (UFMT), Faculdade Integrada Tiradentes (FITS), a Brasilian based medical training facility, as well as Interlegis, a state funded Development Bank administered by the Federal Senate of Brazil.

Honestly, the amount of information contained in the leak is extremely large, something which should go without saying – especially given the compressed file size and the SQL files acting as TXT files within it. For this reason, it would literally take hours to document everything contained within the leak – something you can do for yourselves. What I can tell you though is that the files contain information on thousands to tens of thousands of individuals, such as their names, emails, phone numbers, CPF numbers, usernames and passwords to their online accounts – granting access to God knows how much more information on each individual person.

Pryzraky claims that the hacks are being carried out to stand up against the corruption of the Brasilian Government, as their own unique form of protest. This is also why the Government of Brasil will continue to find itself a target of South American hacktivists such as Pryzraky throughout the future. As for the matter at hand, Rogue Media Labs has downloaded the file and certifies that its release is safe to the public. More importantly, should the file ever be taken down, you can reach out for a backup copy – enjoy!

Targets:

Universidade do Estado do Rio de Janeiro: hxxp://uerj.br/
Universidade Federal de Mato Grosso: hxxp://ufmt.br/
FITS – Faculdade Integrada Tiradentes: hxxp://fits.edu.br/
Interlegis: hxxp://interlegis.leg.br/

Database Download (10.92 MB Compressed): https://anonfile.com/2dXdEaZ4m9/PryzrakyLeaks_-_06.04.2019_zip

 

Associação Nacional do Auditores Fiscais, Conselho Federal de Estatistica & SigProJ Administration of Brasil Hacked by Pryzraky

Yesterday, April 4th 2019, “Al1ne3737” of “Pryzraky” announced a hack of 4 Government agencies, organizations and websites across Brasil, leaking sensitive information tied to their databases online. More specifically implicated in the hacks/leaks were the SigProJ Administration, National Association of Tax Auditors (ANFIP), the online web portal of the 8th Region of Brasil (Pará and Amapá), as well as the Federal Council of Statistics (CONFE).

The leaks are significant, exposing information such as CPF numbers, telephone numbers, email addresses, psychical addresses, usernames and passwords of literally tens of thousands government employees and registered users. However, while the entirety of all the file folders contained within the leak add up to tens of thousands, due to file/time constraints, Al1ne3737only” released a couple thousand records to the general public. You can find all of these and more via the leaks provided below. Please note that all of the downloads are safe to the public – enjoy!

Target: hxxp://sigproj1.mec.gov.br
Leak: https://pastebin.com/raw/D8nA97UT

Associação Nacional do Auditores Fiscais da Receita Federal do Brasil: hxxp://www4.anfip.org.br/
Portal do TRT 8ª Região – Pará e Amapá: hxxp://www2.trt8.jus.br/
CONSELHO FEDERAL DE ESTATÍSTICA: hxxp://confe.org.br/
Database Download (688.79 KB): https://anonfile.com/v7j2QfY3me/dates_confe_anfip_trt8_al1ne3737_txt

https://twitter.com/al1ne3737/status/1114053833460731904

https://twitter.com/al1ne3737/status/1114030177586118656

#OpSudan: Hacktivists Around The World Prepare for Massive Cyber Attacks Against The Government of Sudan

I’m a little ashamed to admit it because I’ve been aware of a massive round of cyber attacks being plotted against the Government of Sudan for weeks now – scheduled for 06/04/2019. However, as an American, I’ve been interpreting this as June 4th 2019 – which is also why I’ve been holding off on reporting about it. But that all changed today, after discovering that 06/04/2019 didn’t mean June 4th after all, but rather April 6th 2019 – lulz. Consequentially enough, cyber attacks have already begun with several more on the way – and they will be significant.

For example, a small rundown of some of the groups and hackers already publicly signed up for the operation include Anonymous, Lorian Synaro, M1r0x, Ghost Squad Hackers, Willenium aka Guy from Africa, Pryzraky, Shadow Squad , Cyb3r C0v3n and others – with several live attacks currently underway in the early morning hours of the operation.

06/04/2019 Operation Hit List: https://pastebin.com/ja0Eaubg

List of Websites Already Effected Today:

Bank of Khartoum – #TangoDown: bankofkhartoum.com
260 Domains – #TangoDown: hxxp://sudan.gov.sd/

hxxp://almeghar.com/
hxxp://mofa.gov.sd/
hxxp://fcsit.edu.sd/
hxxp://fmoh.gov.sd/
hxxp://isd.gov.sd/
hxxp://ksp.gov.sd/
hxxp://moe.gov.sd/
hxxp://rivernilestate.gov.sd/ 

Sudan MicroFinance Administration: hxxp://mfu.gov.sd/
Deface 1 (Anonymous): http://www.mfu.gov.sd/sites/default/files/webform/X.txt
Deface 2 (Ghost Squad Hackers): http://mfu.gov.sd/sites/default/files/webform/fsp.txt

Sudan Civil Defenses: hxxp://www.nccd.gov.sd/nccd/
Deface: http://www.nccd.gov.sd/nccd/wp-content/uploads/2019/04/gfa.html

In a message attached to the Operation, Anonymous hackers left behind the following message:

Greetings Sudan. We Are Anonymous.

We are communicating with you today because something is very wrong with the Sudanese government.

We can’t tolerate injustice, inequality and the denial of the people rights. The Sudanese government is restricting free speech and seeking to limit and control internet access. This government is even punishing the people for expressing their ideas and opinions. We will fight back! In response to Sudan situation, we are issuing a wide call to protest. We will protest against this government, its blasphemy laws, censorship laws, restrictions on internet access, restrictions to information access, and any and all thought crime legislation.

The existing head of the state Omar al-Bashir is wanted by the International Criminal Court for genocide. He should take the responsibility and justice has to done for those who were killed and tortured by him and his followers. This government is even created a system of thought crimes by which citizens can be punished for expressing their ideas and opinions over the internet. There is no freedom or justice in Sudan. Tribute to all the victims of this revolution. The martyrs will be forever in our memories The people will never surrender. Victory is coming soon!

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Sudan government, Expect Us!

Rogue Security Labs Crashed by PopTart of Pryzraky

The parent company of Rogue Media Labs is called Rogue Security Labs for a reason, because I would like to fancy myself a sort of “savant” when it comes to cybersecurity. In fact, throughout the past, groups such of Ghost Squad Hackers have literally demonstrated attacks which have taken down ProtonMail servers, yet which just harmlessly deflected off me. Over the course of the last 5 months I have literally absorbed thousands of Web Application Attacks from all around the world on both my websites, and haven’t had a single one of the websites I’ve built or protected hacked or crashed since July 2017 – all without unnecessary 3rd party services such as Cloudflare, Radware or Sucuri mind you.

However, that all changed this past weekend when a hacker known as “PopTart” of Pryzraky crashed Rogue Security Labs with a Layer 7 DDoS Attack the likes of which I have never seen before. And I say this because, just a couple weeks ago, I deflected a Layer 7 Attack DDoS Attack from PopTart seamlessly without an ounce of down time. But after some research and a bunch of custom additions, including his own programming, PopTart appears to have finally pulled it off. For this reason, I dare say that PopTart is the most dangerous ‘doser’ in the world right now – at least that I have seen.

For some perspective on this, PopTart originally crashed my site while I was away, on a hike through town – so I asked them to try and replicate while I was back home in front of my computer. I kid you not, even with all Tor nodes blocked, VPN traffic blocked, Proxy traffic blocked and all IPv2 Addresses from China, Indonesia, Brasil and the Netherlands blocked, on top of all my existing security measures in place, PopTart was still able to crash my site – there was nothing I could do. He is the first and only person in history to crash a Rogue Security Labs protected site, and believe me there have been plenty of suitors – not all of them enemies, either.

In an interview with Rogue Media Labs, PopTart claims to have hijacked a majority of the devices in his botnet off the ClearNet – almost none of them having anything whatsoever to do with the Internet of Things (IoT). For this reason, all of the traffic from his botnet registers as legitimate. For example, his botnet passed my bot blacklist rules, passed my hidden recaptcha challenge, and even operates through https as well as http/2. None of my security settings flagged his devices, because they all accessed the website as legitimate, non malicious connections. Only when they were on the website site was the malicious amplification delivered, a truly unique creation the likes of which I have never seen before. Consequentially enough, which is why I’m writing this article here today – to give credit where credit is due.

The whole ordeal serves as a reminder that security is a myth; security is only an illusion. No matter how good your security is,  one day it will become outdated. Apparently the shelf life of my custom mitigations was 21 months. In the words of the great Arnold Schwarzenegger, “No matter how hard you are working, theres always someone out there somewhere working harder. No matter how smart you are, there’s someone out there smarter than you. And remember, every time you are resting, there is someone out there putting in hard work.” In that spirit, perhaps I too have gotten complacent.

Conselho Nacional de Justiça Wholly Pwned by Al1ne3737 – 94 Site Databases, 53,270 Individuals Compromised by The Data Breach

In the early morning hours of April 1st 2019, “Al1ne3737” of the international hacking group known as “Pryzraky” announced a hack and data leak effecting the National Council of Justice (CNJ) of Brasil. While the leak itself was only hosted online for a short period of time, it was substantial. For example, the leak contains personally identifiable information, including logins, of approximately 2,936 people stolen across 94 site databases. This information includes state officials, government personnel members, judges, magistrates – et cetera. In a message attached to the leak, Al1ne3737 simply stated “F*ck Brasil!

It is also important to understand that this was also only a sample of the leak mind you, the entirety of the full raw leak contains personally identifiable information, including logins, of approximately 53,270 individuals in total. Due to file size limits however, Al1ne373 only decided to release 2,936 of them to the public – keeping the rest to herself. Included in the leak was sensitive information including full names, user names, physical mailing addresses, email addresses, telephone numbers, national CPF numbers, passwords and much more. You can see a break down of some of the most important folders contained within the leak below.

Highlights from Leak:

306 entries from the usario Folder of the SGT Database- including their full names, emails, login user names and passwords
256 entries from the usario Folder of the ADOCAO Database – of 8,529 total- including full names, login user names and their passwords
66 entries from the user_web_service Folder of the BNPR Database – including organization ID numbers and passwords
256 entries from the sag_usario Table in the CNCA Database – from 13,537 total- including full names, login email addresses and passwords
256 entries from the usario table of the comparilhado Database – from 12,967 total – including user name, login names, passwords and CPF numbers
15 entries from the usario Folder of the boletim_servico Database – including full names, email addresses, passwords, CPF numbers and IP Addresses
51 entries from the usario Folder of the CAPG Database – including user code numbers and passwords
241 entries from the paciente Folder of the CADNT Database – including full names, CPF numbers, email, telephone numbers, Addresses and CEP numbers
4 entries from the usario Folder of the contatos_cnj Database – including their usernames and passwords
256 from the usario Folder of the Corporative Database – from 11,972 total – including CPF numbers, user numbers, full names, user names and passwords
4 entries from the usario Folder of the infojuris_i2 Database – including first names, user names and passwords
46 entries from the intra_users Folder of the Intranet2016 Database – including names, emails, user names and passwords
8 entries from the lime_users Folder of the LimeSurvey Database – including full names, emails, user names and passwords
79 entries from the kdali_users Folder of the NoveIntranet Database – including names, emails, usernames and passwords
3 entries from the cx0pf_users Folder of the observatorionacional Database – including name, email, usernames and passwords
256 entries from the juscnj_users Folder of the portalcnj2017 Database – out of 383 total – including names, emails, usernames and passwords
162 entries from the usario Folder of the SAPRS Database – including  full names, CPF numbers, emails, usernames and passwords
– The administrator login username, email and password for the WikiDB Database
64 entries from the wikipjeuser from the WikiDB Database – including email addresses, user names and passwords
256 entries from the login Folder of the sistemaemprego Database – of 2,073 total including login user numbers and passwords
256 entries from the usario Folder of the SEI Database – out of 816 total – including names and user information
154 entries from the usario Folder of the processometro Database – including user names, CPF numbers, email addresses, telephone numbers and passwords
256 entries from the usario_sgq Folder of the SGQ Database – including usernames, emails and CPF numbers

Alvo: hxxp://cnj.jus.br/

** EDITOR’s NOTE: Al1n3737 has asked Rogue Media Labs to remove the File from the CLearNet as to make the job of any would be investigators harder. So I have complied 😉 **