The compromised data includes IP addresses from the public sector, ranging law enforcement agencies and local municipality. This data leak comes at a moment where a strong fight against corruption is taking place.
The data leak represents a lack of maturity in adopting a framework, like NIST, for maintaining the secret of information in today’s country information technology marketplace.
Nowadays, it may seem quite usual see these events take place in the evolving, and changing, the threat landscape of digital menaces, but it was expected to take place as hackers usually comes with new attacks as the year approaches its end.
The data reveal in high details, how is structured the network topology of critical services infrastructure including routers, firewalls and other open services.
It is important to notice that all IP ranges from São Paulo military and civil police was leaked, including servers related to public identification and public safety. The compromised data also describes the police servers entirely exposing not only the identity of every police officer, but also the entire public security office.
As it is presented with a message, the intent of the hackers were in the fight against corruption in Brazil, where it took a new ground: the 5th domain. The cyber domain has reached the public opinion where the scrutinity of the society claiming for justice can be reached on the click of a mouse. These corrupt law enforcement agencies are globally known to be involved in extortion, drug traffic dealing, murdering, oppression, violation of the United Nations Human Rights and violence against minorities like black people and homosexuals alike.
The fight against corruption, abuse of power and authority can be a new front line to Lava Jato operation, including the police of the state of São Paulo, where the population lives as hostages to the public service colluding with the organized crime. As shown in the media outlets this week, a strong instance must be taken to reach out the public demands of justice and morality in the tax paid from every citizen.
This single event brings forth an important question: The importance of developing and implementing a security framework like NIST to address the cyber security on ICS/SCADA industrial control system. It is important to notice that the framework is structured in such way that it can be adapted to the existing current model in use. The critical infrastructure, in the face of today’s challenge of information security, must address rogue nation’s threat like North Korea and China.
The data leak is available at the following URL
“In accordance with corruption fight around the world, we are leaking the complete network infrastructure topology of public sector entities so anyone can hack into and discover the undoings paid with your money.” reads the Anonymous’s message.
Luis Nakamoto is a Computer Science student of Cryptology and an enthusiastic of information security having participated in groups like Comissão Especial de Direito Digital e-Compliance (OAB/SP) and CCBS (Consciência Cibernética Brasil) as a researcher in new technologies related to ethical hacking, forensics, and reverse engineering. Also, a prolific and compulsive writer participating as a Redactor to Portal Tic from Sebrae Nacional.
(Security Affairs –Data Leak, Anonymous Brazil)