Posted on April 20, 2019 at 4:26 PM
A hacker going by the Twitter handle @0x55Taylor, had earlier this week linked to a veritable treasure trove of documents that were obtained illegally from an internal server with a security flaw. The hacker did share the data with TechCrunch to verify the data’s authenticity.
TechCrunch gets the latest from the hacker
The hacker sent a message to TechCrunch that explained the situation. The hacker said that a vulnerable server in Mexico’s Guatamalen embassy was compromised that he used the vulnerability to download all the data that included documents and databases.
The hacker said he tried to contact the relevant authorities to apply for a bug bounty, as this is his primary source of income. However, since the Mexican government ignored his requests, he decided to go public with his treasure trove of information.
TechCrunch reports that over 4800 documents were pilfered from the server, the vast majority of which were related to the inner workings of the embassy. Consular activities such as recognizing births and deaths were the vast majority of the database as well as dealings with Mexican citizens who were incarcerated. There was also ample data related to issuing travel documents.
TechCrunch found over one thousand “sensitive” documents among the data, which was mostly the identity documents of Mexican citizens and diplomats. These included scans of their passports, visas and birth certificates among other things. There were Guatamalen citizen papers among the data as well. Payment cards were also scanned, and were part of the hack, though there was relatively little in the database and industry experts say that such a small amount of data would not fetch a high price on the internet.
There were scans of papers that granted diplomatic privileges and rights, such as diplomatic immunity which protects diplomats from a wide variety of checks that a host country has available. There were even documents that had been personally signed off by the Mexican ambassador to Guatemala Luis Manuel Lopez Moreno. These personally signed documents are usually carried in diplomatic bags that may not be searched by border patrols.
Many of the sensitive documents were marked confidential, though TechCrunch doe snot at this time know if any of the documents were marked as confidential or classified by the government of Mexico.
No comment from Mexican authorities
Gerardo Izzo, the spokesperson for the Mexican Consul General in New York, said that the authorities are taking this breach very seriously, but apart from that, they declined to comment. The cybersecurity specialists around the internet have speculated that the Mexican government will begin a manhunt for the hacker responsible for releasing the data.
Opinions over this are varied as some see him as just the messenger. They argue that since he had reached out to the government regarding a vulnerability in the server that was pre-existing, he should not be punished too harshly.
Other say that this is the reason hackers are given bad names. While they do understand that bug bounties are a source of income for these types and that government organizations should take requests much more seriously, they argue that releasing the documents is a step too far. It is an extreme action that only hurts future security researchers who do not feel the need to “punish” errant organizations for carelessness.
Whatever the argument, this will not be the last that is heard of this story. The documents were put on a cloud hosting service that took them down as soon as they were alerted to the contents. However, that does not exclude some malicious individuals who have already downloaded the documents for nefarious purposes.
One thing that all security researchers agree on is that this entire scenario could have been easily avoided had the Mexican government put into action some form of a bug bounty program. The community, many argue, is trying to move away from this stigma of malicious hackers and a serious bug bounty program would help more people see that.