Costa Rica: great coffee, but not-so-great website security?
What do the Argentinian Ministry of Industry, the National Assembly of Ecuador, Nigeria’s embassy in Belgium, the Eastern India Regional Council, Jordan’s ministry of tourism, the Slovak Chamber of Commerce, and the Consular Department of the Embassy of the Russian Federation all have in common?
Answer: They’re some of the government web sites hacked and dumped by a teenager calling himself “Kapustkiy” (@Kapustkiy on Twitter).
And now, Kapustkiy tells us, we can add Costa Rica’s embassy in China to the list of successfully attacked targets.
Kapustkiy, who wants to be known as the “Bruce Lee of the Internet,” uses very low-level attacks such as SQL injection and brute force attacks. And that, perhaps, is what should be so embarrassing to governments about his attacks: that in 2016, these sites were still so easy to compromise.
Kapustkiy, who has joined up with others calling themselves the New World Hackers, initially claimed that his goal was simply to expose shoddy infosecurity. In each case, he does notify the entity, but he doesn’t always seem to give them a chance to secure their data before he attacks them, dumps it, and announces it via his Twitter account. On several occasions, he has privately informed DataBreaches.net his pleasure when sites are taken offline and then secured.
Today’s announcement concerning the Costa Rican embassy in China resulted in the dump of 280 login credentials (email addresses and WP hashed passwords).
So yes, some may make fun of low-level attacks, but given all the “cyberwarfare” and political accusations in the headlines, do you really want so many email addresses and passwords easily accessible?