Yemen Cyber Army dumps visa data from Saudi Ministry of Foreign Affairs

The Yemen Cyber Army (YCA) has released more data from its hack of the Saudi Ministry of Foreign Affairs (previous coverage here and here).  Media sources reported after the first disclosure that Riyadh confirmed the internal Internet network attack but disputed the extent of the hack. At this rate, their protestations might want to be walked back a bit.

In a new data dump and paste yesterday, YCA writes:

DATA Mirror – 1,000,000 Records Of Saudi VISA Database
We Will Publish 1M Record Every Weekend To Stopping Saudi Attacks
Also We Sent 400K(30G) Private Saudi MOFA Documents to wikileaks.org For Backup

In yesterday’s paste, they provided 10 records from a database with extensive information including numerous fields:

ROM [MOFA_VISA].[dbo].[TBL_VISA_person]

VDM_ID  vdm_visa_visakind       VDM_EMBASSY_CODE        VDM_VISA_NUMBER VDM_VISA_ISSUE_DATE     VDM_VISA_JOB_OR_RELATION        VDM_SPONSER_NAME        VDM_SPONSER_NUMBER      VDM_SPONSER_ADDRESS     VDM_SPONSER_PHONE_NUMBER        VDM_ENTERED     VDM_VERIFIED    VDM_PRINTED     VDM_PERSON_NAME VDM_EMBASSY_VISA_NUMBER VDM_EMBASSY_VISA_DATE   VDM_NAME_OF_SERVICE_COMPANY     VDM_BORDER_NO   VDM_VISA_JOB_CODE       VDM_BL_FLAG     VDM_INTERVAL    VDM_NATIONALITY VDM_APP_NO      COMPANY_ENTER_APP       Moatmr_Iqama_Period     Omra_Foreign_Company    VDM_HAJJ_ADMIN  VDP_PERSON_NAME_ARABIC_FIRST    VDP_PERSON_NAME_ARABIC_FATHER   VDP_PERSON_NAME_ARABIC_GRAND    VDP_PERSON_NAME_ARABIC_FAMILY   VDP_PERSON_NAME_ENGLISH_FIRST   VDP_PERSON_NAME_ENGLISH_FATHER  VDP_PERSON_NAME_ENGLISH_GRAND   VDP_PERSON_NAME_ENGLISH_FAMILY  VDP_PERSON_BIRTH_PLACE  VDP_PERSON_BIRTH_DATE   VDP_PERSON_SEX  VDP_PERSON_SOCIAL_STATUS        VDP_PERSON_RELIGION     VDP_PASSPORT_NUMBER     VDP_PASSPORT_ISSUE_DATE VDP_PASSPORT_ISSUE_PLACE        VDP_PASSPORT_EXPIRY_DATE        VDP_PASSPORT_TYPE       VDP_MAHRAM_NAME VDP_MAHRAM_RELATION     VDP_ARAB48      VDE_KSA_ENTRY_POINT     VDE_VALIDITY_RESIDENCY_IN_KSA   VDE_VALIDITY_BEFORE_FLIGHT      VDE_VALIDITY_NUMBER_OF_ENTRIES  VDE_VALIDITY_COMING_THROUGH     VDE_NAME_OF_SERVICE_COMPANY     VDE_EMBASSY_ORDER_NUMBER        VDE_EMBASSY_ORDER_DATE  VDe_car_number  vde_prpose      vde_sau_c       VDE_HMLA_NAME   vdp_person_address_home job_rec_number  visa_print_date visa_Receipt_date       visa_senddatae  vuserid vdm_deleted     vdm_print_file  VDM_VISA_STATE  PERSON_ID       VDM_OWNER       hjid    VisaControlTransFG      Arc_fg!
Consistent with this site’s policy of not linking to databases exposing individuals’ personal information, I’m not linking to the actual databases. If anyone (hint, hint, LEE!) analyzes the data, though, I’ll update this post.
DataBreaches.net would still like to know if the hackers carried through on their threat the Saudi databases would self-delete last week.  Does anyone know whether that actually happened? And if it did, where is the proof?

About the author: Dissent