Yesterday we echoed the published data breach by security group Digital Research Team, information that caused a serious stir on the internet but was actually a fake hacker award. The data had not been maliciously extracted from official servers, but in reality, they roam freely on the Internet so that anyone can obtain them with a simple google search.
They are not hackers, more like trolls.
We could say that his threat to reveal more details was more like a massive trolling of official organizations and public universities. The group has deleted all messages from their Twitter account, and as reported today in The Confidential After contacting the company QuantiKa14, all the data displayed on its timeline were simply public records that can be found today on the Internet.
[RelatedNotice blank title=»Hackers expose data from the Ministry of Justice and other organizations as an ethical measure»]https://eloutput.com/noticias/others/hackers-ministry-justice-universities-stolen-data/[/RelatedNotice]
However, this reveals another quite serious problem, and that is the visibility of documents that could show sensitive information about people, since, as demonstrated in the company's blog QuantiKa14, a simple Google search serves to obtain data similar to what the organization "hacker" claimed to possess. If we specify Google to search for PDF documents stored on the Junta de Andalucía server that contain the word DNI, we will be able to obtain a large list of results with details that could be used with bad intentions.
Are the administrations and public entities correctly protecting our data? https://t.co/tZoW1BoygN by @QuantiKa14
— FCD-intelligence (@IntelligenceFCD) February 14th 2019
The importance of protecting data
Beyond direct attacks, system security must also consider what information is freely accessible, something that seems not to have been taken into account on the servers mentioned yesterday. In the end, the alleged hacking has also served to demonstrate the weaknesses of the organizations, and that is that this type of information should not appear on Google under any circumstances.
Digital Research Team releases an official statement
The security group wanted to get out of the way by guaranteeing that its publications did not seek any type of reward or exchange of data with any other organization. According to them, they only sought to make public the vulnerability that exists in the systems of the different organisms, however, they do not talk about the methods used. While yesterday they seemed to show that they were capable of entering the servers, today it has been shown that what they did was rather find results through Google, something that will undoubtedly serve to improve data security, but that has little to do with it. with an attack that compromises the servers.
#Release Date: 14 / 02 / 19 pic.twitter.com/NazqSmivrv
—DigitalResearchTeam (@digitalrteam) February 14th 2019