Hackers protest against CAFTA trade deal. A hacker affiliated with the LulzSec movement has dumped online data belonging to the Costa Rica Ministry of Culture and Foreign Affairs.
The hacker, Hanom1960 (@hanomlulzsec on Twitter), managed to breach the database of the official rree.go.cr government website. As Hanom1960 told Softpedia in a private conversation, the breach took place in the past few days and is part of the #OpPuraVidacampaign launched at the start of January 2016.
LulzSec takes aim at weak Costa Rican government
This campaign’s message centers around CAFTA, or the Central America Free Trade Agreement, a state-level partnership that binds all participating countries to a list of pretty shady economic agreements, which many have argued to give foreign companies more rights than a country’s own citizens.
As you’d imagine, something as nefarious as this has quickly drawn the attention of online hacktivism groups like Anonymous and LulzSec, even if the members of the two groups don’t tend to agree and get along with each other that much.
Even if Hanom1960 confirmed to Softpedia that LulzSec is not officially working together with Anonymous on this campaign, fortunately for Costa Rica, coincidence has it that both groups are now planning campaigns against the same target, the Costa Rican government.
In LulzSec’s view, the government is putting their citizens at risk by allowing to be pressured by the US into signing the CAFTA deal, in spite of the fact that “CAFTA would be a setback for unemployed labor and human rights in Central America,” as Hanom1960 described it.
Data breach includes government officials’ information
Taking a closer look at the data breach itself, we can see details like real names, usernames, email addresses, ID card type and numbers, telephone numbers, and even some hashed passwords.
Details for at least 530 users were included, and possibly more since most data was overlapping. Some information seemed to belong to government employees while other data looked like it was associated with some kind of Web profile. The official website lists multiple sections with login forms, and we couldn’t tie the dumped data to a specific service.
The incident featured only a data breach, followed by a data dump, with no defacement.
“I see many mistakes in [their IT] systems. It is something that does not concern Governments and [we] must be let them see that they are not invulnerable,” Hanom1960 told Softpedia.
If you can speak Spanish, some details on OpPuraVida are presented in this video from Anonymous, below.