14 DAY TRIAL // Three websites operated by Venezuela’s government were hacked recently by Kapustkiy, who managed to access private databases containing sensitive information.
The three sites are snv.gob.ve, estudiosydesatres.gob.ve, and sunaval.gob.ve, all of which belong to different departments of the Venezuelan government and which allegedly contained vulnerabilities that were exploited by white hacker Kapustkiy.
In a statement provided to Softpedia earlier today, Kapustkiy says the cyberattack was launched in protest against the dictatorship of president Nicolas Maduro - this is the second time he hacks websites belonging to the Venezuelan government with this particular idea in mind.
“I am against the dictatorship of Nicolas Maduro on Venezuela. I am tired of seeing, Nicolas Maduro is still running as president. It is time to leave, you m******r,” a message that was included in a database dump reads.
Data exposed in the breach
Part of New World Hackers, Kapustkiy revealed that he breached one of the websites using a Local File Inclusion (LFI) vulnerability in a database, while the other two were hacked with a typical SQLi exploit.
A database dump that was provided to us included what seem to be names, emails, phone numbers, and hashed passwords belonging to several individuals. While we can’t yet tell how critical these details are, they all seem to be private information and none of the exposed emails were found online.
At the time of writing this article, all websites are still up and running, and it’s not yet clear if Venezuelan authorities are aware of the breaches or not. Our previous attempts to contact the Venezuelan government and several individuals close to its activity ended up with no response, which is probably an indication that site administrators aren’t very keen on patching vulnerabilities exposing user data.
For the moment, Kapustkiy says he’ll continue focusing on sites owned by the Venezuelan government, and by the looks of things, they all seem to be easy targets especially because local site administrators don’t seem to be too receptive when receiving reports of breaches or vulnerabilities.