A hacktivist group calling itself the Cyber Justice Group announced on Twitter that it has dumped 10GB of data from the Syrian government. The hackers left a message on Pastebin and dumped the data to file sharing site Mega. The data is compressed, and expands to a full 43GB.
The motivation for the dump is political, with the Cyber Justice Group positioning itself as anti Assad and anti ISIS. With Assad’s position strengthening with Russian support, and the continuous publicity that comes from ISIS, the original Syrian Arab Spring rebels need some of their own publicity.
Risk Based Security (RBS) is working on an analysis of the data and has so far concluded that it was taken come from nans.gov.sy, the Nation Agency for Network Services. The data derives from 55 separate Syrian domains, most of which are inactive or no longer in use, and it contains 274,477 files in more than 38,768 folders.
RBS is not surprised that the Nation Agency for Network Services has been hacked. “One can’t help but wonder why governments around the world continue to use these types of web portals,” it wrote. “It appears that the Nation Agency for Network Services is running Joomla!, which is no stranger to its own vulnerabilities. While there have been no vulnerabilities discussed in 2016 yet (just third-party modules for it), in VulnDB we tracked a total of 127 vulnerabilities historically, with 20 of them in 2015. On average we see that Joomla! has vulnerabilities disclosed about every 60 days.”
This may not be an entirely new hack, reported the firm in its blog analysis. “The first pass at reviewing the data sparked a sense of some more deja vu, as many of the files appeared to include domains from previous, smaller defacements and leaks. Further analysis confirmed our initial suspicions. The leak included many older shell files and database entries showing prior injection attempts.”
However, company spokesperson Inga Goddijn told SecurityWeek that it still isn’t fully clear. “We still believe portions of the data have been leaked before in previous data dumps. It is not clear at this time if that portion of the data was gathered from earlier leaks or the same data was compromised for a second time from the same targeted domains.”
She does, however, believe that the Cyber Justice Group is serious and not just kids out for fun. “I’m inclined to take Cyber Justice Team at face value and attribute the motivation to genuine political activism. There is nothing to indicate otherwise at this time.”
Meanwhile, the RBS analysis of the data is ongoing, and will take time. “I don’t have more to add about the hackers or the hacked at the moment, but I can say it has been time consuming to work our way through the analysis of the data. It’s been challenging due to the volume of information coupled with the lack of cohesive organization,” Goddijn told SecurityWeek.