[BreachExchange] Anonymous Leaks Data from South Africa's Arms Acquisition Agency

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 12 20:22:48 EDT 2016


http://news.softpedia.com/news/anonymous-leaks-data-from-south-africa-s-arms-acquisition-agency-506213.shtml

Anonymous has hacked and leaked data from Armscor, South Africa's official
arms procurement agency, in charge of supplying the South African
Department of Defence with weapons and military equipment.

The hackers published the data on Sunday night on a website on the Dark
Web. The attack was the work of the same person who dumped data from
Kenya's Ministry of Foreign Affairs at the end of April.

Besides the actual data, the hacker also included screenshots of Armscor's
invoice management system's administration panel.

No user details included, only supplier invoice information

Unlike most breaches today, the data didn't contain any sort of user
credentials or personal information. The hacker only uncovered data about
the company's transactions with various suppliers.

There were database tables that included a list of invoices for suppliers
such as Siemens, Boeing, BAE Systems, Saab, the European Aeronautic Defence
and Space Company (EADS, or Airbus), Rolls Royce, Panasonic, Glock
Technologies, Thales Avionics, Microsoft, fellow South African company
Denel, and many other more.

For each company, there was data included such as invoice/order numbers,
invoice amounts, dates (transaction, invoice, received), cheque numbers,
check dates, and problem codes. Supplier details such as addresses were
also included, but in another table.

Data leak was part of #OpAfrica

As you can see, most of the data is operational information, enough to give
journalists and investigators a lead on the agency's ongoing business
relations.

Despite the limited release, it is obvious that the hacker managed to gain
full control of the database, and he may soon release more data if he ever
wishes to.

The data dump is part of Anonymous' OpAfrica campaign, which started this
January and during which the group hacked and leaked data from multiple
African countries, such as Tanzania, Kenya, Uganda, Rwanda, and especially
South Africa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160712/368112a8/attachment.html>


More information about the BreachExchange mailing list