[ISN] Chile embarrassed by huge data theft

From: InfoSec News (alerts@private)
Date: Tue May 13 2008 - 01:25:18 PDT


http://www.techworld.com/security/news/index.cfm?newsID=101473

By Robert McMillan
IDG News Service
13 May 2008

An anonymous hacker has posted personal data about 6 million Chilean 
residents on the Internet, highlighting wider privacy problems in the 
country.

The data was posted early Saturday morning on Fayerwayer.com, a popular 
Chilean technology blog.

The hacker, who calls himself "Anonymous Coward," posted three 
compressed files of data that included names, addresses, telephone 
numbers and taxpayer identification numbers for Chilean residents, said 
Leo Prieto, Fayerwayer.com's director.

A site editor spotted the data, posted in Fayerwayer's comments section, 
at 2 a.m. local time on Saturday. He immediately removed the files and 
contacted Chilean police, who responded two hours later, Prieto said.

But over the following days the files started popping up on other sites 
including Google's Blogger, Prieto said. "There's never been anything 
like this," he said. "People are alarmed."

In a note accompanying the files, Anonymous Coward said he posted the 
databases to draw attention to the poor data protection measures in the 
country of 16 million people.

The files include tips on what to do with the data and how best to 
access it.

"If you're going to extract data from a server, it's recommended to make 
a script that doesn't connect directly to the server, but rather via 
[anonymous proxies]," the hacker wrote.

Anonymous Coward also claimed that the files include information on the 
daughter of Chilean president Michelle Bachelet. "Bachelet's daughter 
has a school pass, although it's not given to many people because their 
parents have earnings above a certain threshold," he wrote.

The data breach has been front page news in Chile, where it was first 
reported Sunday by the newspaper El Mercurio.

The publicity has focused the country's attention on both government IT 
security and also the country's lax privacy laws. For example, Chile's 
department of elections sells voter data including gender, name, 
address, nationality, date of birth, and information on disabilities.

Voter registration information is also sold in the U.S., but it can be 
used only for political purposes. In Chile there is apparently no such 
restriction.

Before his site became the center of this public firestorm, Prieto said 
he had no idea that his data could be sold. "There's no such thing as 
private information in Chile," he said.


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 01:28:39 PDT