Cyber Incident Victim: gdc.gob.ve
Date:
Jan 2017
Location:
Venezuela
Summary
A hacker known as Kapustkiy compromised a Venezuelan government website via a Local File Inclusion vulnerability, protesting the political leadership of Nicolas Maduro and alleging harm to citizens. The attacker leaked data through Pastebin, citing additional breaches via SQL injection on other unspecified sites. This incident reflected the hacker's shift from white-hat activities to politically motivated actions, aligning with prior breaches targeting diplomatic and governmental entities globally to expose perceived injustices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On January 14, 2017, the hacker known as Kapustkiy breached multiple Venezuelan government websites, including the primary target www.gdc.gob.ve, which belonged to the Capital District government. The intrusion exploited a Local File Inclusion (LFI) vulnerability in the site’s URL structure, specifically via the path http://www.gdc.gob.ve/2.0/gui_resources/css/?f=../../../../../../../../../../etc/passwd, allowing unauthorized access to system files like the /etc/passwd directory. Kapustkiy simultaneously compromised two additional Venezuelan government websites using SQL injection (SQLi) vulnerabilities, though these secondary targets were not explicitly named in the disclosure. The hacker leaked extracted data on Pastebin alongside a political manifesto condemning President Nicolás Maduro’s administration, accusing it of dictatorship and harming citizens. The manifesto included the statement: "Hacked By Kapustkiy from New World Hackers. I am against the dictatorship of Nicolas Maduro on Venezuela. I am tired of seeing Nicolas Maduro is still running as president. It is time to leave, you motherfucker." This attack marked a departure from Kapustkiy’s typical white-hat activities, as the hacker cited exceptional political motivations rather than routine vulnerability reporting.
The breach exposed sensitive system information from gdc.gob.ve and potentially compromised user data from the unnamed secondary sites. Kapustkiy’s Pastebin release did not specify the full scope of exfiltrated data beyond the /etc/passwd file, but historical patterns suggested potential risks to user records, given the hacker’s prior leaks of thousands of records from entities like the Slovak Chamber of Commerce (4,000+ users) and the Russian Visa Center in the USA (~3,000 individuals). No immediate response or containment actions from Venezuelan authorities were documented in the source material. The incident aligned with Kapustkiy’s broader pattern of targeting government and diplomatic entities globally, including prior breaches of the Costa Rica Embassy in China, the Italian Government’s Dipartimento della Funzione Pubblica, and embassies of India, Paraguay, Ghana, and Fiji. The attack underscored persistent vulnerabilities in governmental web infrastructures and demonstrated hacktivist exploitation of technical flaws for geopolitical messaging. Kapustkiy’s activities during this period reflected a consistent focus on exposing security weaknesses in high-profile targets while blending political rhetoric with technical disclosures.