Some of the data looks legit, some looked fake.
A group of hackers who call themselves “Pravyy Sector” [Right Sector] are extorting the Polish Government on Twitter, threatening to release data stolen from Poland’s Defence Ministry if the government doesn’t pay $50,000, either to a Ukrainian bank account or a Bitcoin address.
The name Right Sector is also used by an extremist Ukrainian nationalist organization activating in Russia, currently outlawed. The hackers claim to represent the group, but there’s no evidence to support either their claims or their alleged Ukrainian or Russian nationality.
Early leaks on Twitter
To prove that they are, in fact, in possession of authentic data, the group leaked on Twitter some of the files they supposedly stole from the Defence Ministry.
This includes official document scans, screenshots showing the desktop of a Defence Ministry computer, and an Excel file with 1,368 entries that seem to be local Intranet logs containing LDAP paths, login times, incorrect logins, and other similar details.
An employee of Polish security firm Niebezpiecznik called the person whose data was leaked by the hackers as proof. That person confirmed the document contained his personal details, except his passport and ID card numbers, which had expired in the meantime.
This individual also said that the data included in the leaked forms was from the form that military personnel must fill out when volunteering for service abroad. Moreover, he claimed he served once in Afghanistan and twice in Iraq.
PRISM data looked crafted
Later during the day, the hackers supposedly leaked data that showed Poland’s involvement in the US PRISM program. This file has been deleted and is not available online anymore. Niebezpiecznik argued, “the data from PRISM look so crafted / false.”
Polish newspaper Wyborcza stated that a representative of the Polish Defence Ministry gave a classic CIA answer by saying they neither denied nor confirmed the incident.
This is not the first time the Polish Defence Ministry suffers a cyber-attack. In March 2013, a hacker named Alladyn2 made his way into the Ministry’s computer network and even got access to the computer of the country’s president before having his access cut off.
Previously to attacking and breaching the Polish Defence Ministry, Pravyy Sector took responsibility for hacking and dumping data online from Polish telecommunications firm Netia. Several days after leaking the data, Netia confirmed the incident.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.