Earlier this month, a hacker posted data for the entire population of Argentina, about 45 million people, for sale in a forum. This week he gave an interview to an Argentine portal, saying authorities cannot catch him.
known as the RENAPER leak, an Argentine system that issues ID and Passport, its consequences could be serious as buyers of these data may use them for illegal activities, as well as social engineering attacks.
However, the hacker doesn’t seem to be bothered by this, stating that he never stopped to think about the consequences of his actions. Leaks of this type are not so rare and several countries have suffered from them.
The RENAPER hacker, Argentina’s RG and Passport system
Identified by [S], he is currently the most wanted hacker by Argentine authorities. His involvement with the cause has been going on for years, being known for a data leak by the Argentine Federal Police in 2019, called “La Gorra Leaks”, as well as for hacking the Twitter account of the Minister of Security of Argentina in 2017.
In an interview with the portal Rosario3, the hacker reveals that he has already made six sales of the latest leak over the past two weeks. Second [S] each copy of the database containing data on the entire Argentine population costs 0.29 BTC, equivalent to R$ 100,000. In other words, so far it has accumulated more than 600 thousand reais with sales.
The leak includes photos, first and last names, addresses, gender and RG number, as well as other information that, according to the hacker’s announcement, allow the creation of a false identity card to be possible. The total number of people exposed is 45,387,114, including celebrities and politicians.
This hacker also explained how to stay out of the police spotlight, explaining that he “think like the police to decide which measures and tools to use”. Also, when asked if he is not afraid of getting caught, he was confident in his abilities.
“No, that is not possible and I will explain why. There are resources like the Tor Project or cryptocurrencies, servers in countries that would never give a damn about Argentine justice.”
According to the hacker, although he accepts BTC as payment, due to the currency not being completely anonymous, he converts the money to Monero (XMR), saying he doesn’t care about losing a little money as his goal is to remain anonymous. .
[S] it also reports that buyers of such a database, containing information on all Argentines, can be used to make loans as well as open accounts in various places. Furthermore, this data can be used for social engineering attacks using various means.
About the possibility of creating false identity cards, he claims that it is possible to fake it perfectly, leaving aside the fingerprint.
Data leaks like these are not so rare, in January of this year the Livecoins reported that data from 223 million Brazilians are being sold by Bitcoin, including CNPJs.
These failures in protecting the data of its citizens is a big problem for governments and especially for those who have their data used by third parties that commit fraud.