Earlier this week, January 24th 2019, I featured a report entitled “OpSudan: Corporate Data of Tirhal Taxi Service Hacked by Mr. Sniper” – explaining how Personally Identifiable Information (PII) on countless civilians/customers across Sudan had been compromised through a data breach effecting the Tirhal taxi service, including information on all of the companies sponsored drivers. At the time, I ended the report with a brief statement explaining how I had been unsuccessful making contact with the hackers behind the hack/leak – something which has since changed. Consequentially enough, this is also why I am writing this follow up report here today.
What I did not know at the time of my last article was that the information featuring Tirhal customers and drivers wasn’t stolen from the companies own servers. Rather, the hackers found/stole the information off servers belonging to Sudan’s National Intelligence and Security Service (NISS). Perhaps more importantly, while the hackers were inside their systems, not only did they find data from Tirhal being stored on NISS Government servers, they also found data from several other prominent companies operating within Sudan. For example, a separate taxi service operating out of Sudan going by the name of Alfalih.
In an exclusive interview with Rogue Media Labs, the hacker behind the breach and data leak, Mr. Sniper explains how “Alfalih taxi service is a company operating under the umbrella of a much larger corporation known as Alwasaaf – which is owned by the NISS with a controlling 60% percent share of the business.” Mr. Sniper goes on to explain that his group decided “to hack the NISS to know the truth.” Adding that their hack of the NISS is how they first “discovered that Tirhal and Alfalih were leaking company data and information directly to the NISS.” For example, “these two taxi companies are sending everyday trip logs as daily reports to the NISS.”
About the hack of Tirhal, Mr. Sniper explains that “we got company data from NISS servers first, which led us to information allowing for us to hack Tirhal directly.” Mr. Sniper then explains how it appears to have been the intent of Sudan’s National Intelligence and Security Service to develop a means of keeping track of people and/or their activities, movements and travel around the country – essentially for the purposes of domestic espionage. More specifically, Mr. Sniper explains how “the NISS was using their servers to build a system for tracking people using Tirhal’s data directly, using it to form Applications Program Interfaces (API’s).” Explaining that the information exposed by his groups hack includes “data on users info (customers), trips histories and live location/end destinations.”
Mr. Sniper also explains how, in light of all the information his group has uncovered, they have no other reason than to conclude that Tirhal and Alwasaaf are essentially just undercover Government companies. This is only compounded by the fact that “the vast majority of Tihral and Alwasaaf’s employees all previously served in Kushite Integrated Company Limited, a corporation literally owned by the Sudanese Government.” Moreover, he explains, Tihral‘s CEO, Mohammed Elzakey is also “a youth leader in the Muslim Brotherhood” – a ruling political party within Sudan.
Further Screen Shots as Evidence – Tweets Since Deleted Offline:
When asked if these companies are selling corporate data to the Government, Mr. Sniper explained “Basically they’re not selling the data,” rather “they just simply provide it to their business owners, aka the Government” – indicating widespread corruption at the private, corporate and Governmental level. Due to the large number of civilians involved in the data breaches, coupled with the fact that the hackers behind the breach of the NISS are Sudan Nationalists themselves, the group has declined to share the full leaks with Rogue Media Labs or the public in general, instead only releasing partially redacted sample screen shots of some of the data uncovered by his group.
Screen Shots from Hack:
In addition to data related to various customers and organizations across Sudan, such as was described above, hackers also managed to find the NISS‘s stockpile of various exploits, 0Days and hacking tools used to compromised other businesses both inside the country and around the world.
الحكومة السودانية تنتهك خصوصية شعبها انتهاك صارخ ، بالإثباتات الباحث الأمني احمد قام بشرح الطرق مع كيفية الوقاية منها
بالمناسبة : لغاية تاريخ اللحظة الحكومة السودانية دافعه اكتر مِن ٢.٣ مليون دولار علي ثغرات من نوع zeroday#تسقط_بس https://t.co/RI5NjpBmua
— القائد (@Elcommandanti) January 26, 2019
بالنسبة للناس العايز تتاكد من انو ترحال بتشارك الداتا او لا
ممكن ترجع للlive video الموجود في صفحة impact hub khartoum
حاتعرفو انو اصلا اغلب التطبيقات بتسلم الداتا للحكومة
والكلام دا ما جديد طبعا
الناس م تستغرب لانو الحكومة اصلا من شهر 2 الفات بتعمل
— القائد (@Elcommandanti) January 18, 2019
This is also the second such hack a major National Government Agency in Sudan, following a hack and leak of Sudan’s Ministry of Defense on December 28th by a hacking group known as the “Sudan Cyber Army/Sudan Revolution Soldiers” A hack which, among other things, revealed the personal email addresses of several Russian contractors being used by Sudan’s government for defense in the face of national protests calling for regime change.
Read More – Sudan Cyber Army Hacks Sudan Ministry of Defense 12/29/2018: https://roguemedialabs.wpcomstaging.com/2018/12/29/sudan-ministry-of-defense-hacked-by-sudan-cyber-army-site-database-leaked-online/
Download Data Stolen from Ministry of Defense (53.3 MB): https://mega.nz/#!xxFF2ABQ!DuDpFFnBgWmtI8fU-1YYFKfErUCD7Pi4IPLRFk7Cmgg
Example of Data Stolen – Since Taken Offline:
— Middle East Eye (@MiddleEastEye) January 23, 2019