In news first brought to my attention via Defcon Lab this morning, February 16th 2019, an international hacking group known as “Kelvin Security” (KelvinSec Team) has claimed responsibility for a string of hacks and leaks effecting airlines across the Dominican Republic, Cuba and Slovakia. The hacks themselves appear to have carried out on the morning of February 13th 2019, before ultimately being published online for the first time on the evening of February 14th. Additionally, while there wasn’t necessarily too much information contained within the leaks themselves, the information does appear to be legitimate – at least at this time.
In the leaks provided below, KelvinSec Team primarily targeted Tourplan.com, an international travel booking agency operating out of Costa Rica, as well as Air Dominica, a national airlines service flying to and from the Dominican Republic. While there was no motivation given for the attacks themselves, the hackers did leave behind a message in Belarusian reading “a hacker is a person looking for information, gathering great people around the world, connecting to a network and scanning for vulnerabilities on their platforms” – perhaps indicating that the hackers are recruiting, and thus used the hacks/leaks as a means of getting publicity. While the initial reporting from Defcon Labs pointed to two other hacks and leaks effecting airlines in Slovakia and Cuba, also carried out by KelvinSec Team, Rogue Media Labs was unable to independently confirm or deny the authenticity of the incidents.
Contained within a leak pertaining to Tourplan.com are list of SQL vulnerabilities which can theoretically land you straight inside any one of the sites databases, exposing information such as customer user names, passwords, birth names, emails and much more – theoretically granting you access over all the information these customers have entered onto the website about themselves, such as payment methods and history – et cetera. The hack/ leak of Air Dominica was unique in the fact that so little information was contained within it. For example, the leak only contained information on 34 passengers, exposing information such as their full names, email addresses, passwords and country codes. Presumably though, this wouldn’t even be enough information to cover a single flight into or out of the country, so it remains unknown what the hackers motives were for posting the – or what they did with all of the information uncovered.
Target: Air Dominica
#WeekLeaks 7 – vazamentos por @al1ne3737 (@m1n3B0ys) @kelvinsecteamS @ClusterSec e Anarcaos Uruguay contra município de Paulo Afonso/BA, @PoliciaColombia, @casacivilbr, #FJN e companhias aéreas de #Cuba, #DominicanRepublic #Slovakia#leak #hackedhttps://t.co/lVyRG6NyAk
— DefCon Lab (@LabDefCon) February 16, 2019
Categories: Hacking News