Pages Menu
Categories Menu

Posted by on Nov 30, 2012 in Security, Technology |

Paul Moreno arrested in Ecuador for showing web vulnerabilities state

Paul Moreno arrested in Ecuador for showing web vulnerabilities state

Paul Moreno has been arrested in for publishing an article demonstrating the vulnerabilities of the state web Datoseguro.gob.ec by order of the National Public Data Registry (DINARDAP) with the charge of “fraudulent access to computer systems and databases “. Moreno showed failure data accessing President of Ecuador, Rafael Correa.

According to information published by the newspaper today, the National Police raided his house, arrested him, confiscated his computer, papers, documents, hard drives and more.

In the article, Moreno explains the method followed to undermine a system that turned out to be extremely easy to break: Raising easy to find information (date of birth, identity card number) in people especially known (as Rafael Correa) is accessible private data and in some cases quite sensitive as:

  • Police record
  • Travel abroad
  • Vehicle Registration
  • Registering Property
  • Degrees

Obtaining these data as private as easily from an official government website is a time bomb for anyone with minimal effort and a little time to impersonate any person included in the Register of Public Data . Paul Moreno’s actions, far from being destructive purposes, were made to draw the attention of the Ecuadorian government and take immediate action. Unfortunately the reaction has been the opposite, accusing him of fraudulent access.

No system is perfect, no unbreakable security. There should be no problems with accepting the ruling and for the peace of all Ecuadorians DINARDAP know that you are taking all necessary steps, as soon as possible to fix the security hole. But the only public action we see by this company is the criminalization of those who basically did them a favor.

It is also a public relations fiasco for the Correa government, the only public reaction from the DINARDAP internet is the following tweet:

At the moment there is a campaign mounted to Twitter demanding the release of grouped with the hashtag #LiberenaPaulCoyote .

Tags: , ,