Nepal hacker found a vulnerability in Ministry of Foreign Affairs of Ukraine that allows to get passport data

18-year-old Nepal resident Arbin Godard arrived in the Autumn of 2018 in the capital of Ukraine Kiev for a regular event for white hackers to the International Cybersecurity Forum HackIT 4.0. But before the event, Nepalese hacked the website of the Ministry of Foreign Affairs of Ukraine and got access to all foreign passports of Ukrainians.

Dmitry Budorin, chief executive officer of Hacken, a company that deals with white hacking, spoke about this in an interview.

According to him, Godard is an extremely talented young hacker. He received the Ukrainian visa through the website of the Ministry of Foreign Affairs, but for some reason, the website did not work well. Therefore, the young hacker decided to help the Officials and found security vulnerabilities. However, at the same time, he gained access to the passports of all Ukrainians.

“The ministry was notified of this vulnerability, they quickly fixed the mistake and expressed their gratitude to Godard. Moreover, the Ministry offered the guy to meet and present a Certificate, but he did not want to go to the Government Bodies,” added Hacken CEO.

“The same young hacker found the coolest bug in Uklon. And he did it in the first half hour. He won the prize (about $ 1,500) for the coolest vulnerability found,” said Budorin.

Weekly Update 122

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane…

Holy cow that’s a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I’ll ever be able to respond to. Plus, I’m actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed. Mind you, a heap of them were asking questions already addressed in the blog post, but that’s just the nature of the internet.

What I will say is that if you’re interested in more details on this incident, do read the comments. It’ll give you a sense of the way this sort of thing impacts everyday people, and it’ll also give you a sense of the sort of comments I have to deal with after these incidents…

Weekly Update 122
Weekly Update 122
Weekly Update 122

References

  1. I’m going to be in Oslo next week (Hack Yourself First workshop and NDC Security conference)
  2. Then in London the week after that (Hack Yourself First workshop and NDC conference)
  3. And I’ll be in Denver for SnowFROC in March (cyber-something keynote 🙂)
  4. That 733M record breach (oh boy, this thing was a mammoth processing job!)
  5. Varonis is sponsoring my blog this week (they’re talking about their DFIR team investigating cyberattacks)

India was the Biggest Victim in 2018’s Data Breaches – WEF’s Report


The government ID database, Aadhaar, became a victim to multiple data breaches which are reported to have compromised the database of 1.1 billion citizens of the country who were registered.

In 2018, Cybercrime, more threatening than ever, instigated back to back data breaches across the world which endangered the personal records of millions of people and India is reported to be the largest victim of those breaches.


The findings of the World Economic Forum’s 14th edition of Global Risks Report 2019, stated the risks to which Environmental degradation is being exposed to; out of the top five most impactful global problems this year, four are related to climate. 

In 2019, geo-economic and geopolitical are the most vital concerns and 90 percent of experts are anticipating further conflict among the major powers.


In January, the criminals were reported to be selling access to the personal records of citizens at a cost of 500 Rs for a time period of 10 minutes, while, in March, a leak allowed the names and ID numbers of the registered citizens to be downloaded by anyone. 

Other recent instances of data breaches include millions of users of Facebook and MyFitnessPal having their personal data compromised. 


The report by World Economic Forum outlined the deteriorated international relations which pose serious challenges.  It highlighted the reduced ability of the world to battle urgent crises.


Other aspects put forth by The Global Risks Report includes the rapid worsening of trade disputes, deterioration in economic and geopolitical conditions and worsened international cooperation. Furthermore, the findings of the reports indicated further challenges to multilateral trading rules and agreements.


As per the eighty-five percent of the participants to 2019’s survey,   heightened risks of “political confrontations between major powers” are expected as the year progresses. Beyond the short term, environmental dangers have continued to dominate the concerns of the survey participants for over 10 years.


Referenced from the statements given by Borge Brende, President, World Economic Forum, “With global trade and economic growth at risk in 2019, there is a more urgent need than ever to renew the architecture of international cooperation. What we need now is coordinated, concerted action to sustain growth and to tackle the grave threats facing our world today,”