DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Yemen Cyber Army data dump contains wealth of personal and government information

Posted on May 22, 2015 by Dissent

Lee Johnstone of cyberwarnews.info (@Cyber_War_News) has analyzed some of the massive amount of Saudi government data dumped by the Yemen Cyber Army and has kindly shared his findings with DataBreaches.net.

In their statement, the Yemen Cyber Army (YCA) wrote:

We have gained access to the Saudi Ministry of Foreign Affairs (MOFA) network and have full control over more than 3000 computers and servers, and thousands of users. We also have access to the emails, personal and secret information of hundreds of thousands of their diplomats in different missions around the world.

The hackers did dump a lot of data on paste sites, including email addresses and passwords, but what’s in the linked dumps is of special note.

According to Lee, the data dumped includes documents, emails, presentations, images, and spreadsheets, approximately 95% of which are in Arabic. When uncompressed, the 892 mb archive contains 1,835 files in 93 folders:

The e-mail documents are Outlook files, sorted by the inbox status. Emails account for 1,622 files, 38 Folders, and 647 mb of the data. Lee also found what he described as “tons of internal network information including root certificates.”

One file of note includes a spreadsheet with 19,577 records with the following fields of citizen information:

CitizenID, IdentificationNo, FullNameAsInID, FirstNameAsInID, FatherNameAsInID, GrandFatherNameAsInID, FamilyNameAsInID, FirstNameAsInPassport, FatherNameAsInPassport, GrandFatherNameAsInPassport, FamilyNameAsInPassport, Gender, PassportNo, PassportIssueDate, FileID, PassportIssueOriginID, MotherFullName_AR, MotherFullName_EN, SysSocialStatusID, Email, DateOfBirth, BirthPlace, Occupation, ParentCitizenID, KindshipRealtionID, Height, HairColor, SkinTone, EyeColor, FullNameAsInID_En, FirstNameAsInID_En, FatherNameAsInID_En, GrandFatherNameAsInID_En, FamilyNameAsInID_En, BirthCertNumber, BirthCertIssuePlace, IDNOIssueDate, IdentificationNoRecord, SpecialMark, MotherIDNO, MotherNationalityID, BirthPlaceCountryStateID, IsCitizenMarksOnPhoto, PassportExpirationDate, PassportScanFileType

Another spreadsheet contained 3,024 computer DNS, GUID, and Operating systems details that are all related to mofa.gov.sa.

Lee noted that there were a “heap of systems” still running Windows XP, but most systems were running Windows 7.

Another file, labelled “DiwanPassports-Requests-37K.txt” contained 36,674 rows with the following fields: NationalId, Title, Name, BirthDate, BirthPlace, JobTitle, PassportNumber, PassportType, VisaNumber, VisaMonths, TripsNumber, RequestType, HasVisaWithPassport, IssuingDate, Order_OrderID

Yet another file, “Sponsor-DB.txt” reportedly contained 10,001 rows with fields:
Id, CardId, FirstName, SecondName, ThirdName, LastName, StartDate, EndDate, ResidentStatusId, SponsorID, SponsorName, NationalityId, BirthPlaceId, BirthDate, GenderId, MaritalStatusId, OccupationId, CardTypeId, ReligionId, VisaTypeId, JobOnCard, EscortInPassport, Notes, ImageName, CreatedBy, CreationDate, ModifiedBy, ModificationDate

There was also a file, “Users-Email-Mobile.xls,” with 11,870 names, email addresses, and phone numbers.

So it looks like the Yemen Cyber Army wasn’t kidding at all about how extensively they rooted Saudi Arabia’s Ministry of Foreign Affairs. And this is just the beginning of dumping the data they acquired. They say they will be releasing more information gradually, and

We have the same access to the Interior Ministry (MOI) and Defense Ministry (MOD) of which the details will be published in near future. Wish such shocking news make Saudi dictators to come to their senses and recapture those young wild dogs’ leash to avoid Muslims exploiting hate against Saudi family.

If you did not stop attacks on Muslims in Yemen, do not blame anyone but yourself and expect greater harms.

One of the greater harms promised was that all their computers’ drives were encrypted by the hackers and were scheduled to be automatically wiped on May 20. DataBreaches.net has yet to see confirmation that the drives were wiped.

Category: Breach IncidentsExposureGovernment SectorHackNon-U.S.Of Note

Post navigation

← Indiana hacker faces sentencing in $100 million scheme
Ca: City of White Rock notification of possible privacy breach →

1 thought on “Yemen Cyber Army data dump contains wealth of personal and government information”

  1. Quickleak says:
    May 29, 2015 at 1:07 pm

    [Contents of comment deleted. Response by moderator follows]

    Thanks, Quickleak – I got the email and added a post about it. This site’s policy is not to link to data dumps that expose people’s personal information (like visa info), so I’ve deleted all your comment submissions.

    It’s best just to send me one email (as you did) and let me take it from there.

    Thanks again.

    /Dissent

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
  • Cocospy stalkerware apps go offline after data breach
  • Ex-NSA bad-guy hunter listened to Scattered Spider’s fake help-desk calls: ‘Those guys are good’
  • Former Sussex Police officer facing trial for rape charged with 18 further offences relating to computer misuse
  • Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy
  • Fresno County fell victim to $1.6M phishing scam in 2020. One suspected has been arrested, another has been indicted.
  • Ransomware Attack on ADP Partner Exposes Broadcom Employee Data
  • Anne Arundel ransomware attack compromised confidential health data, county says
  • Australian national known as “DR32” sentenced in U.S. federal court
  • Alabama Man Sentenced to 14 Months in Connection with Securities and Exchange Commission X Hack that Spiked Bitcoin Prices

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law
  • Montana Becomes First State to Close the Law Enforcement Data Broker Loophole
  • Privacy enforcement under Andrew Ferguson’s FTC
  • “We would be less confidential than Google” – Proton threatens to quit Switzerland over new surveillance law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.