DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“It took 6 hours to get access to every IT system” of Argentina’s Senate – Vice Society

Posted on March 22, 2022 by chum1ng0
The Vice Society ransomware team refers to their victims as their “partners” on their leak site. Image: DataBreaches.net.

The web site of Argentina’s senate was hit by a ransomware attack on or about January 12. Unlike other entities that do not disclose quickly, the Senate issued a statement on Twitter about Vice Society’s attack two days later:

?El Senado de la Nación sufrió el 12 de enero a las 4 AM un ataque realizado por piratas informáticos. Este tipo de ataques, denominados ransomware, fueron perpetrados en los últimos meses contra diversos organismos públicos, del Poder Judicial y empresas de primera línea.

— Senado Argentina (@SenadoArgentina) January 14, 2022

Los piratas “secuestran” la información y luego piden un rescate por la misma.
En el caso del Senado de la Nación toda la información sustraída es pública y se encuentra al alcance de todos y todas dentro de nuestro sitio de transparencia.

— Senado Argentina (@SenadoArgentina) January 14, 2022

Desde el momento del ataque nuestro equipo de Seguridad Informática está trabajando. Hasta el momento se logró recuperar la mayoría de la información relevante y aislar el equipamiento sensible, lo que nos permitirá recuperar la operatividad a la brevedad.

— Senado Argentina (@SenadoArgentina) January 14, 2022

As translated by Google, their statement read:

The National Senate suffered an attack by hackers on January 12 at 4 AM. These types of attacks, called ransomware, have been perpetrated in recent months against various public bodies, the Judiciary, and leading companies.

Hackers “hijack” the information and then demand a ransom for it.

In the case of the Senate of the Nation, all the stolen information is public and is available to everyone within our transparency site.

From the moment of the attack, our Computer Security team has been working. So far, it has been possible to recover most of the relevant information and isolate the sensitive equipment, which will allow us to recover operations as soon as possible.

According to their statement, then, the attack encrypted their files but they did not seem concerned about any personal information being revealed because they said it was all public information.

But was it all really all public information? Inspection of the data dump on Vice Society’s leak site revealed thousands of files. As first reported by Clarin, Vice Society dumped more than 30,000 files. While many files appeared related to Senate business and finances, there were also many files with personal information on people who were not senators but were Senate aides or other notables.  As Mauro Eldritch, cybersecurity architect and consultant informed Clarin: “Several bills, opinions and legal documents are seen with all their progressive versions. But there are also plenty of plain text keys, carelessly guarded. There are scans of passports, visas, identity documents, tax information, fingerprints of different officials and visitors to the Senate, and even source codes of internal applications” (machine translation).

We found requests for appointment of advisors, contract for services, selection competition, memoranda, laws, budgets, sessions, attendance, meetings, projects, reports, books, manuals, confirmations, emails, databases, photos, fingerprints, and plain text passwords. Some of the personal data included individuals’ DNI (National Identity Document), photocopies of identity documents, resumes, diplomas, affidavits, credential of payment of monotributo (tax documents), CUIL proof (Unique Code of Labor Identification), proof of registration, passports, date of birth, home address and telephone number, email addresses, and criminal record certificates.

A photocopy of Ambassador Capatanich’s identification has their DNI and personal data: name, surname, sex, nationality, date of birth, date of issue, date of expiration, transaction number, his signature, his picture, and a bar code and document number. Redacted by DataBreaches.net.

 Despite the Senate’s claim that the stolen data were all (just) public documents, then, it was clear that there was also personal data involved, as an unnamed spokesperson acknowledged to Clarin, saying (in translation): “The personal files found on each of the computers are just that, personal information.The Senate cannot and should not be aware of it because it is information of a private nature of each one of the people who work in this institution.”  That statement seems to contradict what they had tweeted on January 14 about only public information being involved.

In addition to data that appeared to be of a clearly personal nature, DataBreaches.net also found files relating to the Counter-Strike video game, the Game of Thrones drama series, and music by Lady Gaga, raising questions as to what security protocols were in place to prevent users from uploading and downloading files unrelated to work.

Many of the files in the data leak had extensions showing that they had been encrypted by Vice: v-society.6CE-B07-B5E. There were 44,922 files with that extension. In a way, that is fortunate for the Senate, as casual observers will not be able to open the files in the data dump with that extension unless they get the decryption key.

DataBreaches.net sent an inquiry to the National Director of Data Protection of Argentina to ask whether, under Argentinian data protection law, ambassadors and ministers have fewer data protection rights as public figures, but we received no response by the time of publication. Nor has the Senate responded to multiple email inquiries sent to multiple departments over the past week. Ambassador Capitanich was also sent an email inquiry as to whether he had been alerted his information had been made publicly available on the internet.  No reply was received by the time of publication.

While politicians did not answer our questions, Vice Society did answer a few questions for us. They, too, it seems, had failed to get any response at all from the Senate despite all their attempts to contact them.

But how difficult was it for Vice Society to attack them?  According to the spokesperson, it took “6 hours to get access to every IT system” (100 computers) and “6 hours to attack.” When the Senate  realized that they had been attacked, Vice Society was reportedly still in their system and able to observe them:

When they realized that we crypted their network we were still there. We were watching them using their cameras. It was funny.

Because DataBreaches.net has received no substantive replies from the Senate nor the data protection regulator, it is not clear what, if anything, is being done to prevent a future similar attack. But if it was this easy to attack Argentina’s senate, and the attack interrupted functioning for a number of weeks, resulting in employees having to request manually provided new passwords to regain access to the system, will we see the Senate attacked again in the near future?  A significant percentage of ransomware victims are revictimized, although the risk of that may relate to whether they previously paid ransom, which Argentina’s Senate has not done. Hopefully, the Senate is hardening their defenses.


Research and reporting by Chum1ng0. Additional reporting and editing by Dissent.

Category: Breach IncidentsGovernment SectorMalware

Post navigation

← WI: New development in Janesville school district ransomware incident
Threat actors leak data from Scottish Association for Mental Health →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.