Agroup of hackers that call themselves “Pravyy Sector” [Right Sector] are extorting the Polish Government on Twitter, threatening to release data stolen from Poland’s Defence Ministry if the government doesn’t pay $50,000, either to a Ukrainian bank account or a Bitcoin address.
The name Right Sector is also used by an extremist Ukrainian nationalist organization activating in Russia, currently outlawed. The hackers claim to represent the group, but there’s no evidence to support their claims, nor to support their Ukrainian or Russian nationality.
Early leaks on Twitter
To prove that they are in fact in possession of authentic data, the group leaked on Twitter some of the files they supposedly stole from the Defence Ministry.
This includes official document scans, screenshots showing the desktop of a Defence Ministry computer, and an Excel file with 1,368 entries that look to be local Intranet logs containing LDAP paths, login times, incorrect logins, and other similar details.
An employee of Polish security firm Niebezpiecznik called the person whose data was leaked as proof by the hackers. That person confirmed the document contained his personal details, except his passport and ID card numbers, which had expired in the meantime.
This person also said that the data included in the leaked forms is from the form which military personnel must fill when volunteering for service abroad. This person said he served once in Afghanistan and twice in Iraq.
PRISM data looked crafted
Later during the day, the hackers supposedly leaked data that showed Poland’s involvement in the US PRISM program. This file has been deleted and is not available online anymore. Niebezpiecznik said “the data from PRISM look so crafted / false.”
Polish newspaper Wyborcza said that a representative for the Polish Defence Ministry gave a classic CIA answer by saying they don’t deny nor confirm the incident.
This is not the first time the Polish Defence Ministry suffers from a cyber-attack. In March 2013, a hacker named Alladyn2 made his way into the Ministry’s computer network, and even got access to the country’s president computer before having his access cut off.
Previously to attacking and breaching the Polish Defence Ministry, Pravyy Sector took responsibility for hacking and dumping data online from Polish telecommunications firm Netia. Several days after leaking the data, Netia confirmed the incident.