Security system falls! Hacker leaks thousands of data from Hidalgo’s C5i

A hacker, who identifies himself as Scorpionexposed thousands of confidential data on the Internet Hidalgo Intelligence and Communication Center (C5i). The filtration includes sensitive files about research y video recording requestsas well as data from investigated vehicles.

Scorpion stated in his message: “Today I bring you a gift: information that I hacked from the Hidalgo Intelligence and Communication Center”.

According to the attacker, after accessing the systems of the C5iextracted user data from vulnerable APIs, including real-time police reports, vehicle thefts, and other sensitive user data: “You can check the registration dates and see that I got today’s data.”

Besides, Scorpion warned about the vulnerability of the street surveillance camera system:

“It allows us to track vehicles marked for ongoing investigations and vehicles of known criminals in real time, in addition to removing or adding our own.”

— Scorpion

As of 3:55 p.m. on Thursday, April 11, at least 83 people had downloaded the leaked information, which was freely available on the internet. For security reasons, Advertising meter Mexico will not provide the address of the site where this data can be found.

The leaked files occupy almost 2 gigabytes and are organized in three folders called “confidential files”, “user files” and “json data”.

Confirmation of the attack

A preliminary review of the files, carried out by Advertising meter Mexicorevealed that these actually contain complaints filed with the public ministry, which require information from the C5i to continue with the corresponding investigations.

These documents include the research folder number, recipient of the office, and details of the complaint, among other information. There were also complaints against police officers registered by the Human Rights Commission of the State of Hidalgowith complete information on the complainants and, in some cases, on the alleged criminals.

Likewise, they verified Photographs y videos of citizen reports, some of which show the interior of the facilities of the Hidalgo Intelligence and Communication Center.

The files also contain a specific record of the type of crime reported, the complainant’s name and other personal data such as telephone, address, vehicle type y platedepending on the report, which violates the personal data of the people who reported.

Government of Hidalgo denies the hacking

For its part and regarding the news of the hack, the Government of Hidalgo issued an official statement this Thursday that this medium reproduces in its entirety.

“Regarding a note published by Advertising meter Mexico on April 10 of this year, signed by the general editor of that medium, Ignacio Gómez Villaseñor, which ensures that a hacker leaked thousands of data from the Control, Command, Communications, Computing, Coordination and Intelligence Center (C5i) of Hidalgo, the Secretary of Public Security of the State of Hidalgo clarifies that:

• The information is false, since after a rigorous analysis it was confirmed that at no time have the C5i databases been violated.

• The supposed data provided, of which the direct source was not mentioned, corresponds to the past administration, which is practically publicly available, which would indicate that it is a planned discrediting strategy.

• The last attempt to steal information was recorded in the previous administration in 2022, which caused cybersecurity measures to be reinforced; the documentation presented by the media is old paperwork and without demonstrating the existence of the availability of the aforementioned data.

• The C5i computer security standards are based on the strictest protocols in the industry and permanent computer security monitoring is carried out in order to prevent attacks, without the different security levels having been violated to date. Additionally, a report on possible digital threats is issued weekly.

• It is worth mentioning that requests to web platforms from other countries are restricted.

• To date there is no evidence to confirm the existence of unauthorized access or the theft of information from the C5i database. Therefore, it is requested that this denial be made public under equal conditions, dissemination and formats.”

General Editor’s Response

1. The information originally published this Wednesday, April 10 in the note titled Security system falls! Hacker leaks thousands of data from Hidalgo’s C5i Is completely TRUE and was verified before publication.

2. The data that was violated and leaked to hacker forums on the Internet not only correspond to the period of the previous administration, as argued by the Hidalgo Public Security Secretariat in his denial. There is evidence that the last stolen registration, which includes various personal data, was made at 03:29 hours on April 10, 2024.

3. As if specify in the notethe source was not revealed in order to prevent unauthorized persons from accessing said database, since the information is sensitive and it is possible that it could even be used to commit crimes such as extortion or identity theft.

4. It is completely FALSE that the publication is a “planned discrediting strategy”, as suggested by the denial of the Department of Public Security of the state. Recently I have published various notes on hacker breaches without political distinction.

5. I am unaware of the measures taken by the agency responsible for state security to guarantee the protection of its systems; However, I reiterate that hacked information exists and it has already been downloaded by at least a hundred people.

6. In case the Hidalgo Public Security Secretariat cannot find the violated information, which is already public and circulates in forums without any restrictions, I am at your disposal to help them with the appropriate instructions so that they can find said data.