Apr 13, 2024, 03:05 AM
Hi. I've seen a lot of movement regarding my hacking work about the Intelligence and Computing Center of Hidalgo C5i and the tremendous work the government is putting to make the people think that I haven't breached the servers, but looking at everything about it I got to the conclusion that Seguritech is the one hiding everything from the Governor and everybody to try and keep their reputation and contracts.
I am not doing it to try and ruin a full company, I am doing it just to make conscious that you need to have strict security measures in order to be able to say that you can be in charge of an entire state's intelligence and their people, cause this is not something to have fun with. Seguritech, your developers don't have a single clue about cybersecurity, and I am not saying this to mock them, I am talking literally, cause the intelligence center does not have security at all.
I know for sure that Seguritech is hiding this security problems from the government because they already took down the Ip addresses of the vulnerable APIS that you could query without authentication in order to retrieve user data and I've seen that the government doesn't even know where they can find my leak, that means that Seguritech found my leak, downloaded it, saw the Json schemes and knew that this was a problem from the IP addresses that they use for Hidalgo's security app, which everybody can download in the app store.
Here you can look at the list of IP addresses where I extracted some of their data without authentication, just needed to make a GET request to them and that's it, but as I said, Seguritech already took them down:
https://pastebin.com/5SKJkKj7
This is also a proof of their impecable and amazing security filters that are protecting their criminal vehicle tracking system which I talked about on my leak:
![[Image: arcos.png]](https://i.ibb.co/dpnXVYp/arcos.png)
The only thing that it's stopping SQL injections into their vulnerable system is this amazing Javascript filter, client sided (Really?)
If you have basic cybersecurity knowledge, you know that client sided filters are useless cause you can simply stop them before the browser renders them and delete them.
Go try by yourself and do your own injections into the site and look at the amazing filter before they erase them: http://c5.hidalgo.gob.mx/ListaNegraArcos/Login.aspx
For the finishing touch, yesterday I went to the facilities of the Intelligence Center and parked on the other side of the street, and using a DIY pringles wifi antenna, hacked into their super mega secret hidden wifi network, which is connected to a lot of non-encrypted systems in the facilities, has no vlans and no network segmentation, cause again, their network installations and security are really basic, house level.
So, make yourself comfortable if you need some wifi and happen to be near Hidalgos C5 facilities.
Again, this is not for political reasons, because it is really evident that Seguritech is lying to Hidalgo's Government and they don't know what else to do to cover their mistakes. Cybersecurity is a serious topic and you need to be honest with the people you are saying you protect.
I am not doing it to try and ruin a full company, I am doing it just to make conscious that you need to have strict security measures in order to be able to say that you can be in charge of an entire state's intelligence and their people, cause this is not something to have fun with. Seguritech, your developers don't have a single clue about cybersecurity, and I am not saying this to mock them, I am talking literally, cause the intelligence center does not have security at all.
I know for sure that Seguritech is hiding this security problems from the government because they already took down the Ip addresses of the vulnerable APIS that you could query without authentication in order to retrieve user data and I've seen that the government doesn't even know where they can find my leak, that means that Seguritech found my leak, downloaded it, saw the Json schemes and knew that this was a problem from the IP addresses that they use for Hidalgo's security app, which everybody can download in the app store.
Here you can look at the list of IP addresses where I extracted some of their data without authentication, just needed to make a GET request to them and that's it, but as I said, Seguritech already took them down:
https://pastebin.com/5SKJkKj7
This is also a proof of their impecable and amazing security filters that are protecting their criminal vehicle tracking system which I talked about on my leak:
The only thing that it's stopping SQL injections into their vulnerable system is this amazing Javascript filter, client sided (Really?)
If you have basic cybersecurity knowledge, you know that client sided filters are useless cause you can simply stop them before the browser renders them and delete them.Go try by yourself and do your own injections into the site and look at the amazing filter before they erase them: http://c5.hidalgo.gob.mx/ListaNegraArcos/Login.aspx
For the finishing touch, yesterday I went to the facilities of the Intelligence Center and parked on the other side of the street, and using a DIY pringles wifi antenna, hacked into their super mega secret hidden wifi network, which is connected to a lot of non-encrypted systems in the facilities, has no vlans and no network segmentation, cause again, their network installations and security are really basic, house level.
[wifi]
hidden=true
ssid=HidalgoC5i
[wifi-security]
key-mgmt=wpa-psk
psk=OperC5i*So, make yourself comfortable if you need some wifi and happen to be near Hidalgos C5 facilities.
Again, this is not for political reasons, because it is really evident that Seguritech is lying to Hidalgo's Government and they don't know what else to do to cover their mistakes. Cybersecurity is a serious topic and you need to be honest with the people you are saying you protect.