I fought the law and the law lost is a series of talks aimed at surveying and publishing vulnerabilities of Argentine Armed/Sercurity Forces.
Between its different chapters, some 50 critical vulnerabilities of the security and armed forces have been compiled, including but not limited to the Argentine National Gendarmerie, the Argentine Federal Police, the Buenos Aires City Police (called “the most modern of the world “according to its creator, the Head of Government) and even government agencies such as Ministry of Defense, Ministry of Justice, Ministry of Security and the Intelligence Service.
Topics such as hacktivist attacks are covered: internal leaks led by agents; politically organized attacks; the disclosure of information from a parallel and unconstitutional force with espionage objectives against political figures or social / union leaders (Called Project X); the dissemination of databases of Organized Crime (drug trafficking, trafficking in persons, among others) containing information on whistleblowers, confidential identity witnesses, undercover officers and intelligence investigations in progress; the theft of the databases of the National Criminal Information System; and even the hacking to the Minister of Security, adding at least a review of about 25+ cases during the talk, all with their due technical evidence, and all of them motivated by hacktivism.
Other topics related to privacy are also covered, such as the Digital Security Ring, a circuit of vehicle license plate readers and cameras with facial recognition that have aroused strong criticism for their systematic failures and their invasion of privacy.
Also, from the side of an attacker is covered all the possible route to get to exploit each of the cases, with scans and analysis done by the author, following as golden rule the use of passive and OSINT recognition to avoid any interaction. Explanations of “How could this happen?” Will be common, demonstrating the errors that allowed this situation to emerge: A CIO using his daughter’s name as a password? / An Undersecretary of Security using his National ID Number as a recovery question? / Previous leaks? Linkedin? Forums? Prohibited sites? / Cybercrime officials reusing the same passwords in all their accounts? / Facebook accounts that allow you to see too much?
All information is obtained publicly and any person can recreate the analyzes that lead to the results presented here. No private or privileged information is used in any way.
