Blogger Jailed After Password Hacking Ecuador's President

An Ecuadorian blogger who documented a security hole in Ecuador’s national online identity database by registering as the nation’s president was released from jail today after the president personally intervened in the matter.

Authorities arrested Paul Moreno on Friday after he documented how he created an account under President Rafael Correa’s name in the national identity database, DatoSeguro. The portal allows citizens to access personal information kept by various government institutions. Moreno notes that the database contains personal information such as criminal records, foreign travel, vehicle registration, property registration and college degrees.

Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.