A concerning post has surfaced on an online forum advertising the alleged sale of access to the network systems of Uruguay’s Sistema Único de Cobro de Ingresos Vehiculares (SUCIVE). SUCIVE is the unified system for collecting vehicle revenue, including vehicle taxes and fines, across Uruguay. It is a critical piece of national infrastructure, handling sensitive data for vehicle owners and managing significant financial transactions for the state. The compromise of such a system could have widespread implications for Uruguayan citizens and government operations.
The unidentified seller claims that the offered access would allow for extensive manipulation and viewing capabilities within the SUCIVE network. The advertisement suggests that the buyer would allegedly be able to perform actions such as modifying fines, including marking them as paid, altering vehicle details like expiration dates and driver information, consulting comprehensive vehicle records including registration and official documents, and even creating new users within the administrative system. The sale was listed with a disclaimer attempting to absolve the seller of responsibility for misuse, a common tactic in such illicit offerings.
The alleged capabilities offered by the seller highlight the potential severity of the breach, including:
- Modification of financial records related to fines.
- Alteration of vehicle ownership and compliance data.
- Unauthorized access to sensitive vehicle and owner documentation.
- Creation of unauthorized administrative accounts.
