Cuba OSINT Findings - Instagram Posts

CUBA EXPOSED

GOVERNMENT OSINT

Cuban Government Infrastructure Security Audit

★ 131 domains | 5,164 URLs | 194 IPs

★ 64 emails + 14 usernames leaked

★ Military GPS coordinates exposed

★ Communist Party faking "Windows 95"

@RINGMAST4R

WORDPRESS EXPOSED

REST API OPEN

Cuban government sites running unprotected WordPress APIs

★ /wp-json/wp/v2/users - No authentication

★ SLD.cu (Health): 9 users exposed

★ UH.cu (University): 5 users exposed

★ Gravatar hashes = reversible emails

@RINGMAST4R

SEGINF EXPOSED

IT SECURITY TEAM

University of Havana's security team account leaked

★ Username: "SegInf" (Seguridad Informatica)

★ Display name: "SegInf" - IT Security team

★ Gravatar hash: 9ac87529716c8334...

★ Irony: Security team exposed by own API

@RINGMAST4R

MINFAR EXPOSED

MILITARY METADATA

Cuban Armed Forces leaking device info in photos

★ NIKON D5600 with GPS capability

★ LG LM-Q710.FG Android phone

★ Timestamps: 2016-2020 exposed

★ 29 images with EXIF metadata

@RINGMAST4R

STATE MEDIA

PRO EQUIPMENT

RadioRebelde exposing $5,000+ camera inventory

★ SONY A7S II (~$2,500 mirrorless)

★ Canon EOS 6D Mark II (full-frame)

★ Adobe Lightroom Classic 9.2

★ 51 images with full EXIF data

@RINGMAST4R

2 DAYS AGO

FRESH METADATA

Photo created Jan 9, 2026 - still leaking data

★ File: 0901-ley-transparencia.jpg

★ Created: 2026-01-09 17:54:15 Cuba time

★ Edit time: 37 seconds (quick export)

★ Software: Adobe Photoshop CS6 (2012!)

@RINGMAST4R

MACHINE TRACKING

DOCUMENT IDS

Unique XMP identifiers enable workstation tracking

★ DocumentID: xmp.did:5B5B8435AEEDF011...

★ Same prefix = same Photoshop install

★ Can correlate images across time

★ Machine fingerprint captured

@RINGMAST4R

WINDOWS 95?!

COMMUNIST PARTY

PCC.cu claims "server: Windows95" - IMPOSSIBLE

★ HTTP Header: "server: Windows95"

★ Actually running: Drupal 10 + PHP 8.1.20

★ Win95 can't run PHP 8 (released 2021)

★ Deliberate obfuscation detected

@RINGMAST4R

WINDOWS 95 CLUB

NOT JUST PCC

Multiple Cuban sites faking "Windows95" header

★ PCC.cu - Communist Party

★ ETECSA.cu - Telecom monopoly

★ Both running Drupal 10 + PHP 8.1.20

★ Coordinated obfuscation strategy

@RINGMAST4R

GOOGLE TRACKS

COMMUNIST TRAFFIC

Anti-US regime sends visitor data to Google

★ Aduana (Customs): UA-144247220-1

★ Granma (Party paper): G-D39KSEBN9Q

★ MINED (Education): UA-107169760-1

★ 8 Google Analytics IDs found

@RINGMAST4R

INTERNAL CA

ETECSA MITM

Cuba's telecom running its own Certificate Authority

★ Issuer: ETECSA Centro de Datos

★ Used on: aduana.gob.cu (Customs)

★ Validity: 12 YEARS (2019-2031)

★ Enables potential MITM on Cuban traffic

@RINGMAST4R

GMAIL SOCIALISM

PERSONAL ACCOUNTS

Personal Gmail on official government sites

★ [email protected] - Youth Communists

★ [email protected] - Artists Union

★ 9 Gmail accounts on .gob.cu sites

★ No official email infrastructure?

@RINGMAST4R

GPS EXPOSED

MILITARY HQ

Exact military facility coordinates in HTML

★ Aduana HQ: 23.1230455, -82.3913368

★ MINFAR: Av. Independencia, La Habana

★ Building: Edificio Sierra Maestra

★ Embedded in og:meta tags

@RINGMAST4R

MININT PARANOID

OWN DNS

Interior Ministry runs isolated DNS infrastructure

★ ns1.minint.gob.cu (self-hosted)

★ ns2.minint.gob.cu (self-hosted)

★ NOT using ETECSA like others

★ Secret police trusts no one

@RINGMAST4R

HONEYPOTS

ANTI-BOT TRAPS

Multiple Cuban sites using honeypot detection

★ UJC.cu - Drupal honeypot_time field

★ Aduana - Drupal honeypot module

★ RadioHC - WP Armour v2.3.04

★ Trying to catch scrapers like us

@RINGMAST4R

PHOTOSHOP CS6

FROM 2012

State media using 12-year-old software

★ Adobe Photoshop CS6 (Windows)

★ Released: May 2012

★ Still in use: January 2026

★ US embargo or just pirated?

@RINGMAST4R

CMS ZOO

NO STANDARDS

Cuban government running everything everywhere

★ Drupal: PCC, MINFAR, ETECSA

★ WordPress: SLD, UH, RadioRebelde

★ Laravel+Vue: ACN, Juventud Rebelde

★ No standardization = more attack surface

@RINGMAST4R

FARMERS WIN

BEST SECURITY

Agriculture Ministry beats Military in security!

★ minag.gob.cu: Full CSP, COEP, COOP

★ HSTS: 2 YEARS (vs 6mo for MINFAR)

★ Permissions-Policy blocking camera/mic

★ Tractors more secure than tanks

@RINGMAST4R

SECURITY RATINGS

BY ORGANIZATION

Cuban government cybersecurity assessment

★ BEST: minag.gob.cu (Agriculture!)

★ GOOD: UH.cu (blocks scraping)

★ POOR: MINFAR (device info leaked)

★ POOR: RadioRebelde (full EXIF exposed)

@RINGMAST4R

FINAL TALLY

CUBA EXPOSED

Total Cuban government exposure documented

★ 1,420 files | 62.9 MB | 131 domains

★ 5,164 URLs scraped | 194 IPs mapped

★ 64 emails | 14 WP users | 16 SSL certs

★ 12 Google Analytics IDs | 1 GPS leak

@RINGMAST4R