Crystal Vault
178 GB exfiltrated from Venezuela's exposed government APIs — documenting the regime's surveillance infrastructure through their own unsecured endpoints.
The regime built a vault. They forgot to lock it.
About Crystal Vault
Crystal Vault documents Venezuela's centralized surveillance database announced in December 2024. The system, built by Chinese company ZTE, merges citizen identity records, banking data, and social program participation for over 30 million Venezuelans. The regime exposed their infrastructure through unsecured WordPress REST APIs. Approximately 178 GB of data was retrieved without authentication, including government office locations, staff GPS coordinates from phone metadata, and operational statistics across seven federal agencies.
Interactive Reports
Explore the Crystal Vault data through interactive dashboards
Main Dashboard
Overview with key statistics, interactive map of 479 locations (134 SAIME offices + 345 GPS coordinates), media gallery across government agencies, EXIF metadata analysis, OFAC sanctions cross-reference, and personnel database.
GPS Intelligence
Detailed analysis of 345 GPS coordinates extracted from government staff phone photos — device models identified (Samsung, iPhone, Huawei, Xiaomi), timestamps revealing operational patterns, and geographic clustering analysis.
Hezbollah Intel
Iranian and Hezbollah presence in Venezuela — network analysis documenting operational connections between regime agencies and designated foreign terrorist organizations.
Margarita Island Intel
Margarita Island-specific intelligence — tourism and government overlap analysis, offshore operations, and strategic significance.
Timeline
Chronological event timeline documenting key data points and discoveries throughout the Crystal Vault collection period.
Glossary
Searchable reference guide to Venezuelan government terminology, agency abbreviations, and intelligence concepts.
Data Sources
Government agencies exposed through unsecured WordPress REST APIs
| Agency | Description | Data Retrieved |
|---|---|---|
| SAIME | Immigration & ID Services | 134 office locations |
| INCES | Worker Training Institute | Media files |
| AVN | State News Agency | Media files |
| SAREN | Notary Registry | Media files |
| VTV | State Television | Media files |
| CANTV | State Telecom | Media files |
| Sistema Patria | Social Control System | App ecosystem data |
| CNE | National Electoral Council | 154 intranet routes exposed |
| Ejército | Venezuelan Army | Personnel & media |
Exposed Endpoints
Technical details of the misconfigured infrastructure
WordPress REST API Exposure
All data was accessible without authentication through misconfigured public APIs. Key endpoints included /wp-json/wp/v2/users for user enumeration, /wp-json/wp/v2/media for bulk media download with EXIF metadata intact, various geographic data routes, and 154 CNE intranet routes that were publicly reachable. Gravatar hashes were cracked to recover 35 government email addresses tied to webmaster and official accounts.
Raw Downloads
Browse the full Crystal Vault data archive
Published Articles
Investigation coverage and analysis