The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years (zdnet.com) 54
A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports:
The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....
"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."
Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."
"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."
Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."
Create, Update? (Score:5, Insightful)
Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.
Re: (Score:2)
And care.
If it comes up, they'll simply ask the Kremlin if they double-checked the evidence, and they can verify that it wasn't altered, and that will be that.
It is kinda funny the things people presume to be relevant in places that don't have western freedoms and rule-based civics.
They're usually too busy fighting over Freedom Fries to notice their freedoms!
Re:Create, Update? (Score:4, Insightful)
Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.
You see a bug, kGbRU sees a feature. It makes it so easy to plant evidence...
Re: (Score:1)
And embezzle money, which is the Russian way:
"I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions"
There's a reason Russia will always be a 3rd world shithole pretending to be something more important than it is, that rather than get it's shit together and modernize instead tries to destabilize and bring everyone else down to it's pathetic levels of failure instead.
Re: (Score:3)
Re: These are the sham tax accounts, not the real (Score:1)
Then you have not seen the Russian tax collectors. They carry more firepower than SWAT
Re: (Score:2)
Shit, some random on the Internet could have created these as a joke even.
True. RT will be doing an expose of all the unsecured WiFi access points in the USA labeled 'FBI Surveillance Van' pretty soon now.
Re: (Score:3)
If its really important to the Russian gov/mil its never done on any network. Networks are the play thing of the NSA and GCHQ.
The Soviet Union and now Russia understand that after decades of NSA and GCHQ total collection on every Soviet and Russia network.
Russian consumer and small businesses need "computers" and global supply networks.
Hotels and banks needs globally networks.
ISP accounts need global networks so Russi
Re: (Score:1)
Um, secure you're shit and you don't have anything to worry about from "Dutch Researchers".
Re: (Score:1)
Huh? Average day (Score:2)
I'm not sure I'm getting your point. A typical US-based web site will see about 5 attacks per day originating from Russia. Times 40 million web sites = 200 million attack attempts per day.
You're saying Congress should do something about this?
Anything in particular they should do? I'm guessing "ignore it and play silly political games repeating the words 'Russia' and your political opponent's name over and over" isn't what you have in mind. Can you think of anything useful they can do?
And then they went after the researcher's accounts (Score:2)
Re: (Score:2)
Re: (Score:2)
In 70 years some approved historian would have been allowed to publish that NATO cyber effort worked well in Russian around 2017.
Reading about any working and in use NSA, GCHQ. NATO project in real time would need full declassification.
No nation would allow such efforts to be talked about.
The NSA, NATO, GCHQ, CIA, MI6 would want any such network left wide open