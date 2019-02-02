Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years (zdnet.com) 52

Posted by EditorDavid from the admin@kremlin.ru dept.
A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports: The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....

"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."

  • Create, Update? (Score:5, Insightful)

    by PPH ( 736903 ) on Saturday February 02, 2019 @11:03AM (#58059590)

    Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

    • Re:Create, Update? (Score:4, Insightful)

      by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Saturday February 02, 2019 @11:12AM (#58059620) Homepage Journal

      Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

      You see a bug, kGbRU sees a feature. It makes it so easy to plant evidence...

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Russia has a few ideas as to computer security and the need for consumer networks.
      If its really important to the Russian gov/mil its never done on any network. Networks are the play thing of the NSA and GCHQ.
      The Soviet Union and now Russia understand that after decades of NSA and GCHQ total collection on every Soviet and Russia network.
      Russian consumer and small businesses need "computers" and global supply networks.
      Hotels and banks needs globally networks.
      ISP accounts need global networks so Russi
  • Victor posted on his Twitter feed that a bunch of his accounts were compromised and they tried to blackmail him or they would release all the data they found. I wonder who would want to do that? I wonder... https://twitter.com/0xDUDE/sta... [twitter.com]

