The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years
Saturday February 2, 2019. 04:34 PM , from Slashdot
A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports:
The researcher says that after his initial finding, he later found the same 'firstname.lastname@example.org' account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... 'The first time I saw these credentials was in the user table of a Russian Lotto website,' Victor Gevers told ZDNet in an interview Monday. 'I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....
'All the systems this password was on were already fully accessible to anyone,' Gevers said. 'The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access.'
'It took a lot of time and also many attempts to contact and warn the Kremlin about this issue,' the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials 'everywhere,' reports IT News, 'leaving a large number of businesses open to access from the internet.'
Long-time Slashdot reader Bismillah calls it 'an illustration of the dangers of giving governments backdoors into systems and networks.'
Read more of this story at Slashdot.
Dec, Fri 6 - 11:23 CET