flat assembler
Message board for the users of flat assembler.

Index > Heap > Police shut down 3% of Slovak web

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Today Slovak police has confiscated all servers of web hosting www.websupport.sk, without any warning or without at least reporting this to the company.

Until 12:30 (UTC+1), maintainers weren't able to contact anyone responsible. Then, they found out that servers were taken because of NBUSR123 case (described later).

websupport.sk had 3% of slovak domains, all of them are not working now. You can imagine all types of losses because of this: sales, company image, dead links, private data/photos/email/bussines plans exposed, some people were even unable to send electronic airplane tickets to friends, which thus couldn't travel...).

And now to why all this was needed:

About a year ago, group of guys from slovakia found out some problem in PHP script of slovak national security agency ("NBUSR"). NBUSR is, besides else, responsible for giving out security certificates to companies. These guys were able to list out usernames, one of them was "nbusr". So they just for fun tried to login with password "nbusr123", and voila, they were logged in. As if this wasn't enough, "su" worked without password. They found another password in some script, and slowly gained control over many computers from network. They downloaded some data, cleaned up, and wrote article about this public server blackhole.sk, which focuses on internet security. Of course NBUSR originally denied everything, and only later they slowly changed their stance until they finally confessed everything. This was of course a big boom, all media were talking about it, etc etc...

Later, server of hysteria.sk (another security portal) and kyberia.sk (largest cyber-chat-space in slovakia) was taken away, and they didn't return it for about half a year. Thousands of users were damaged. Of course, nothing was reported to server maintainers, and nobody knew why has it been taken, as usually.

This time, they damaged about 3500 sites. Why? Because bunch of guys reported that national security agency has most shitty security you can imagine. What a crime! No one was damaged by this "crime", but they had to do disable 3% of slovak internet for investaging it.

Evil or Very Mad
Post 27 Jun 2007, 13:51
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
one has to wonder if they are so completely incompetent in setting up basic security for their systems, what makes them think they can do anything useful in forensic analysis of those servers?? Razz
Post 27 Jun 2007, 14:10
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
They got FBI to help them Laughing (seriously)

I wonder how much did they pay for that (and how much they will). Great way to spend money, to punish someone who showed how incompetent you are
Post 27 Jun 2007, 14:13
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Quote:
This time, they damaged about 3500 sites. Why? Because bunch of guys reported that national security agency has most shitty security you can imagine. What a crime! No one was damaged by this "crime", but they had to do disable 3% of slovak internet for investaging it.


It is a security hole. Foreigners could get in and do who knows what...

Quote:
one has to wonder if they are so completely incompetent in setting up basic security for their systems, what makes them think they can do anything useful in forensic analysis of those servers??


I hope for vid's sake that the rest of his government isn't as incompitant. Though, if they wanted to shut down sites here for that, you could easily get rid of myspace, youtube, and just about every website that we hate in america. I found a little work around in myspace IM that allows me to send huge wav files. I doubt it'll get fixed.

Quote:
They got FBI to help them (seriously)


Hopefully not the USFBI...
Post 27 Jun 2007, 17:18
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Maverick



Joined: 07 Aug 2006
Posts: 251
Location: Citizen of the Universe
Maverick
That's why I always use 1234, not 123. :')
Post 28 Jun 2007, 05:11
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
this is official message from websupport:

Code:
Official message from websupport.sk (Websupport ltd.):

At June 27th 2007 Police of Slovak Republic disconnected and took away 10 servers of webhosting company websupport.sk (Websupport ltd.) where websites and emails of more than 3500 of their clients were stored. A massive service outage and data loss took place. The equipment has been taken away without a notice and without any reasons explained either to the equipment owner or to the services users.

Company and press requested the explanation, but no information has been given away from the side of Police. The servers were taken because of cracking penetration to Narodny Bezpecnostny Urad Slovenskej Republiky (National Security Bureau of Slovak Republic) which happened more than a year ago.
Police promised to release the equipment immediatelly, but it didnt happen till now.
Servers should be given back at the night or tomorrow (Jun 27th or 28th 2007).

We do NOT agree with the police action and after the lawyer advices we will take appropriate (perhaps, in cooperation with some or all of our clients). Police just cant take 10 servers of a commercial company, nor commercial webhosting with the reason, that they didnt know what they are looking for, so thats why they took all of them.

We are sorry for any inconvinience caused by this action, our apologies to all of our clients.

This is happening in Slovak Republic, part of the Europian Union, and we cant take it anymore. We are not gonna just look at all the illegal actions of the government that happens in this country. Please copy this all over the internet, so the world is going to know what is happening.

www.blackhole.sk  IT security site, which described how was the penetration to NBU done, is stored at the websupport.sk so thats probably the reason why the police took the servers, but without any notice or explanation, which we think is illegal. NBU  national security agency was hacked late last year, where 20gigs of emails were stolen and some more secret stuff (official report from NBU states that no secret data has been compromised). This was done just by guessing the simple password  nbusr123. This password has been not changed few days after publishing the attack details on blackhole.sk though, so you can see how much this country cares about us and our security. No network administrator has been punished at all, they just took onyx (the machine of a czech and slovakian security webpage - hysteria.sk, which has been never prooven to be, nor indicated as a machine used for the NBU attack itself) and was analyzing the data half a year (about 80 GB of data can be copied for later analysis in less than 1 day, for deeper analysis disk drives can be taken, but there is no logical reason to keep the whole machine for half of year at all). So we dont believe that 10 servers will be given back sooner than that time.

Thank you for your time.

Yours faithfully Slovak people    
Post 28 Jun 2007, 17:15
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Well, the "hackers" handled the situation wrongly, it seems - which is often the case. Really a shame - they should've contacted the "victim" first... and do so in a way that wouldn't cause them to disappear at night without a sound (just being paranoid, old commie regimes etc.)

As for taking out too much in a police action, that happens often, too. Remember the whole ThePirateBay case? Of course that "massive outage" happened because TPB was run off the same hardware (and by the same guys) who ran a mostly-legitimate hosting service.

Btw vid., that "code" block should be a "quote" instead, to fix scrolling.
Post 29 Jun 2007, 01:54
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
To be honest, i think they're idiots and didn't think anyone would guess, so they're taking the servers incase there's evidence that some one put something on there like a trojen or something. To be honest, i'd do the same thing, too. I could change everything, then some one would get in again anyway. So, it's not a really unwise tactic. As for it taking very long, that's probably because of the "legal system." I mean, common, look at the US congress vote on a bill. They have to vote to vote on it... I wouldn't be surprised if Slovakia's national security has things weighing it down taking even longer.
Post 29 Jun 2007, 04:02
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
The most redicilous thing about it being the point that they went for like the most thorough evidence search like a Year after it was all done.

ISPs keep access logs for about a week at most and whoever keeps old hack data for a year on his computer anyway? If they wanted to make a point on making sure to get to the evidence, they would have done it a long time ago.

Obviously there's another reason for this happening now.
Post 29 Jun 2007, 12:34
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
True... i never heard of a year long search warrent request (not sure what the laws are for government posessing property in Slovakia but i don't think it'd take a year), so who knows? Though, you'd think that the person who made the news article would have mentioned something else if it was for politics (like hushing up a particular group or something). So it's probably something that they can't disclose yet, and perhaps the security flaw is just a cover story to keep the people in order while they sort out whatever it is. Typical in criminal investigations, because they don't want the guy to know he's being investigated so he remains careless and eventually does something when they're looking. Guy might have some illegal content on the site and they're just using the year ago thing as a cover story so he dosn't panic and try to flee the country while they get the dirt on him.
Post 29 Jun 2007, 12:43
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.