Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Sweep Up FTP Credentials For the New York Times, UNICEF and 7,000 Others

Posted by Soulskill on from the out-of-sight-out-of-mind dept.

SpacemanukBEJY.53u writes "Alex Holden of Hold Security has come forward with a significant find: a 7,000-strong list of FTP sites run by a variety of companies, complete with login credentials. The affected companies include The New York Times and UNICEF. The hackers have uploaded malicious PHP scripts in some cases, perhaps as a launch pad for further attacks. The passwords for the FTP applications are complex and not default ones, indicating the hackers may have other malware installed on people's systems in those organizations."

3 of 51 comments (clear)

  1. A standard multi-layer attack by Opportunist · · Score: 4, Interesting

    Pretty common today, I am kinda surprised this is news.

    Basically what happens is that you get a few passwords, fire them against some servers that you know or assume the person it belongs to has some kind of access to (people routinely reuse passwords), if you get access to some webpage, slip in some code that loads malware to infect everyone visiting the webpage, rinse and repeat.

    It would be interesting to model the "spread" of this way of password gathering. I wouldn't be surprised if it would show similar patterns to the spread of a (RL) infection.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:A standard multi-layer attack by Opportunist · · Score: 3, Interesting

      Too true. Actually it's scary how neglected a lot of "secondary resources" like FTP servers are in terms of security. You'll often find some outside pointing FTP or other "odd protocol" servers at some companies that have not been updated for ages.

      The story behind those servers is usually that they were required for some project ages ago when a business partner insisted in using some "odd" protocol, they haphazardly set it up (usually done by an admin who went down a "how-to for dummies", not because he is stupid but usually because he lacks the time he'd have to invest into learning the ins and outs of the server to set it up properly), fiddled with it until it kinda-sorta worked and let them transfer whatever data they had to move. Then the server gets forgotten and is left running because "they don't cost anything","we might need it again one day and it took so long to get it running" and "they don't contain any valuable data".

      Well, no valuable data besides the credentials of its users.

      This works well for a line of services aside of FTP servers. The more obscure and the less widely used, the higher your chance to find some exploit for it (if you need an exploit at all because, as stated above, the admin more likely than not left out a critical security step).

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. filezilla by taikedz · · Score: 3, Interesting

    Wonder if this could be related to the rogue filezilla....?

    --
    -- "Simplicity is prerequisite for reliability." --Dijkstra