Slashdot Mirror

← Back to Stories (view on slashdot.org)

Access To Major Airport's Security System Offered on Dark Web for $10 (axios.com)

Posted by msmash on from the security-woes dept.

Researchers at McAfee found remote access to a major airport's security system available on the dark web for $10. From a report: The hacked access came from an online market for remote desktop protocol (RDP) accounts, which sell access to hacked accounts in all kinds of systems. "There's a lot of discussion about sophisticated nation-state attacks, but this was a really cheap way anyone could get access to something," Raj Samani, chief scientist at McAfee, told Axios. The RDP market isn't typically about purchasing access to systems to actually use the systems. Instead, buyers pay between $3 and $19 for access to machines based on bandwidth. Those systems are often used for their resources rather than their information.

32 comments

  1. $10? For $5 I can tell about updateing there syst by Joe_Dragon · · Score: 1

    $10? For $5 I can tell about updateing there systems.

  2. Not too surprised by xxxJonBoyxxx · · Score: 2

    Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

    1. Re:Not too surprised by dgatwood · · Score: 4, Interesting

      Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

      Next up: Girls Gone Wild, Airport Edition. See topless teens as only millimeter-wave scanners can see them. See gregarious grandmas with guns. And everything in between.

      The only way to prevent people from seeing naked pictures of yourself is to never allow them to be taken in the first place. This includes the scanners at the airport.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:Not too surprised by Anonymous Coward · · Score: 0

      Is this a comment on travelers laptops, or TSAs computers?

      Or do you even know?

    3. Re:Not too surprised by Anonymous Coward · · Score: 0

      I've decided to go for a different approach... Just having absolutely no shame.

      If everyone did it we wouldn't need "see you naked machines" we could just use our eyeballs...

    4. Re:Not too surprised by xxxJonBoyxxx · · Score: 2

      TSA computers. The Compaq-looking things frequently plugged in with the stack of 4-6 USB slots facing outside the security area (so the TSA folks see the pretty faceplates and blinky-blink lights).

  3. Re:$10? For $5 I can tell about updateing there sy by bogaboga · · Score: 1

    $10? For $5 I can tell about updateing there systems.

    $10? For $5 I can tell about updating their systems.

    WTH!! FTFY!

  4. Re:$10? For $5 I can tell about updateing there sy by freeze128 · · Score: 1

    You dummy! You could have charged him $5 for fixing his post!

  5. Re:GPL - Intellectual Theft? by Anonymous Coward · · Score: 2, Informative

    Not sure if you're joking, but here goes:

    If you don't distribute your software outside of your company (e.g. by publishing it on a webpage for the public to download, or selling it to some other companies), then you do not need to give away the source code. That is written in the GPL.

    Anything compiled with GCC or clang compiler can still be kept under a closed-source license, you do not need to give the source code away.

    Your lawyer is wrong.

    Source: I am a lawyer.

  6. Re:$10? For $5 I can tell about updateing there sy by Desler · · Score: 2

    For 5 dollars can we buy you spelling and grammar lessons?

  7. The economics are interesting by fyngyrz · · Score: 2

    Here's what interests me. If this data is available for $10, then we're given a feel for how many customers are needed to buy it to make any serious cash.

    Presuming that all the state actors buy the data (and I do so presume... if they don't, they're being really, really stupid), that's a couple hundred right there. Then there are corporations, perhaps... can't imagine there would be many taking the risk, but... and the individual crazies.

    Doesn't seem all that economically beneficial to the seller.

    Someone else have a different take?

    --
    I've fallen off your lawn, and I can't get up.
  8. Our civilization is a house of cards by Rick+Schumann · · Score: 2

    Do I really need to explain this at this point?

    1. Re:Our civilization is a house of cards by gweihir · · Score: 2

      It is not news either. It is just becoming much more obvious in the Internet age.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Our civilization is a house of cards by Rick+Schumann · · Score: 2

      What I mean is in the more immediate sense than that, foreign operatives, terroists, and criminal organizations now apparently have everything they need to break into anything they want and nothing is stopping them.

    3. Re:Our civilization is a house of cards by gweihir · · Score: 1

      Actually, domestic fascists taking over the governments of the west are a far more serious threat.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Our civilization is a house of cards by Anonymous Coward · · Score: 0

      Oh so we'll just ignore this threat until our power plants explode and there's no water coming out of your taps and all the traffic lights stop working, all while everyones bank accounts are drained and their identities are stolen. Great plan. Of course the assholes running our gods-be-damned government are a gods-be-damned THREAT, anyone with two working brain cells knows this! Thanks so much for that Captain Obvious.

    5. Re:Our civilization is a house of cards by gweihir · · Score: 1

      I was not talking about Trump.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  9. Re:GPL - Intellectual Theft? by Anonymous Coward · · Score: 1

    Unfortunately for us, this meant that the great deal of time and money we spent "touching up" Linux to work for this investment firm would now be available at no cost to our competitors.

    You are only obligated to give publish your code if you distribute to other people, for something in-house, you don't.

    Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as clang - would also have to its source code released. This was simply unacceptable.

    Well, I'm afraid your lawyer is an idiot who doesn't understand the GPL, because the GPL sure as hell doesn't say that. What you wrote is 100% false.

    If you guys are paying him for legal advice which is patently false, you should find a better lawyer.

    So either you, your lawyer, or both of you are a little too clueless about the GPL to be credible, because pretty much nothing you wrote is actually true.

    If either a consultant or a lawyer tells you code compiled with clang has to be open sourced ... they're incompetent to be giving you that advice. From the sounds of it, neither you nor the lawyer know anything about the GPL.

  10. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    They're, they're. Calm down, know knead too charge. The Internet provides these services four free.

  11. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    $10? For $5 I can tell about updateing there systems.

    $10? For $5 I can tell about updating their systems.

    WTH!! FTFY!

    Don't be too proud of yourself either. Tell may occur without an overt (visible) indirect object only with wh-noun clauses or phrases. Tell must have an overt indirect object in all other contexts.

  12. Re:$10? For $5 I can tell about updateing there sy by SlashGodet · · Score: 1

    Update of a simple typo is annoying and boring. "FTFY" is useful only when the meaning of the sentence is changed by the typo! Develop courtesy toward others. Lack of spelling is common to many genius brains, as well as non-native english writers.

    Sheesh, people trying to increase their post count...

  13. Probably more than they spent on security by gweihir · · Score: 2

    I do mean on effective security, not all that worthless "compliance" bullshit.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  14. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    For about $3.50 I can tell about selling grammar correction services.

  15. Wrong headline by Anonymous Coward · · Score: 0

    The headline should read: "Airports leave remote desktop open so people can remotely log in and control air planes"

    This has absolutely nothing to do with "scary hackers"