Slashdot Mirror

← Back to Stories (view on slashdot.org)

Access To Major Airport's Security System Offered on Dark Web for $10 (axios.com)

Posted by msmash on from the security-woes dept.

Researchers at McAfee found remote access to a major airport's security system available on the dark web for $10. From a report: The hacked access came from an online market for remote desktop protocol (RDP) accounts, which sell access to hacked accounts in all kinds of systems. "There's a lot of discussion about sophisticated nation-state attacks, but this was a really cheap way anyone could get access to something," Raj Samani, chief scientist at McAfee, told Axios. The RDP market isn't typically about purchasing access to systems to actually use the systems. Instead, buyers pay between $3 and $19 for access to machines based on bandwidth. Those systems are often used for their resources rather than their information.

32 comments

  1. creimer is fat and a gay by Anonymous Coward · · Score: -1

    creimer's access to all-you-can-eat buffets is being revoked since he's such a fatty.

  2. Moscow Donald charged Russia slightly more by Anonymous Coward · · Score: -1

    When Trump's many bankruptcies left him unable to secure loans from American banks, the Russian government stepped in to save him, demanding the worst treason in human history as reward.

    Now, uneducated racists claim they are making America great by supporting an obvious traitor whose campaign manager is currently sitting in prison.

    1. Re:Moscow Donald charged Russia slightly more by Anonymous Coward · · Score: -1

      Sure, Ivan.

      How's it feel to know that nobody believes a word of propaganda coming out of a third-rate failed power?

      You shittskis couldn't rig an election from class president, let alone President of the United States of America.

  3. It wuz haxx0rz by Anonymous Coward · · Score: -1

    Fire up a tor browser and trawl through the deep dark scary "dark web" junglewoodlands and write press releases full of scary scarewords from that. There's bogeymen in them thar dark webbert00bz! Oh noez teh cyber it are totes dangerously!

    Quality research from Quality security research companies. Cutting edge, truly innovative, etc. etc. etc.

  4. $10? For $5 I can tell about updateing there syst by Joe_Dragon · · Score: 1

    $10? For $5 I can tell about updateing there systems.

  5. Not too surprised by xxxJonBoyxxx · · Score: 2

    Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

    1. Re:Not too surprised by dgatwood · · Score: 4, Interesting

      Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

      Next up: Girls Gone Wild, Airport Edition. See topless teens as only millimeter-wave scanners can see them. See gregarious grandmas with guns. And everything in between.

      The only way to prevent people from seeing naked pictures of yourself is to never allow them to be taken in the first place. This includes the scanners at the airport.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:Not too surprised by Anonymous Coward · · Score: 0

      Is this a comment on travelers laptops, or TSAs computers?

      Or do you even know?

    3. Re:Not too surprised by Anonymous Coward · · Score: 0

      I've decided to go for a different approach... Just having absolutely no shame.

      If everyone did it we wouldn't need "see you naked machines" we could just use our eyeballs...

    4. Re:Not too surprised by xxxJonBoyxxx · · Score: 2

      TSA computers. The Compaq-looking things frequently plugged in with the stack of 4-6 USB slots facing outside the security area (so the TSA folks see the pretty faceplates and blinky-blink lights).

  6. Re:$10? For $5 I can tell about updateing there sy by bogaboga · · Score: 1

    $10? For $5 I can tell about updateing there systems.

    $10? For $5 I can tell about updating their systems.

    WTH!! FTFY!

  7. GPL - Intellectual Theft? by Anonymous Coward · · Score: -1

    Hello,

    Consulting for several large companies, I'd always done my work on Windows. Recently however, a top online investment firm asked us to do some work using Linux. The concept of having access to source code was very appealing to us, as we'd be able to modify the kernel to meet our exacting standards which we're unable to do with Microsoft's products.

    Although we met several technical challenges along the way (specifically, Linux's lack of Token Ring support and the fact that we were unable to defrag its btrfs file system), all in all the process went smoothly. Everyone was very pleased with Linux, and we were considering using it for a great deal of future internal projects.

    So you can imagine our suprise when we were informed by a lawyer that we would be required to publish our source code for others to use. It was brought to our attention that Linux is copyrighted under something called the GPL, or the Gnu Protective License. Part of this license states that any changes to the kernel are to be made freely available. Unfortunately for us, this meant that the great deal of time and money we spent "touching up" Linux to work for this investment firm would now be available at no cost to our competitors.

    Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as clang - would also have to its source code released. This was simply unacceptable.

    Although we had planned for no one outside of this company to ever use, let alone see the source code, we were now put in a difficult position. We could either give away our hard work, or come up with another solution. Although it was tough to do, there really was no option: We had to rewrite the code, from scratch, for Windows 10.

    I think the biggest thing keeping Linux from being truly competitive with Microsoft is this GPL. Its draconian requirements virtually guarentee that no business will ever be able to use it. After my experience with Linux, I won't be recommending it to any of my associates. I may reconsider if Linux switches its license to something a little more fair, such as Microsoft's "Shared Source". Until then its attempts to socialize the software market will insure it remains only a bit player.

    Thank you for your time.
    --

    1. Re:GPL - Intellectual Theft? by Anonymous Coward · · Score: -1

      Nope.

    2. Re:GPL - Intellectual Theft? by Anonymous Coward · · Score: 2, Informative

      Not sure if you're joking, but here goes:

      If you don't distribute your software outside of your company (e.g. by publishing it on a webpage for the public to download, or selling it to some other companies), then you do not need to give away the source code. That is written in the GPL.

      Anything compiled with GCC or clang compiler can still be kept under a closed-source license, you do not need to give the source code away.

      Your lawyer is wrong.

      Source: I am a lawyer.

    3. Re:GPL - Intellectual Theft? by Anonymous Coward · · Score: 1

      Unfortunately for us, this meant that the great deal of time and money we spent "touching up" Linux to work for this investment firm would now be available at no cost to our competitors.

      You are only obligated to give publish your code if you distribute to other people, for something in-house, you don't.

      Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as clang - would also have to its source code released. This was simply unacceptable.

      Well, I'm afraid your lawyer is an idiot who doesn't understand the GPL, because the GPL sure as hell doesn't say that. What you wrote is 100% false.

      If you guys are paying him for legal advice which is patently false, you should find a better lawyer.

      So either you, your lawyer, or both of you are a little too clueless about the GPL to be credible, because pretty much nothing you wrote is actually true.

      If either a consultant or a lawyer tells you code compiled with clang has to be open sourced ... they're incompetent to be giving you that advice. From the sounds of it, neither you nor the lawyer know anything about the GPL.

  8. nice post by Anonymous Coward · · Score: -1

    very good post. good explanation
    read similar http://www.technogroot.cf/2018/07/fast-charging-apps-for-android-devices.html

  9. Re:$10? For $5 I can tell about updateing there sy by freeze128 · · Score: 1

    You dummy! You could have charged him $5 for fixing his post!

  10. Re:$10? For $5 I can tell about updateing there sy by Desler · · Score: 2

    For 5 dollars can we buy you spelling and grammar lessons?

  11. The economics are interesting by fyngyrz · · Score: 2

    Here's what interests me. If this data is available for $10, then we're given a feel for how many customers are needed to buy it to make any serious cash.

    Presuming that all the state actors buy the data (and I do so presume... if they don't, they're being really, really stupid), that's a couple hundred right there. Then there are corporations, perhaps... can't imagine there would be many taking the risk, but... and the individual crazies.

    Doesn't seem all that economically beneficial to the seller.

    Someone else have a different take?

    --
    I've fallen off your lawn, and I can't get up.
  12. Our civilization is a house of cards by Rick+Schumann · · Score: 2

    Do I really need to explain this at this point?

    1. Re:Our civilization is a house of cards by gweihir · · Score: 2

      It is not news either. It is just becoming much more obvious in the Internet age.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Our civilization is a house of cards by Rick+Schumann · · Score: 2

      What I mean is in the more immediate sense than that, foreign operatives, terroists, and criminal organizations now apparently have everything they need to break into anything they want and nothing is stopping them.

    3. Re:Our civilization is a house of cards by gweihir · · Score: 1

      Actually, domestic fascists taking over the governments of the west are a far more serious threat.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Our civilization is a house of cards by Anonymous Coward · · Score: 0

      Oh so we'll just ignore this threat until our power plants explode and there's no water coming out of your taps and all the traffic lights stop working, all while everyones bank accounts are drained and their identities are stolen. Great plan. Of course the assholes running our gods-be-damned government are a gods-be-damned THREAT, anyone with two working brain cells knows this! Thanks so much for that Captain Obvious.

    5. Re:Our civilization is a house of cards by gweihir · · Score: 1

      I was not talking about Trump.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: -1

    FTW!

    Idiot.

  14. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    They're, they're. Calm down, know knead too charge. The Internet provides these services four free.

  15. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    $10? For $5 I can tell about updateing there systems.

    $10? For $5 I can tell about updating their systems.

    WTH!! FTFY!

    Don't be too proud of yourself either. Tell may occur without an overt (visible) indirect object only with wh-noun clauses or phrases. Tell must have an overt indirect object in all other contexts.

  16. Re:$10? For $5 I can tell about updateing there sy by SlashGodet · · Score: 1

    Update of a simple typo is annoying and boring. "FTFY" is useful only when the meaning of the sentence is changed by the typo! Develop courtesy toward others. Lack of spelling is common to many genius brains, as well as non-native english writers.

    Sheesh, people trying to increase their post count...

  17. Probably more than they spent on security by gweihir · · Score: 2

    I do mean on effective security, not all that worthless "compliance" bullshit.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  18. Re:$10? For $5 I can tell about updateing there sy by Anonymous Coward · · Score: 0

    For about $3.50 I can tell about selling grammar correction services.

  19. Wrong headline by Anonymous Coward · · Score: 0

    The headline should read: "Airports leave remote desktop open so people can remotely log in and control air planes"

    This has absolutely nothing to do with "scary hackers"