The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years (zdnet.com)

← Back to Stories (view on slashdot.org)

The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years (zdnet.com)

Posted by EditorDavid on Saturday February 2, 2019 @03:34AM from the admin@kremlin.ru dept.

A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports: The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....

"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."

54 comments

Min score:

Reason:

Sort:

Leaky...distractions. by Anonymous Coward · 2019-02-02 03:48 · Score: 0

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."
Make it a contest. See who has worse security, the government, or businesses?
Maybe they should do penetration testing of their by Anonymous Coward · 2019-02-02 03:51 · Score: 0

Own servers vs the rest of us.
I blame the Russians by Anonymous Coward · 2019-02-02 03:52 · Score: 0

It's always the Russians. Oh wait...
They dont care.... by Anonymous Coward · 2019-02-02 03:54 · Score: 0

They really dont care. And when forcing access people who raise this objection are laighed at and told it wont happen. Yet here it is.....
Create, Update? by PPH · 2019-02-02 04:03 · Score: 5, Insightful

Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

--
Have gnu, will travel.
1. Re:Create, Update? by Anonymous Coward · 2019-02-02 04:07 · Score: 0
  
  Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.
  You're assuming that Russian courts are going to think of that...I don't give them the benefit of that doubt...
2. Re:Create, Update? by drinkypoo · 2019-02-02 04:12 · Score: 3, Insightful
  
  Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.
  You see a bug, kGbRU sees a feature. It makes it so easy to plant evidence...
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:Create, Update? by Anonymous Coward · 2019-02-02 06:23 · Score: 0
  
  Really? Is this a Russian requirement or just lazy MongoDB admins?
  Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.
  TFS says these were unsecured MongoDB instances on the Internet, and it’s not clear if the backdoor account was restricted to read only, or if the DBs were only internet accessible because of the govt requirement, or if the backdoor account uses the same password on everything, it just says it exists. Shit, some random on the Internet could have created these as a joke even.
  This isn’t even a secret backdoor, I mean I can believe it was some compliance requirement to have remote access for the Russian government, but that has fuck all to do with totally unsecured databases with no IP whitelists. This is another stupid things you can do with the cloud story.
4. Re:Create, Update? by PPH · 2019-02-02 06:35 · Score: 1
  
  Shit, some random on the Internet could have created these as a joke even.
  True. RT will be doing an expose of all the unsecured WiFi access points in the USA labeled 'FBI Surveillance Van' pretty soon now.
  
  --
  Have gnu, will travel.
5. Re:Create, Update? by Aighearach · 2019-02-02 07:53 · Score: 1
  
  And care.
  If it comes up, they'll simply ask the Kremlin if they double-checked the evidence, and they can verify that it wasn't altered, and that will be that.
  It is kinda funny the things people presume to be relevant in places that don't have western freedoms and rule-based civics.
  They're usually too busy fighting over Freedom Fries to notice their freedoms!
6. Re:Create, Update? by Anonymous Coward · 2019-02-02 09:45 · Score: 1
  
  And embezzle money, which is the Russian way:
  "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions"
  There's a reason Russia will always be a 3rd world shithole pretending to be something more important than it is, that rather than get it's shit together and modernize instead tries to destabilize and bring everyone else down to it's pathetic levels of failure instead.
7. Re:Create, Update? by AHuxley · 2019-02-02 12:28 · Score: 2
  
  Russia has a few ideas as to computer security and the need for consumer networks.
  If its really important to the Russian gov/mil its never done on any network. Networks are the play thing of the NSA and GCHQ.
  The Soviet Union and now Russia understand that after decades of NSA and GCHQ total collection on every Soviet and Russia network.
  Russian consumer and small businesses need "computers" and global supply networks.
  Hotels and banks needs globally networks.
  ISP accounts need global networks so Russians can publish and play fun games and read educational material.
  
  Russia keeps its mil/gov secrets well away from any "internet".
  But the internet that is allowed in Russia is fully tracked and logged like the UK internet under what was the GCHQ Tempora https://en.wikipedia.org/wiki/...
  A person in Russia can use the internet for software, study, games, business, CCTV, smart phone, but the Russian gov has the keys to all such connected and online activity from the ISP.
  Russian law enforcement has the real time keys to all consumer internet use like in any other advanced nation.
  A bit like discovering the Russian version of a police and city like Domain Awareness System https://en.wikipedia.org/wiki/... but for networks and internet.
  Why are " credentials" the same in Russia?
  So every part of Rusian law enforcement have the same quality and instant real time access to Russian consumer networks.
  Helps track people talking to CIA, MI6 embassy workers with smart phone left on without needing to fax in paperwork for court to approve smart phone mic is turned on.
  To turn all smart phone networks off in a very rapid way in any Russia city when police need such precautions.
  To log and play back all smart phone movements over days, weeks, months, years in any part of Russia.
  To see such network talked about in the West is strange.
  If it was a spying coup in use by NSA/GCHQ to watch over all aspects of Russian police network use, why talk about it?
  
  Is Russia setting up a nation honeytrap to see what the West looks for and how it looks into open Russian networks?
  A bit like the FBI leaving different US gov and mil networks wide open and in plain text just to see what project names are of interest to people entering such "secure" networks?
  The bait has to be real but the study is in the methods used, search teems in such a network, know methods and project, and code litter left.
  The interest is in how another nations searches and knows to search a network for. Why they look for something and what they don't know to look for.
  Only look for a list of project names? Have the confidence to download everything knowing they would collect it all?
  A direct "guided" path into a network expected to be "secret"? Spend time having to understand the network in parts as the network was unknown?
  What is then published that year.
  What stays a secret for 70 years and is never given to any approved historian many decades later.
  
  --
  Domestic spying is now "Benign Information Gathering"
8. Re:Create, Update? by 140Mandak262Jamuna · 2019-02-02 13:35 · Score: 2
  
  Since when you need evidence to convict someone of something in Russia?
  
  --
  sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
9. Re: Create, Update? by Anonymous Coward · 2019-02-02 18:40 · Score: 0
  
  Hahahahahaha - you have faith in the Soviet American kangaroo courts - hahahahahaha!
10. Re:Create, Update? by Anonymous Coward · 2019-02-03 05:03 · Score: 0
  
  ... some other persons might have inserted said evidence into a suspects account surreptitiously.
  It's is not a bug. It's is a feature. Before you apply any kind of logic to Russia you need to live there for a couple of months. Or ask a friend who was born in RF or USSR. If they have anything positive to say about Russia, stop interaction immediately. They are either fully brainwashed or in on some shady shit.
"Admin@kremlin.ru"?? Seriously??? by Archtech · 2019-02-02 04:19 · Score: 0, Troll

Because obviously Mr Putin personally uses those backdoors every day - right from his desk in the Kremlin. It's just like the thousands of Web sites worldwide that have backdoor accounts named "Admin@Whitehouse.gov" or "Admin@CIA.gov".
By the way, I wonder who authorised this "Dutch researcher" to poke around inside 2,000 Web sites located in Russia? Imagine, if you will, that a "Russian researcher" was found to have done the same to over 2,000 sites in the USA. For further credit, try to imagine the headlines, the speeches, the bursting-with-indignation resolutions in Congress...

--
I am sure that there are many other solipsists out there.
1. Re:"Admin@kremlin.ru"?? Seriously??? by Anonymous Coward · 2019-02-02 04:24 · Score: 1
  
  Um, secure you're shit and you don't have anything to worry about from "Dutch Researchers".
2. Re:"Admin@kremlin.ru"?? Seriously??? by Anonymous Coward · 2019-02-02 04:28 · Score: 0
  
  You're kidding right ?
  You're thinking that dutch people only look after dutch website ? and french people after french website ?
  Of course a russian researcher has been poking with american web sites !
  'who authorised this "Dutch researcher"'
  Seems you like security by obscurity because in security analysis, anyone should be authorised to do anything as long as it is public ?
3. Re:"Admin@kremlin.ru"?? Seriously??? by Anonymous Coward · 2019-02-02 05:58 · Score: 1
  
  Usernames in MongoDB can be anything. It doesn't mean that admin@kremlin.ru was a functional email address.
4. Re:"Admin@kremlin.ru"?? Seriously??? by Anonymous Coward · 2019-02-03 13:48 · Score: 0
  
  Spotted the Trumpanzee
  numbnuts
It's the Dutch ... by Anonymous Coward · 2019-02-02 04:27 · Score: 0

It's always the Dutch.
Backdoors are for everyone by Anonymous Coward · 2019-02-02 04:35 · Score: 0

Very simple.
These are the sham tax accounts, not the real ones by Anonymous Coward · 2019-02-02 04:37 · Score: 0

This is Russia, everyone has two or three sets of books: One for Owner, one for the Mafia boss and one for the Tax service. Obviously nobody cares about the Tax service books.
Re: Maybe they should do penetration testing of th by Anonymous Coward · 2019-02-02 05:04 · Score: 0

The government probably doesn't do much hacking
open back door? by Anonymous Coward · 2019-02-02 05:15 · Score: 0

in old Soviet Russia, Kremlin leave front door open.
TRANSLATION (IMHO)!!! by Anonymous Coward · 2019-02-02 05:26 · Score: 0

"Governments should/must NOT allowed back door access to any computers, because governments are not good @ keeping access credentials secure!!! SO LET'S TURN WHOLE INTERNET TO DARK WEB (so governments cannot catch any criminals anymore)!!!"
IMHO: You know who also are not good at keeping access credentials secure? Pretty much EVERYBODY!!!
Instead of complaining, how about creating rules/standards for keeping access credentials secure for everybody to follow, including governments?
Re: These are the sham tax accounts, not the real by Anonymous Coward · 2019-02-02 05:39 · Score: 1

Then you have not seen the Russian tax collectors. They carry more firepower than SWAT
And then they went after the researcher's accounts by fineous+fingers · 2019-02-02 06:04 · Score: 2

Victor posted on his Twitter feed that a bunch of his accounts were compromised and they tried to blackmail him or they would release all the data they found. I wonder who would want to do that? I wonder... https://twitter.com/0xDUDE/sta...
unlike the NSA by Anonymous Coward · 2019-02-02 06:15 · Score: 0

Unlike the countless NSA mandated backdoors. They never ever resulted in any vulnerability or security risk whatsoever... ever!
1. Re: unlike the NSA by Anonymous Coward · 2019-02-02 07:09 · Score: 0
  
  Such as...
2. Re: unlike the NSA by AHuxley · 2019-02-02 11:50 · Score: 1
  
  PRISM and BULLRUN AC.
  
  --
  Domestic spying is now "Benign Information Gathering"
Re: Let's hope by Anonymous Coward · 2019-02-02 07:08 · Score: 0

LOCk em both up.
Too stupid, smells of bullshit by Anonymous Coward · 2019-02-02 07:24 · Score: 0

It's so damn simple and stupid it smells of BS and something that would only work in a really bad Hollywood hacker movie.
1. Re:Too stupid, smells of bullshit by AHuxley · 2019-02-02 11:57 · Score: 1
  
  AC if the Dutch method worked as told to the waiting media and press no clearance form the NSA, GCHQ would hav been given to talk about it ever.
  In 70 years some approved historian would have been allowed to publish that NATO cyber effort worked well in Russian around 2017.
  Reading about any working and in use NSA, GCHQ. NATO project in real time would need full declassification.
  No nation would allow such efforts to be talked about.
  The NSA, NATO, GCHQ, CIA, MI6 would want any such network left wide open and Russia using it with full confidence for years.
  
  --
  Domestic spying is now "Benign Information Gathering"
Huh? Average day by raymorris · 2019-02-02 07:50 · Score: 1

I'm not sure I'm getting your point. A typical US-based web site will see about 5 attacks per day originating from Russia. Times 40 million web sites = 200 million attack attempts per day.
You're saying Congress should do something about this?
Anything in particular they should do? I'm guessing "ignore it and play silly political games repeating the words 'Russia' and your political opponent's name over and over" isn't what you have in mind. Can you think of anything useful they can do?
1. Re:Huh? Average day by Anonymous Coward · 2019-02-02 09:51 · Score: 0
  
  Yes, increase sanctions on Russia to the point it's economy collapses, just like last time.
  Only this time, make sure it doesn't get back up. Do something productive, like this:
  https://thehill.com/opinion/na...
  Russia has proven time and time again it can't function as a useful, worthwhile country. It's been a net drag on the world for over a hundred years, and has contributed nothing good in all that time (the only accidental exception being it ineptly plowed millions of it's citizens to their death against the Germans in WW2). The only solution to the Russia problem is to collapse it and break it up so that the constituent parts of Russia that are smart enough and willing to leave behind Putin and KGB era corruption and move forward can do so without the drag of the retards at the Kremlin in Moscow holding them back.
2. Re:Huh? Average day by Anonymous Coward · 2019-02-02 15:57 · Score: 0
  
  Only this time, make sure it doesn't get back up. Do something productive, like this:
  https://thehill.com/opinion/na...
  Crappy ass auto playing video ad covering half the page. Closed page.
Re: You don't get a "medal" for your spelling & by Anonymous Coward · 2019-02-02 07:53 · Score: 0

When people combine caps and bold in a post, nothing they write is ever worth reading.
Wow totall access to everything... by Anonymous Coward · 2019-02-02 08:35 · Score: 0

The ease of corruption is staggering! Man that's crazy
Re: Same as the US then? by Anonymous Coward · 2019-02-02 11:24 · Score: 0

Times of Israel is the only paper to report on the Jews who caused the US housing crash of 2007, the billions they reaped and the 500 million pitance of a fine they paid.
The US is a joke.
Mongo DB is Web Scale by Anonymous Coward · 2019-02-02 11:56 · Score: 0

You just turn it on and it scales right up.
You don't get a "medal" for your spelling &? by Anonymous Coward · 2019-02-02 14:21 · Score: 0

You don't get a "medal" for your spelling & it's MEDDLE dolt + learn to ACCEPT your side (the "AbNoRmaL OnEz") lost, ok? It's reality.
* Additionally - I don't see Stone "folding under pressure" from what I think's a LINE OF UTTER BULLSHIT being put his way - but, we'll see on that note (my guess is we'll see like "the RUSSIANS" & "collusion" on President Trump stuck (it didn't because it's BULLSHIT TOO, lol)).
4++ yrs. & the Brownshirt MINION cannonfodder of SOROS can't accept they lost - & you'd think they'd FIGURE IT OUT - they're LOSERS (it's ALL THEY KNOW HOW TO DO THEIR ENTIRE WASTED USELESS WELFARE SUCKING LEECH LIVES).
Like ALL "your kind"?
You're DESPERATELY TRYING TO "HIDE" MY POST with ABUSED DOWNMODS vs. TRUTH/FACT I POSTED LAST 3x TIMES ON THIS VERY POST losers https://yro.slashdot.org/comme... https://yro.slashdot.org/comme... https://yro.slashdot.org/comme...
(... & JUST to SPITE YOUR LYING ASSES? AGAIN: YOU Keep 'downmodding' & I'll repost AGAIN & RUN YOU DRY of that bullshit, lol - as always).
APK
P.S.=> Loved Joy Behar ADMITTING they F'D UP on the COVINGTON Catholic school LIES they told too https://yro.slashdot.org/comme... saying "We're just so desperate" lol - damn right - LIES from "your kind" PROVE it (the desperation of LYING f'ing LOSERS)... apk
When you don't identify yourself at all? by Anonymous Coward · 2019-02-02 14:22 · Score: 0

See subject & you also STALK me by UNIDENTIFIABLE anonymous posts, you're not worth reading & you KNOW it, troll!
* :)
APK
P.S.=> Now, I've no time for you other than that - So, it's onwards & UPWARDS (or perhaps 'downwards' is better for this) to "CONTINUUM" on NETFLIX this time... apk
Re: Let's hope by Anonymous Coward · 2019-02-02 17:01 · Score: 0

Conspiring(and lying) to mess with the election with foreign entities is illegal. Not to mention, illegal campaign expenditures for which his lawyer is headed to jail. The investigation is nowhere near over and the orange turd is already an unindicted co-conspirator to felonies that already have guilty pleas.
Ask yourself why Trump lied for years about not having business dealings in Russia, if you are capable of rational thought.
numbnuts
A cautionary tale by Anonymous Coward · 2019-02-02 21:35 · Score: 0

This should be a lesson to anyone in a democratic government that requiring back doors to encrypted or authenticated services or communications will inevitably result in catastrophic, long-term damages to the governed population -- financially and with regard to safety.