The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years

A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports: The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....

"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."

Create, Update?

[PPH]

Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

Re:Create, Update?

[drinkypoo]

Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

You see a bug, kGbRU sees a feature. It makes it so easy to plant evidence...

Re:Create, Update?

[PPH]

Shit, some random on the Internet could have created these as a joke even.

True. RT will be doing an expose of all the unsecured WiFi access points in the USA labeled 'FBI Surveillance Van' pretty soon now.

Re:Create, Update?

[Aighearach]

And care.

If it comes up, they'll simply ask the Kremlin if they double-checked the evidence, and they can verify that it wasn't altered, and that will be that.

It is kinda funny the things people presume to be relevant in places that don't have western freedoms and rule-based civics.

They're usually too busy fighting over Freedom Fries to notice their freedoms!

Re:Create, Update?

And embezzle money, which is the Russian way:

"I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions"

There's a reason Russia will always be a 3rd world shithole pretending to be something more important than it is, that rather than get it's shit together and modernize instead tries to destabilize and bring everyone else down to it's pathetic levels of failure instead.

Re:Create, Update?

[AHuxley]

Russia has a few ideas as to computer security and the need for consumer networks.
If its really important to the Russian gov/mil its never done on any network. Networks are the play thing of the NSA and GCHQ.
The Soviet Union and now Russia understand that after decades of NSA and GCHQ total collection on every Soviet and Russia network.
Russian consumer and small businesses need "computers" and global supply networks.
Hotels and banks needs globally networks.
ISP accounts need global networks so Russians can publish and play fun games and read educational material.

Russia keeps its mil/gov secrets well away from any "internet".
But the internet that is allowed in Russia is fully tracked and logged like the UK internet under what was the GCHQ Tempora https://en.wikipedia.org/wiki/...
A person in Russia can use the internet for software, study, games, business, CCTV, smart phone, but the Russian gov has the keys to all such connected and online activity from the ISP.
Russian law enforcement has the real time keys to all consumer internet use like in any other advanced nation.
A bit like discovering the Russian version of a police and city like Domain Awareness System https://en.wikipedia.org/wiki/... but for networks and internet.
Why are " credentials" the same in Russia?
So every part of Rusian law enforcement have the same quality and instant real time access to Russian consumer networks.
Helps track people talking to CIA, MI6 embassy workers with smart phone left on without needing to fax in paperwork for court to approve smart phone mic is turned on.
To turn all smart phone networks off in a very rapid way in any Russia city when police need such precautions.
To log and play back all smart phone movements over days, weeks, months, years in any part of Russia.
To see such network talked about in the West is strange.
If it was a spying coup in use by NSA/GCHQ to watch over all aspects of Russian police network use, why talk about it?

Is Russia setting up a nation honeytrap to see what the West looks for and how it looks into open Russian networks?
A bit like the FBI leaving different US gov and mil networks wide open and in plain text just to see what project names are of interest to people entering such "secure" networks?
The bait has to be real but the study is in the methods used, search teems in such a network, know methods and project, and code litter left.
The interest is in how another nations searches and knows to search a network for. Why they look for something and what they don't know to look for.
Only look for a list of project names? Have the confidence to download everything knowing they would collect it all?
A direct "guided" path into a network expected to be "secret"? Spend time having to understand the network in parts as the network was unknown?
What is then published that year.
What stays a secret for 70 years and is never given to any approved historian many decades later.

Re:Create, Update?

[140Mandak262Jamuna]

Since when you need evidence to convict someone of something in Russia?

Re:"Admin@kremlin.ru"?? Seriously???

Um, secure you're shit and you don't have anything to worry about from "Dutch Researchers".

Re: These are the sham tax accounts, not the real

Then you have not seen the Russian tax collectors. They carry more firepower than SWAT

Re:"Admin@kremlin.ru"?? Seriously???

Usernames in MongoDB can be anything. It doesn't mean that admin@kremlin.ru was a functional email address.

And then they went after the researcher's accounts

[fineous+fingers]

Victor posted on his Twitter feed that a bunch of his accounts were compromised and they tried to blackmail him or they would release all the data they found. I wonder who would want to do that? I wonder... https://twitter.com/0xDUDE/sta...

Huh? Average day

[raymorris]

I'm not sure I'm getting your point. A typical US-based web site will see about 5 attacks per day originating from Russia. Times 40 million web sites = 200 million attack attempts per day.

You're saying Congress should do something about this?
Anything in particular they should do? I'm guessing "ignore it and play silly political games repeating the words 'Russia' and your political opponent's name over and over" isn't what you have in mind. Can you think of anything useful they can do?

Re: unlike the NSA

[AHuxley]

PRISM and BULLRUN AC.

Re:Too stupid, smells of bullshit

[AHuxley]

AC if the Dutch method worked as told to the waiting media and press no clearance form the NSA, GCHQ would hav been given to talk about it ever.
In 70 years some approved historian would have been allowed to publish that NATO cyber effort worked well in Russian around 2017.
Reading about any working and in use NSA, GCHQ. NATO project in real time would need full declassification.
No nation would allow such efforts to be talked about.
The NSA, NATO, GCHQ, CIA, MI6 would want any such network left wide open and Russia using it with full confidence for years.