The Kremlin's Remote-Access Credentials Left Thousands Of Businesses Exposed For Years

A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports: The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....

"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."

Create, Update?

[PPH]

Really? Is this a Russian requirement or just lazy MongoDB admins? Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

Re:Create, Update?

[drinkypoo]

Because any thought that Russian law enforcement has to use evidence collected from these systems will be tainted by the possibility that some other persons might have inserted said evidence into a suspects account surreptitiously.

You see a bug, kGbRU sees a feature. It makes it so easy to plant evidence...

Re:Create, Update?

[AHuxley]

Russia has a few ideas as to computer security and the need for consumer networks.
If its really important to the Russian gov/mil its never done on any network. Networks are the play thing of the NSA and GCHQ.
The Soviet Union and now Russia understand that after decades of NSA and GCHQ total collection on every Soviet and Russia network.
Russian consumer and small businesses need "computers" and global supply networks.
Hotels and banks needs globally networks.
ISP accounts need global networks so Russians can publish and play fun games and read educational material.

Russia keeps its mil/gov secrets well away from any "internet".
But the internet that is allowed in Russia is fully tracked and logged like the UK internet under what was the GCHQ Tempora https://en.wikipedia.org/wiki/...
A person in Russia can use the internet for software, study, games, business, CCTV, smart phone, but the Russian gov has the keys to all such connected and online activity from the ISP.
Russian law enforcement has the real time keys to all consumer internet use like in any other advanced nation.
A bit like discovering the Russian version of a police and city like Domain Awareness System https://en.wikipedia.org/wiki/... but for networks and internet.
Why are " credentials" the same in Russia?
So every part of Rusian law enforcement have the same quality and instant real time access to Russian consumer networks.
Helps track people talking to CIA, MI6 embassy workers with smart phone left on without needing to fax in paperwork for court to approve smart phone mic is turned on.
To turn all smart phone networks off in a very rapid way in any Russia city when police need such precautions.
To log and play back all smart phone movements over days, weeks, months, years in any part of Russia.
To see such network talked about in the West is strange.
If it was a spying coup in use by NSA/GCHQ to watch over all aspects of Russian police network use, why talk about it?

Is Russia setting up a nation honeytrap to see what the West looks for and how it looks into open Russian networks?
A bit like the FBI leaving different US gov and mil networks wide open and in plain text just to see what project names are of interest to people entering such "secure" networks?
The bait has to be real but the study is in the methods used, search teems in such a network, know methods and project, and code litter left.
The interest is in how another nations searches and knows to search a network for. Why they look for something and what they don't know to look for.
Only look for a list of project names? Have the confidence to download everything knowing they would collect it all?
A direct "guided" path into a network expected to be "secret"? Spend time having to understand the network in parts as the network was unknown?
What is then published that year.
What stays a secret for 70 years and is never given to any approved historian many decades later.

Re:Create, Update?

[140Mandak262Jamuna]

Since when you need evidence to convict someone of something in Russia?

And then they went after the researcher's accounts

[fineous+fingers]

Victor posted on his Twitter feed that a bunch of his accounts were compromised and they tried to blackmail him or they would release all the data they found. I wonder who would want to do that? I wonder... https://twitter.com/0xDUDE/sta...