Slovak National Security Office hacked hard

Slovak National Security Office hacked hard

Summary: A group of crackers interested in demonstrating that the Slovak "NSO doesn't know the meaning of the word Security" appears to have hacked Slovak NSO inside and out.

SHARE:
TOPICS: Security
6

Zone-H.org is reporting that the Slovak National Security Office was hacked hard by a group of crackers interested in demonstrating that the Slovak "NSO doesn't know the meaning of the word Security".  The crackers reportedly got access to "20 gigabytes of emails, internal documents, directives etc" along with administrative passwords of critical servers to the desktops to the Cisco Switches and Routers.  The Slovak NSO used the username "nbusr" and the password "nbusr123" on all of their servers and appliances with administrative privileges which was easily guessed by the crackers in the first few attempts.

Though the Slovak NSO tried to downplay the incident by saying that the breach was limited in scope, Slovak television JOJ reporters communicated with hackers and confirmed that the breach was much broader.  To prove their point, the crackers released the detailed configuration file for one of the NSO's Cisco 2950 switches which means that the crackers effectively own the NSO network inside and out.  In this case, the attackers were simply trying to make a point since they're the ones that reported the breach but it could have just as easily gone unreported if these had been malicious hackers.

The lesson here is that hacking in to a Business, Organization, or Government network is relatively trivial and a lot more needs to be done to strengthen security.  Most US based Government agencies received low or failing grades in recent years and a British man recently hacked hundreds of computer at the Pentagon, Army, Navy, and NASA from his bedroom in London.  It further illustrates the need for strong authentication and cryptographic tokens and that passwords for the most part useless for good security.  Cryptographic tokens such as USB dongles or Smartcards allow users to share the same physical token for all Servers and Appliances as well and are relatively easy to manage and are extremely difficult to hack.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • 20 Gb of data

    accessed through a 128k DSL line. Should take QUITE A WHILE to download all of that!

    I agree that security is a major issue, but the size "quandary" keeps people from making too big of a dent. Even with a 1Mb link - how much data can you expect to download (before you get noticed)? Companies like Company 'F' have hundreds of terrabytes of data - you want to download it all - or spend time sifting through it?

    The chance of stumbling upon critical data is not very high. Grabbing passwd files is interesting - you "own" their network - but you still face the daunting "size" problem.

    The biggest problem is either having a PC stolen that had critical data on it (STUPID - should be on servers) OR some employee coming in with an external 1.5Tb USB drive . . .
    Roger Ramjet
    • Look at it like this

      They reported it, had they not, how long before they would have been stumbled upon some one siphoning their data.

      I don't see where they said access through a DSL line. More likely a T1 or something of that nature.

      20 GB of email is enough to do damage. Especially if you consider the amount of CYA people do with email these days.
      nucrash
    • Re: 20Gb of data

      Roger,
      How much of that 128k DSL line would be required to upload some nasties onto those nicely owned servers? How much damage could a hacker do by DOS'ing someone using the Slovak National Security Office's servers? Imagine the damage that could be caused by using the SNSO's servers to assist DNS amplification attacks? Keyloggers, dns poisoning....oh the fun someone could have with that network.

      Downloading would probably the LAST thing on someone's mind....
      Scrat
      • Great Points

        Unfortunately people are MOST afraid of losing their files (or rather, their files falling into someone else's hands). THIS is the fuel for the security software bandwagon. This misdirection is great for sales!

        There are only so many ways you can catch AIDS/HIV. People are AFRAID! No one thinks twice about that coughing guy on the plane next to you with TB and Heppatitus C . . .
        Roger Ramjet
        • Too true.

          Forget educating people on sensible precautions, lets keep them dumb and sell them Norto.....
          Scrat
  • Stronger passwords should be a requirement....

    .... dictated by the OS/software.
    Higher importance of a network and its data should put higher
    requirements on the OS and software itself. Think about swiss
    cheese. Who would use a strainer to bale a boat? :-)

    Microsoft should turn into a niche company (gaming modules), and
    companies with reliable alternative tech like e.g. Apple, Sun and
    IBM should get more to do with not just mission critical stuff but
    everything else where security is important. (think internet)
    Mikael_z