Slovak National Security Office hacked hard

A group of crackers interested in demonstrating that the Slovak "NSO doesn't know the meaning of the word Security" appears to have hacked Slovak NSO inside and out.
Written by George Ou, Contributor

Zone-H.org is reporting that the Slovak National Security Office was hacked hard by a group of crackers interested in demonstrating that the Slovak "NSO doesn't know the meaning of the word Security".  The crackers reportedly got access to "20 gigabytes of emails, internal documents, directives etc" along with administrative passwords of critical servers to the desktops to the Cisco Switches and Routers.  The Slovak NSO used the username "nbusr" and the password "nbusr123" on all of their servers and appliances with administrative privileges which was easily guessed by the crackers in the first few attempts.

Though the Slovak NSO tried to downplay the incident by saying that the breach was limited in scope, Slovak television JOJ reporters communicated with hackers and confirmed that the breach was much broader.  To prove their point, the crackers released the detailed configuration file for one of the NSO's Cisco 2950 switches which means that the crackers effectively own the NSO network inside and out.  In this case, the attackers were simply trying to make a point since they're the ones that reported the breach but it could have just as easily gone unreported if these had been malicious hackers.

The lesson here is that hacking in to a Business, Organization, or Government network is relatively trivial and a lot more needs to be done to strengthen security.  Most US based Government agencies received low or failing grades in recent years and a British man recently hacked hundreds of computer at the Pentagon, Army, Navy, and NASA from his bedroom in London.  It further illustrates the need for strong authentication and cryptographic tokens and that passwords for the most part useless for good security.  Cryptographic tokens such as USB dongles or Smartcards allow users to share the same physical token for all Servers and Appliances as well and are relatively easy to manage and are extremely difficult to hack.

Editorial standards