The MongoDB database was found in the public domain, which does not require authentication, in which there was information from Moscow ambulance stations (SSMP).
Unfortunately, this is not the only problem: firstly, this time the data really leaked, and secondly, all sensitive information was stored on a server located in Germany (I would like to ask if this violates any law or departmental instructions?).
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.
A server with a base called "ssmpβ, is located on the site of the well-known hosting provider Hetzner in Germany.
Based on indirect signs, it was possible to establish the alleged owner of the server and the database - a Russian company LLC "Computer intelligent systems".
On ci-systems.com/solutions/programs-smp/, the company tells us:
CIS SMP is a software product designed to automate the operation of emergency (specialized) medical care (SMP) stations within the boundaries of a constituent entity of the Russian Federation and provides:
- receiving calls;
- registration and redirection of calls;
- formation, monitoring and management of mobile teams of NSR stations;
- mass reassignment of brigades of the ambulance service during the liquidation of emergency situations;
- the operation of a single call center SMP;
- data exchange with external information systems.
The database had a size of 17.3 GB and contained:
- date/time of the ambulance call
- Name of ambulance crew members (including driver)
- license plate of the ambulance car
- ambulance vehicle status (e.g. βarriving on callβ)
- calling address
- Name, date of birth, gender of the patient
- description of the patient's condition (e.g., "temperature >39, poorly reduced, adult")
- Name of person who called the ambulance
- contact number
- and much moreβ¦
The data in the database is similar to the log of some system for monitoring / tracking the progress of the task. The field of interest isdateΒ» in the table Β«assign_data_historyΒ».
(Of course, in the picture above, I tried to hide all personal data.)
As it was written at the very beginning, the lack of authentication is not the only problem this time.
Most importantly, this database was first discovered by Ukrainian hackers from the THack3forU, which leave different messages in the found MongoDB and destroy the information. This time the lads distinguished themselves by this:
"Hacked by THack3forU! Chanel.nPutin is fucked up,nMedvedev is a schmuck,nStrelkov is dumb,nRussia is DNO!β
and of course the fact that, having downloaded all 17 GB, they posted them in CSV format on file hosting mega.nz. About how open MongoDB databases are discovered - .
As soon as the owner of the database was established, I sent him a notification with a proposal to still close access to the database, although it was already too late - the data had βgoneβ.
First time search engine Shodan fixed this database on 28.06.2018/08.04.2019/17, and access to it was finally closed on 20/18/05, somewhere between 6:XNUMX and XNUMX:XNUMX (Moscow time). A little less than XNUMX hours have passed since the announcement.
News about information leaks and insiders can always be found on my Telegram channel "Β».
Source: habr.com