Ina magana game da leaks na sirri sake, amma wannan lokacin zan gaya muku kadan game da rayuwar bayan ayyukan IT ta amfani da misalin binciken biyu na kwanan nan.
A lokacin binciken tsaro na bayanai, yakan faru sau da yawa ka gano sabobin (, Na rubuta a cikin blog) na ayyukan da suka dade (ko ba haka ba da dadewa) sun bar duniyarmu. Irin waɗannan ayyukan har ma suna ci gaba da kwaikwayon rayuwa (aiki), kama da aljanu (tattara bayanan sirri na masu amfani bayan mutuwarsu).
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Bari mu fara da wani aiki tare da babbar sunan "Putin's Team" (putinteam.ru).
An gano uwar garken tare da bude MongoDB a ranar 19.04.2019/XNUMX/XNUMX.
Kamar yadda kuke gani, ransomware shine farkon wanda ya isa wannan tushe:
Bayanan bayanan ba ya ƙunshe da mahimman bayanan sirri na musamman, amma akwai adiresoshin imel (kasa da 1000), sunayen farko / sunayen sunaye, kalmomin shiga mara kyau, haɗin GPS (a fili lokacin yin rajista daga wayoyin hannu), biranen zama da kuma hotunan masu amfani da rukunin yanar gizon da suka ƙirƙira. asusun su na sirri akansa.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "Вадим",
"lastName" : "",
"city" : "Санкт-Петербург",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Da yawa datti bayanai da bayanan komai. Misali, lambar biyan kuɗin wasiƙa ba ta bincika cewa an shigar da adireshin imel, don haka maimakon adireshi, kuna iya rubuta duk abin da kuke so.
Yin la'akari da haƙƙin mallaka akan gidan yanar gizon, an watsar da aikin a cikin 2018. Duk ƙoƙarin tuntuɓar wakilan aikin bai yi nasara ba. Koyaya, akwai ƙarancin rajista akan rukunin yanar gizon - akwai kwaikwayon rayuwa.
Aikin aljanu na biyu a cikin bincike na yau shine farawa na Latvia "Roamer" (roamerapp.com/ru).
A ranar 21.04.2019 ga Afrilu, XNUMX, an gano buɗaɗɗen bayanan MongoDB na aikace-aikacen wayar hannu "Roamer" akan sabar a Jamus.
Ma'ajiyar bayanai, girman 207 MB, tana samuwa a bainar jama'a tun daga Nuwamba 24.11.2018, XNUMX (bisa ga Shodan)!
Ta duk alamun waje (adireshin imel ɗin tallafi na fasaha ba aiki ba, hanyoyin haɗin kai zuwa kantin sayar da Google Play, haƙƙin mallaka akan gidan yanar gizon daga 2016, da sauransu) an yi watsi da aikace-aikacen na dogon lokaci.
A wani lokaci, kusan dukkanin kafofin watsa labarai na jigo sun rubuta game da wannan farawa:
- VC:"Farawa na Latvia Roamer mai kisan gilla ne»
- kauye:"Roamer: Aikace-aikacen da ke rage farashin kira daga waje»
- lifehacker:"Yadda ake rage farashin sadarwa yayin yawo da sau 10: Roamer»
Da alama "mai kisan" ya kashe kansa, amma ko da ya mutu ya ci gaba da bayyana bayanan sirri na masu amfani da shi ...
Yin la'akari da nazarin bayanai a cikin bayanan, yawancin masu amfani suna ci gaba da amfani da wannan aikace-aikacen hannu. A cikin 'yan sa'o'i kadan na kallo, sabbin shigarwar 94 sun bayyana. Kuma na tsawon lokaci daga Maris 27.03.2019, 10.04.2019 zuwa Afrilu 66, XNUMX, sabbin masu amfani XNUMX sun yi rajista a cikin aikace-aikacen.
Logs (fiye da rikodin dubu 100) na aikace-aikacen tare da bayanai kamar:
- wayar mai amfani
- alamar shiga don tarihin kira (akwai ta hanyar hanyoyin haɗi kamar: api3.roamerapp.com/call/history/1553XXXXXX)
- tarihin kira (lambobi, kira mai shigowa ko mai fita, farashin kira, tsawon lokaci, lokacin kira)
- mai amfani da wayar hannu
- Adireshin IP mai amfani
- samfurin wayar mai amfani da sigar OS ta hannu akan sa (misali, iPhone 7 12.1.4)
- adireshin imel mai amfani
- ma'auni na asusun mai amfani da kuɗin kuɗi
- kasar mai amfani
- wurin yanzu (ƙasar) na mai amfani
- promokody
- da yawa.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}Tabbas, bai yiwu a tuntuɓar masu ginin ba. Lambobin sadarwa ba sa aiki, saƙonni akan kafofin watsa labarun. babu wanda ya mayar da martani a kan cibiyoyin sadarwa.
Har yanzu app ɗin yana nan akan Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Ana iya samun labarai game da leken asirin bayanai da masu ciki koyaushe a tashar Telegram ta "»: .
source: www.habr.com