Mai gudanar da sabar Jabber jabber.ru (xmpp.ru) ya gano wani harin da aka kai don hana zirga-zirgar masu amfani (MITM), wanda aka kai tsawon kwanaki 90 zuwa watanni 6 a cikin cibiyoyin sadarwar Jamus masu ba da sabis na Hetzner da Linode, waɗanda ke karɓar bakuncin taron. uwar garken aikin da mahallin VPS. An shirya harin ta hanyar tura zirga-zirga zuwa kullin wucewa wanda ya maye gurbin takardar shaidar TLS don rufaffen haɗin XMPP ta amfani da tsawo na STARTTLS.
An lura da harin ne saboda kuskuren da masu shirya shi suka yi, waɗanda ba su da lokacin sabunta takardar shaidar TLS da aka yi amfani da su don yin zufa. A ranar 16 ga Oktoba, mai gudanarwa na jabber.ru, lokacin ƙoƙarin haɗi zuwa sabis ɗin, ya karɓi saƙon kuskure saboda ƙarewar takardar shaidar, amma takardar shaidar da ke kan sabar ba ta ƙare ba. A sakamakon haka, ya zama cewa takardar shaidar da abokin ciniki ya karɓa ta bambanta da takardar shaidar da uwar garken ta aika. An samu takardar shaidar TLS ta farko ta karya a ranar 18 ga Afrilu, 2023 ta hanyar sabis ɗin Mu Encrypt, wanda maharin, da yake iya tsai da zirga-zirga, ya sami damar tabbatar da shiga shafukan jabber.ru da xmpp.ru.
Da farko, an yi zaton cewa an yi wa uwar garken aikin matsala kuma ana yin wani canji a gefensa. Sai dai binciken binciken bai bayyana ko wani abu na kutse ba. A lokaci guda, a cikin log ɗin da ke kan uwar garke, an lura da kashe ɗan gajeren lokaci da kunna cibiyar sadarwa (NIC Link is Down/NIC Link is Up), wanda aka yi a ranar 18 ga Yuli a 12:58 kuma zai iya. nuna manipulations tare da haɗin uwar garken zuwa sauyawa. Abin lura ne cewa an ƙirƙiri takaddun shaida na TLS na karya 'yan mintoci kaɗan da suka gabata - a ranar 18 ga Yuli a 12:49 da 12:38.
Bugu da ƙari, an yi maye gurbin ba kawai a cikin hanyar sadarwa na Hetzner mai ba da sabis ba, wanda ke ɗaukar babban uwar garke, amma har ma a cikin hanyar sadarwa na Linode mai ba da sabis, wanda ya dauki nauyin yanayin VPS tare da proxies masu taimako wanda ke tura zirga-zirga daga wasu adiresoshin. A kaikaice, an gano cewa zirga-zirga zuwa tashar jiragen ruwa na 5222 (XMPP STARTTLS) a cikin hanyoyin sadarwa na duka masu samar da kayayyaki an tura su ta hanyar ƙarin mai watsa shiri, wanda ya ba da dalilin yin imani da cewa mutumin da ke da damar yin amfani da kayan aikin masu samar da kayan aiki ya kai harin.
A bisa ka'ida, ana iya aiwatar da musanya daga Afrilu 18 (ranar da aka kirkiro takardar shaidar karya ta jabber.ru), amma an tabbatar da shari'o'in maye gurbin takardar shaidar kawai daga Yuli 21 zuwa 19 ga Oktoba, duk wannan lokacin musayar bayanan sirri tare da jabber.ru da xmpp.ru za a iya la'akari da lalacewa. An dakatar da maye gurbin bayan an fara bincike, an gudanar da gwaje-gwaje kuma an aika da buƙatar zuwa sabis na tallafi na masu samar da Hetzner da Lindode a ranar 18 ga Oktoba. A lokaci guda, ƙarin canji lokacin da fakitin jigilar kayayyaki da aka aika zuwa tashar jiragen ruwa 5222 na ɗayan sabar a cikin Linode har yanzu ana kiyaye su a yau, amma ba a sake maye gurbin takardar shaidar ba.
Ana kyautata zaton cewa za a iya kai harin da sanin masu samar da su bisa bukatar hukumomin tilasta bin doka, sakamakon kutse hanyoyin samar da ababen more rayuwa na duka biyun, ko kuma ta hanyar wani ma'aikaci da ya samu damar yin amfani da su. Ta hanyar samun damar shiga da kuma canza zirga-zirgar XMPP, maharin zai iya samun damar yin amfani da duk bayanan da suka shafi asusu, kamar tarihin saƙon da aka adana a uwar garken, kuma yana iya aika saƙonni a madadin wasu da yin canje-canje ga saƙonnin wasu. Saƙonnin da aka aika ta amfani da ɓoye-ɓoye na ƙarshe-zuwa-ƙarshe (OMEMO, OTR ko PGP) ana iya ɗaukarsu ba su daidaita ba idan masu amfani da bangarorin biyu sun tabbatar da maɓallan ɓoyewa. An shawarci masu amfani da Jabber.ru su canza kalmomin shiga su kuma duba maɓallan OMEMO da PGP a cikin ma'ajin su na PEP don yuwuwar musanya su.
source: budenet.ru