M na-ekwu maka mwepu data nkeonwe ọzọ, ma oge a, m ga-agwa gị ntakịrị banyere ndụ mgbe a nwụsịrị nke ọrụ IT site na iji ihe atụ nke nchọpụta abụọ na-adịbeghị anya.
N'oge nyocha nchekwa nchekwa data, ọ na-emekarị ka ị chọpụta sava (, M dere na a blog) bụ nke oru ndị nwere ogologo oge (ma ọ bụ ogologo oge gara aga) hapụrụ ụwa anyị. Ọrụ ndị dị otú ahụ na-anọgide na-eṅomi ndụ (ọrụ), yiri zombies (na-anakọta data nkeonwe nke ndị ọrụ mgbe ha nwụsịrị).
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Ka anyị malite na oru ngo nke nwere nnukwu aha "Putin's Team" (putinteam.ru).
Achọpụtara ihe nkesa nwere MongoDB mepere emepe na 19.04.2019/XNUMX/XNUMX.
Dịka ị na-ahụ, ransomware bụ onye mbụ ruru ntọala a:
Ebe nchekwa data enweghị data nkeonwe bara uru karịsịa, mana enwere adreesị ozi-e (ihe na-erughị 1000), aha mbụ / aha nna, okwuntughe hashed, nhazi GPS (o doro anya mgbe ị na-edebanye aha site na smartphones), obodo obibi na foto nke ndị ọrụ saịtị mepụtara. akaụntụ nke onwe ha na ya.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "Вадим",
"lastName" : "",
"city" : "Санкт-Петербург",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}Ọtụtụ ihe mkpofu ozi na ihe ndekọ efu. Dịka ọmụmaatụ, koodu ndenye aha akwụkwọ akụkọ anaghị elele na abanyela adreesị ozi-e, yabụ kama ịdebanye aha, ịnwere ike ide ihe ọ bụla ịchọrọ.
Na-ekpe ikpe site na nwebisiinka na webụsaịtị, a gbahapụrụ ọrụ ahụ na 2018. Mgbalị niile iji kpọtụrụ ndị nnọchi anya ọrụ agaghị aga nke ọma. Otú ọ dị, enwere ndebanye aha na-adịghị ahụkebe na saịtị - enwere nṅomi nke ndụ.
Ọrụ zombie nke abụọ na nyocha m taa bụ mmalite Latvia "Roamer" (roamerapp.com/ru).
Na Eprel 21.04.2019, XNUMX, achọpụtara nchekwa data MongoDB mepere emepe nke ngwa mkpanaka "Roamer" na sava dị na Germany.
Ebe nchekwa data, 207 MB n'ogo, adịla n'ihu ọha kemgbe Nọvemba 24.11.2018, XNUMX (dị ka Shodan si kwuo)!
Site na akara ngosi niile dị na mpụga (adreesị email nkwado teknụzụ anaghị arụ ọrụ, njikọ gbajiri na ụlọ ahịa Google Play, nwebisiinka na webụsaịtị sitere na 2016, wdg) ahapụla ngwa ahụ ogologo oge.
N'otu oge, ihe fọrọ nke nta ka ọ bụrụ mgbasa ozi thematic niile dere banyere mmalite a:
- VC:"Mmalite Latvia Roamer bụ onye na-egbu ọchụ»
- obodo:"Roamer: Ngwa na-ebelata ọnụ ahịa oku sitere na mba ofesi»
- lifehacker:"Otu esi ebelata ụgwọ nzikọrịta ozi mgbe ị na-agagharị ugboro iri: Roamer»
"Onye na-egbu" yiri ka ọ gburu onwe ya, ma ọbụna mgbe ọ nwụrụ, ọ na-aga n'ihu na-egosipụta data nkeonwe nke ndị ọrụ ya ...
N'ikpe ikpe site na nyocha nke ozi na nchekwa data, ọtụtụ ndị ọrụ na-aga n'ihu na-eji ngwa mkpanaka a. N'ime awa ole na ole nke nlele, ndenye ọhụrụ 94 pụtara. Maka oge sitere na Machị 27.03.2019, 10.04.2019 ruo Eprel 66, XNUMX, ndị ọrụ ọhụrụ XNUMX debara aha na ngwa ahụ.
Ndekọ (ihe karịrị 100 puku ndekọ) nke ngwa nwere ozi dị ka:
- ekwentị onye ọrụ
- nweta token iji kpọọ akụkọ ihe mere eme (dị site na njikọ dị ka: api3.roamerapp.com/call/history/1553XXXXXX)
- akụkọ oku (nọmba, oku mbata ma ọ bụ oku ọpụpụ, ọnụ ahịa oku, ogologo oge, oge oku)
- onye ọrụ mkpanaka
- Adreesị IP onye ọrụ
- Ụdị ekwentị onye ọrụ na ụdị OS mkpanaka na ya (dịka ọmụmaatụ, iPhone 7 12.1.4)
- adreesị ozi-e onye ọrụ
- nkwụnye ego akaụntụ onye ọrụ na ego
- obodo onye ọrụ
- ọnọdụ ugbu a (mba) nke onye ọrụ
- Koodu nkwado
- na ọtụtụ ndị ọzọ.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}N'ezie, ọ gaghị ekwe omume ịkpọtụrụ ndị nwe ntọala ahụ. Kọntaktị na saịtị anaghị arụ ọrụ, ozi na mgbasa ozi mgbasa ozi. ọ dịghị onye na-emeghachi omume na netwọk.
Ngwa ahụ ka dị na Ụlọ Ahịa Apple App (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Enwere ike ịhụ ozi gbasara ntapu ozi na ndị na-eme ihe na ọwa Telegram m "»: .
isi: www.habr.com