Aku ngomong babagan bocor data pribadhi maneh, nanging wektu iki aku bakal ngandhani sampeyan babagan akhirat proyek IT nggunakake conto rong penemuan anyar.
Sajrone audit keamanan basis data, asring kedadeyan sampeyan nemokake server (
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.
Ayo miwiti proyek kanthi jeneng "Tim Putin" (putinteam.ru).
Server sing mbukak MongoDB ditemokake ing 19.04.2019/XNUMX/XNUMX.
Kaya sing sampeyan ngerteni, ransomware minangka sing pertama tekan pangkalan iki:
Basis data kasebut ora ngemot data pribadhi sing larang regane, nanging ana alamat email (kurang saka 1000), jeneng ngarep / jeneng kulawarga, sandhi hash, koordinat GPS (ketoke nalika ndhaptar saka smartphone), kutha panggonan lan foto pangguna situs sing wis digawe. akun pribadi ing.
{
"_id" : ObjectId("5c99c5d08000ec500c21d7e1"),
"role" : "USER",
"avatar" : "https://fs.putinteam.ru/******sLnzZokZK75V45-1553581654386.jpeg",
"firstName" : "ΠΠ°Π΄ΠΈΠΌ",
"lastName" : "",
"city" : "Π‘Π°Π½ΠΊΡ-ΠΠ΅ΡΠ΅ΡΠ±ΡΡΠ³",
"about" : "",
"mapMessage" : "",
"isMapMessageVerify" : "0",
"pushIds" : [
],
"username" : "5c99c5d08000ec500c21d7e1",
"__v" : NumberInt(0),
"coordinates" : {
"lng" : 30.315868,
"lat" : 59.939095
}
}
{
"_id" : ObjectId("5cb64b361f82ec4fdc7b7e9f"),
"type" : "BASE",
"email" : "***@yandex.ru",
"password" : "c62e11464d1f5fbd54485f120ef1bd2206c2e426",
"user" : ObjectId("5cb64b361f82ec4fdc7b7e9e"),
"__v" : NumberInt(0)
}
Akeh uwuh informasi lan cathetan kosong. Contone, kode langganan newsletter ora mriksa manawa alamat email wis dilebokake, dadi tinimbang alamat, sampeyan bisa nulis apa wae sing dikarepake.
Miturut hak cipta ing situs web kasebut, proyek kasebut ditinggal ing taun 2018. Kabeh upaya kanggo ngubungi perwakilan proyek ora kasil. Nanging, ana registrasi langka ing situs kasebut - ana tiruan urip.
Proyek zombie kapindho ing analisisku saiki yaiku wiwitan Latvia "Roamer" (roamerapp.com/ru).
Tanggal 21.04.2019 April XNUMX, database MongoDB mbukak aplikasi seluler "Roamer" ditemokake ing server ing Jerman.
Basis data, ukurane 207 MB, kasedhiya kanggo umum wiwit 24.11.2018 November XNUMX (miturut Shodan)!
Kanthi kabeh pratandha eksternal (ora bisa digunakake alamat email dhukungan teknis, tautan sing rusak menyang toko Google Play, hak cipta ing situs web wiwit taun 2016, lan sapiturute) aplikasi kasebut wis suwe ditinggalake.
Ing sawijining wektu, meh kabeh media tematik nulis babagan wiwitan iki:
- VC:"Roamer wiwitan Latvia minangka pembunuh roamingΒ»
- kampung :"Roamer: Aplikasi sing nyuda biaya telpon saka luar negeriΒ»
- lifehacker:"Cara nyuda biaya komunikasi nalika roaming kaping 10: RoamerΒ»
"Pembunuh" kayane wis mateni awake dhewe, nanging sanajan mati dheweke terus mbukak data pribadhi pangguna ...
Dideleng saka analisis informasi ing basis data, akeh pangguna sing terus nggunakake aplikasi seluler iki. Ing sawetara jam pengamatan, 94 entri anyar katon. Lan kanggo periode saka 27.03.2019 Maret 10.04.2019 nganti 66 April XNUMX, XNUMX pangguna anyar wis ndhaptar ing aplikasi kasebut.
Log (luwih saka 100 ewu cathetan) aplikasi kanthi informasi kayata:
- telpon pangguna
- akses token kanggo nelpon riwayat (kasedhiya liwat pranala kaya: api3.roamerapp.com/call/history/1553XXXXXX)
- riwayat telpon (nomer, telpon mlebu utawa metu, biaya telpon, durasi, wektu nelpon)
- operator seluler pangguna
- Alamat IP pangguna
- model telpon pangguna lan versi OS seluler (contone, iPhone 7 12.1.4)
- alamat email pangguna
- imbangan akun pangguna lan mata uang
- negara pangguna
- lokasi saiki (negara) pangguna
- kode promosi
- lan luwih akeh.
{
"_id" : ObjectId("5c9a49b2a1f7da01398b4569"),
"url" : "api3.roamerapp.com/call/history/*******5049",
"ip" : "67.80.1.6",
"method" : NumberLong(1),
"response" : {
"calls" : [
{
"start_time" : NumberLong(1553615276),
"number" : "7495*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869601)
},
{
"start_time" : NumberLong(1553615172),
"number" : "7499*******",
"accepted" : true,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(63),
"cost" : 0.03,
"call_id" : NumberLong(18869600)
},
{
"start_time" : NumberLong(1553615050),
"number" : "7985*******",
"accepted" : false,
"incoming" : false,
"internet" : true,
"duration" : NumberLong(0),
"cost" : 0.0,
"call_id" : NumberLong(18869599)
}
]
},
"response_code" : NumberLong(200),
"post" : [
],
"headers" : {
"Host" : "api3.roamerapp.com",
"X-App-Id" : "a9ee0beb8a2f6e6ef3ab77501e54fb7e",
"Accept" : "application/json",
"X-Sim-Operator" : "311480",
"X-Wsse" : "UsernameToken Username="/******S19a2RzV9cqY7b/RXPA=", PasswordDigest="******NTA4MDhkYzQ5YTVlZWI5NWJkODc5NjQyMzU2MjRjZmIzOWNjYzY3MzViMTY1ODY4NDBjMWRkYjdiZTQxOGI4ZDcwNWJmOThlMTA1N2ExZjI=", Nonce="******c1MzE1NTM2MTUyODIuNDk2NDEz", Created="Tue, 26 Mar 2019 15:48:01 GMT"",
"Accept-Encoding" : "gzip, deflate",
"Accept-Language" : "en-us",
"Content-Type" : "application/json",
"X-Request-Id" : "FB103646-1B56-4030-BF3A-82A40E0828CC",
"User-Agent" : "Roamer;iOS;511;en;iPhone 7;12.1.4",
"Connection" : "keep-alive",
"X-App-Build" : "511",
"X-Lang" : "EN",
"X-Connection" : "WiFi"
},
"created_at" : ISODate("2019-03-26T15:48:02.583+0000"),
"user_id" : "888689"
}
Mesthi, ora bisa ngubungi pemilik pangkalan kasebut. Kontak ing situs ora bisa digunakake, pesen ing media sosial. ora ana sing nanggepi ing jaringan.
Aplikasi iki isih kasedhiya ing Apple App Store (itunes.apple.com/app/roamer-roaming-killer/id646368973).
Warta babagan bocor informasi lan wong njero mesthi bisa ditemokake ing saluran Telegramku "
Source: www.habr.com