Matsotsi akaba VKontakte peji remuzvinabhizimusi Alexey Mironov nekuda kwekusagadzikana muMTS yekuzivikanwa kwevatengi. Iyo social network haina kumbobvira yaidzosera kumuridzi wayo uye irikuda zvisingaite kubva kwaari. Iye zvino ari kumhan'arira VKontakte nekuda kweizvi. Anomiririrwa neCentre for Digital Rights.
Alexey Mironov ndiye muvambi weJeffrey's Coffee cheni. Iyi ifranchise yezvitoro zvekofi muMoscow uye kumatunhu. Alexey aigara achitaurirana nevamwe vaaishanda navo uye vaanoshanda navo paVKontakte uye akachengetedza peji yakakurumbira yeruzhinji kunetiweki yake ipapo, inoverengera vanopfuura 50 vanyoreri.
MunaNovember 2018, mangwanani-ngwanani, apo Alexey akanga ari rwendo rwebhizimisi muChina, peji yake yeVKontakte yakavharwa. Akagamuchira SMS kubva kuVKontakte, WhatsApp uye meseji kubva kuMTS opareta, iyo yaiti kutumira kune imwe nhamba kwakaiswa. Alexey haana kuisa mberi, saka akabva atanga kunetseka uye akadana MTS. Havana kana kumbokurumidza kuona kuti zvechokwadi pakanga paine redirect. Mushandi akakwanisa kuidzima kwemaawa maviri chete mushure mekufona kwaAlexey. MTS haina kumbobvira yawana data rekuti uye riini kutumirwa kwacho kwaitwa.
Alexey akatarisa mukana wekuwana masocial network uye vatumwa pakarepo uye akaona kuti haachakwanisa kupinda mavari vachishandisa nhamba dzake dzenhare. Matsotsi aya akabatanidza imwe nhamba kumaakaundi ake. NeWhatsApp nyaya yakagadziriswa nekukurumidza. Pakarepo mushure mekukanzura kutumira, mutumwa akadzoreredza mukana kuaccount kumuridzi akakodzera.
Alexey akanyorera VKontakte rutsigiro achikumbira kudzorera peji uye akatumira mufananidzo wepasipoti yake. Manheru akagamuchira SMS kuti chikumbiro chakarambwa, sezvo muridzi wezvino akasimbisa kodzero yekuwana.
Imwe nyanzvi yekutsigira tekinoroji yakataura kuti Alexey aigona kuendesa nekuzvidira mukana kune peji rake kune vechitatu mapato, saka ivo havazodzorere kuwana kwake. Alexey akatsanangura mamiriro ekubira, asi akakumbirwa kutumira tsamba yekusimbisa kubva kuMTS, umo mushandisi aizosimbisa kuti hack yakaitika. Alexey akapa tsamba kubva kuMTS. Mushure meizvi, hutungamiri hweVKontakte hwakada kuti tsamba iyi ibvumirwe nemapurisa. Chinodiwa ichi chakaoma kuzadzisa nekuti harisi basa remapurisa kupa matsamba nemagwaro eakasaina. Alexey akakwanisa kuvhara peji yakavharwa chete nekubvunza pachake vashandi veVKontakte vaaiziva nezvazvo. Peji harisati radzoswa. Chinhu chimwe chete chakaitwa naAlexey kwaive kuvhara account yake. Iye zvino hapana scammers kana iye pachake anogona kuishandisa.
VKontakte tsigiro sevhisi inyaya yakasiyana. Vashandisi vane mvumo chete vanogona kubata basa rekutsigira VKontakte. Izvi zvinoreva kuti kana ukarasikirwa nekuwana peji rako, unofanirwa kugadzira idzva kana kukumbira shamwari dzako kuti dzipe mukana kune mapeji avo kuti vanyore vachitsigira. Alexey akanyorerana nenyanzvi dzebasa rekutsigira kubva papeji yemukadzi wake, uye izvi hazvina kuvanetsa, kunyangwe Chibvumirano cheMushandisi chisingabvumidze kuendesa zita rekupinda uye password kune mumwe munhu.
Kubirwa kwepeji uye kuwedzera kurasikirwa kwekuwana account uye peji yeruzhinji zviri pachena kuti zvakakanganisa mukurumbira webhizinesi raAlexey uye zvido zvake zvepfuma. Tisingarevi kuti izvi zvakabvumira huwandu hwakakosha hweruzivo rwemunhu uye rwekutengesa kudonhedza kunzvimbo dzisingazivikanwe. Matsotsi omuakaundi yomuzvinabhizimisi akakumbira shamwari dzake kuti dzivatumire zvitsama zvikuru zvemari. Mumwe munhu akavatamisa 34 zviuru rubles. Vapambi vaive neruzivo rwemunhu kubva kuaccount yaAlexey kwemaawa makumi maviri nemana.
Mhosva pamusoro VKontakte
Alexey Mironov akamhan’arira pasocial network VKontakte muSmolninsky District Court yeSt. Anokumbira dare kuti risungire iyo social network kuzadzisa chibvumirano chayo, chakapedzwa nenzira yeChibvumirano cheMushandisi, uye kumudzosera mukana kune peji rake. Kusvika nanhasi, manejimendi eVKontakte anoramba achinyima Alexey mukana wekuwana account yake zvisina musoro, iye achitevedzera nehana zvirevo zveChibvumirano cheMushandisi uye akabva azivisa basa rekutsigira tekinoroji yesocial network nezve hack. VKontakte yakaramba kudzoreredza mukana wake kune peji, ichitaura chirevo muChibvumirano cheMushandisi chinorambidza vashandisi kutamisa peji ravo rekupinda uye password kune vechitatu mapato. Mumiriri weVKontakte aitaura naye Alexey akataura kuti unogona kuseta nhamba dzenhare kutumira chete nekushanyira hofisi yemushandisi uye nekupa pasipoti yako. Kutaura zvazviri, izvi hazvisi izvo, uye izvi zvakasimbiswa naRoskomnadzor mukupindura chikumbiro chaAlexey.
Nzvimbo yesocial network, inopesana neChibvumirano cheMushandisi, yakaganhurira zvisina musoro kuwana kwaAlexey pakushandisa peji rake. Uku ndiko kuramba unilateral kuzadzisa zvisungo, kutyora ndima 1 yeArt. 30 Civil Code yeRussian Federation. Nokumudzivisa kuwana kuakaunti yake, VK zvakare akanyima Alexey kodzero dzekutonga peji rake revanhu, iyo inokosha isingabatiki pfuma kwaari. (Isu takanyora nezve musika weveruzhinji senzira nyowani yedhijitari zvivakwa uye zvakasarudzika zvekupedzisa kutengeserana navo. )
Makomba ekuchengetedza muMTS identification system
Kunyorerana kwakaitwa nevanyengeri vachimiririra muzvinabhizimusi kunoratidza kuti vaiziva nezvebhizinesi rake uye rwendo rwebhizinesi. Vakafonera MTS contact centre, vakakwanisa kuzvizivisa vakamiririra Alexey uye vakagadzira call forward. Vanorwisa vaigona kuwana pasipoti yake kuburikidza nesocial engineering. Alexey Mironov ndiye muvambi wefranchise, saka vanhu vazhinji vanobatanidzwa mukuvhura franchise establishments vanogona kuve neruzivo rwepasipoti yake. MTS yakaita ongororo yemukati, asi haina kukwanisa kuona kuti ndiani chaizvo akaisa kutumira uye kuti munhu anorwisa abata sei SMS. Iyo kambani haina kubvuma mhosva, asi panguva imwechete yakapa Alexey muripo unoshamisa - 750 rubles.
Isu takaona kuti kuzivisa munhu akanyoresa kure chete uchishandisa chaiyo data yemunhu itsika inokahadzika uye takanyora chichemo kuRoskomnadzor kuratidza kutevedza kwerudzi urwu rwekuita kwekambani nezvinodiwa zvemutemo pane yako data. Nekuda kweizvozvo, Roskomnadzor yakabatana neMTS, ichiratidza kuti kubata masevhisi ekutaurirana mushure mekuzivikanwa kure nefoni uku uchipa chaiyo data rako pachako zvakajairika, uye kumisikidza dzimwe nzira dzedziviriro kubva kurudzi urwu rwezviito zvisina kutenderwa kutemwa nemusoro kune anonyoresa, kwete. kambani . (verenga mhinduro yakazara - )
Kubirwa kweakaunti yaAlexey Mironov haisi yekutanga nyaya yekusatenderwa kuwana MTS subscriber data. Muna 2018, dhatabhesi ye500 zviuru vanyoreri muNovosibirsk varwi vaviri, mumwe wavo aiva mushandi wekambani. Vakaedza kutengesa dhatabhesi pamutengo we 1 ruble kune data yemumwe munyoreri.
Muna 2016 dzaivepo Teregiramu nhoroondo dzevanopikisa Georgy Alburov naOleg Kozlovsky. Maakaunti avo akabatanidzwa nenhamba dzeMTS, uye nguva pfupi isati yabiwa, sevhisi yavo yeSMS yakavharwa uye kutumirwa kwakagoneswa. Mamiriro ezvinhu ekupazwa akanga asinawo kusimbiswa. Muna 2019, Oleg Kozlovsky akamhan'arira MTS, asi dare rakazviramba.
Kuchengetedza maakaundi eakasiyana siyana ewebhu masevhisi uye maapplication kubva mukubira ibasa remushandisi pachake. Ichi chinzvimbo chakagovaniswa nevese telecom operators uye regulator pachayo, maererano nezvavanoramba kugovera idzi njodzi nevanozvinyoresa.
RKN inoitsanangura seizvi mumhinduro yayo:
"... Zvinoenderana nechikamu 2.11 cheMTS Mamiriro, nekuda kwekuzivikanwa, vanyoreri kubva kune telecom opareta vanopihwa mukana wekushandisa Code Word - kutevedzana kwezviratidzo (tsamba, nhamba) inotsanangurwa neMunyoreri nenzira yakagadzwa ne iyo Operator, iyo inoshanda kuzivisa Munyoreri pakuita Chibvumirano. Munyoreri ane mukana wekuseta kodhi izwi zvese paanenge achipedzisa chibvumirano (munyaya iyi inopinzwa mufomu rechibvumirano pamwe chete nemashoko anosungirwa) uye chero nguva panguva yekuitwa kwechibvumirano. Pasinei neizvi, munyoreri Mironov A.K. izwi rekodhi harina kuiswa pamberi pekupokana kwekubatanidza kwesevhisi. Mumamiriro ezvinhu akadai, munyoreri chete, nekuisa kodhi izwi panguva yekuzivikanwa nemunhu wenharembozha, anogona kuderedza njodzi yemhedzisiro kubva mumamiriro akadai, asi haana kutora mukana uyu. "
Kudzoreredza account. Mission haigoneki
Chichemo chekusaita basa kweRoskomnadzor chakatokwidzwa kuhofisi yemuchuchisi. Zvichakadaro, mapurisa ari kuramba akanyarara panyaya yekuparwa kwemhosva. Hapana anoudza chero chinhu mukati mekambani nezve mhedzisiro yekuferefeta. MTS haibvumi chero mhosva. Hapana anebasa nazvo. Panguva imwecheteyo, VKontakte inoramba ichiramba muridzi weakaunti kuti adzorere kuwana kwairi kusvika aunza kubva kumapurisa Chisarudzo chekutanga mhosva yekupa mhosva yekusimbisa chokwadi chakatsanangurwa uye tsamba kubva kuMTS, iyo inosimbisa kuti redirection service inopikisa. Mutsamba ine tsananguro dzakadzama, pane zvakare chinodiwa kuti Mironov apewo chitupa kubva kuMTS chekuti ndiye ega (uye chii, kumwe kunowanikwa vashandisi vanonyoresa mubatanidzwa wenhamba dzenhare?) peji. Mhinduro yacho yakasvika pakupera kwevhiki rapfuura, uye yakapiwa kuguma kwemamiriro ezvinhu uye kusakwanisa kusvika pakubvumirana neVKontakte kwemwedzi mitanhatu ikozvino, takaenda kumatare.
Nzira yekuzvidzivirira sei kubva pakubira
Vanorwisa vanogona zvakare kuwana mukana wekutonga nhamba yefoni kuburikidza nehumwe hudziviriro - iyo SS7 protocol kana kuwana yakapetwa SIM kadhi nerubatsiro rwevashandi vasina hunyanzvi.
SS7 iprotocol yehunyanzvi inoshandiswa nevashandisi venhare. Iine yekare uye inoita seisingabviswi , iyo inokutendera kuti utore data inotumirwa nevanyoreri panguva yekufona kana kuburikidza neSMS. Vashandisi chete ndivo vanokwanisa kuwana SS7, asi vanorwisa vanogona kuiwana nekutenga mukana padarknet kubva kune vanoshanda munyika dzisina budiriro kana kuburikidza nevashandi vasina hunhu hwevanofambisa nhare. Kurwiswa kunoitika kana munhu anorwisa achinja kero yemunyoreri yekubhadharisa kukero yake. Kazhinji, vanorwisa vanozivisa sisitimu kuti munyoreri ari kutenderera pasirese, saka nzira iri nyore yekuzvidzivirira ndeye kudzima kutenderera kwepasirese kana ukasaishandisa.
Alexey Mironov akanga asati ave ne-two-factor authentication system yakagadzirirwa Vkontakte. Basa iri muVK munaJune 2014. Pamwe aigona kudzivirira account yake kuti isabiwa. Zvakakodzera kuyeuka kuti kungobatanidza account nenhamba yefoni haisi mbiri-zvinhu chokwadi. - Uku ndiko kudzivirirwa kwekupinda muakaunti apo, kuwedzera kune password, chimwe chiito chinoitwa. Iyo yakajairika sarudzo ndeye SMS kodhi. Iyi nzira haisi iyo yakanyanya kuvimbika, sezvo vanorwisa vanogona kubata meseji yeSMS. Dzimwe sarudzo dzakachengeteka ifaira kiyi, macode enguva pfupi, nharembozha uye tokeni yehardware.
Nehurombo, isu tinomanikidzwa kurarama munguva iyo kuve nechokwadi chekuchengetedza data kunova dambudziko redu pachedu. Vanotarisira kuti vashandisi vachazvimiririra kutakura mutoro kana pakaitika hack, sezvinoonekwa, izvi handizvo. Pamwe chete nekuvimba neRoskomnadzor, iyo yakagara yakarambwa kubva kune chokwadi mumaitiro ayo ekudzivirira data. Zvakaoma zvikuru kupaza nhumbi dzokurwa dze "zvinhu zvekuramba" zvemupurisa wepano anogashira chikumbiro chako mune imwe nyaya yakafanana, kunyanya kune munhuwo zvake asingazive mashandiro anoita hurongwa uhu. Chii chasara? Usakanganwa nezvehutsanana hwedhijitari, vimba masvomhu uye dzivirira kodzero dzako mudare.
Source: www.habr.com