Duqu hackers scrub evidence from command servers, shut down spying op

Discussion in 'malware problems & news' started by ronjor, Nov 30, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    So now they regroup and show up elsewhere.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    I can't make much sense from;
    "The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)" link (Conclusion nr.3)

    Rejection of a theory based on fear?
    Why instead opt for the 'kinda seemingly bruteforcing a password in 8 minutes with afaics a few attempts' theory? o_O
    Anyone 'In-the-know' who can shed some light on this?
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I'm sure i read that one of the AV vendors had grabbed ALL the data from at least one of the servers ? If so they have plenty of juice ;) Not that i expect them to spill All the beans though, to us anyway :p

    However they did say that they would publish more info later, still waiting !

    Yeah, but as i've signed the Official Secrets Act, i'm sworn to secrecy, & if i did tell you i'd have to kill you :eek: Only kidding ;)
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    I'm not in the know but interesting comments by posters in your link particularly coming from users Jesse Carter and Sam Crawford.
     
  7. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Interesting for sure! Thanks for reminding, Trismegistos.
     
  8. cozofdeath

    cozofdeath Registered Member

    Joined:
    Dec 18, 2011
    Posts:
    6
    Location:
    USA
    This crap is scary:ninja:
     
  9. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Pure speculation of course, but I'll add a comment; I have heard rumors of some information disclosure vulnerabilities that leak a single next-bit at a time. Most system administrators will lock down the CentOS servers with an iptables rule to slow down brute-force against the SSH daemon. Such as:


    If we were able to obtain a single bit at a time... and we know there are 8 bits to the byte... we could get 1 character of the password per minute.

    Server "B" in Germany was brute forced in 8 minutes and would imply an 8-character password in our little fantasy scenario. :)

    Best Wishes,
    -MessageBoxA
     
Loading...
Thread Status:
Not open for further replies.