Duqu hackers scrub evidence from command servers, shut down spying op

Discussion in 'malware problems & news' started by ronjor, Nov 30, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    172,054
    Location:
    Texas
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    So now they regroup and show up elsewhere.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    I can't make much sense from;
    "The servers appear to have been hacked by bruteforcing the root password. (We do not believe in the OpenSSH 4.3 0-day theory - that would be too scary!)" link (Conclusion nr.3)

    Rejection of a theory based on fear?
    Why instead opt for the 'kinda seemingly bruteforcing a password in 8 minutes with afaics a few attempts' theory? o_O
    Anyone 'In-the-know' who can shed some light on this?
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I'm sure i read that one of the AV vendors had grabbed ALL the data from at least one of the servers ? If so they have plenty of juice ;) Not that i expect them to spill All the beans though, to us anyway :p

    However they did say that they would publish more info later, still waiting !

    Yeah, but as i've signed the Official Secrets Act, i'm sworn to secrecy, & if i did tell you i'd have to kill you :eek: Only kidding ;)
     
  5. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    I'm not in the know but interesting comments by posters in your link particularly coming from users Jesse Carter and Sam Crawford.
     
  7. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Interesting for sure! Thanks for reminding, Trismegistos.
     
  8. cozofdeath

    cozofdeath Registered Member

    Joined:
    Dec 18, 2011
    Posts:
    6
    Location:
    USA
    This crap is scary:ninja:
     
  9. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    62
    Pure speculation of course, but I'll add a comment; I have heard rumors of some information disclosure vulnerabilities that leak a single next-bit at a time. Most system administrators will lock down the CentOS servers with an iptables rule to slow down brute-force against the SSH daemon. Such as:


    If we were able to obtain a single bit at a time... and we know there are 8 bits to the byte... we could get 1 character of the password per minute.

    Server "B" in Germany was brute forced in 8 minutes and would imply an 8-character password in our little fantasy scenario. :)

    Best Wishes,
    -MessageBoxA
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.