On TechRepublic: 10 cool USB flash drive tricks
BNET Business Network:
BNET
TechRepublic
ZDNet

April 27th, 2006

Slovak National Security Office hacked hard

Posted by George Ou @ 11:57 pm

Categories: Security

Tags:

Zone-H.org is reporting that the Slovak National Security Office was hacked hard by a group of crackers interested in demonstrating that the Slovak "NSO doesn’t know the meaning of the word Security".  The crackers reportedly got access to "20 gigabytes of emails, internal documents, directives etc" along with administrative passwords of critical servers to the desktops to the Cisco Switches and Routers.  The Slovak NSO used the username "nbusr" and the password "nbusr123" on all of their servers and appliances with administrative privileges which was easily guessed by the crackers in the first few attempts.

Though the Slovak NSO tried to downplay the incident by saying that the breach was limited in scope, Slovak television JOJ reporters communicated with hackers and confirmed that the breach was much broader.  To prove their point, the crackers released the detailed configuration file for one of the NSO’s Cisco 2950 switches which means that the crackers effectively own the NSO network inside and out.  In this case, the attackers were simply trying to make a point since they’re the ones that reported the breach but it could have just as easily gone unreported if these had been malicious hackers.

The lesson here is that hacking in to a Business, Organization, or Government network is relatively trivial and a lot more needs to be done to strengthen security.  Most US based Government agencies received low or failing grades in recent years and a British man recently hacked hundreds of computer at the Pentagon, Army, Navy, and NASA from his bedroom in London.  It further illustrates the need for strong authentication and cryptographic tokens and that passwords for the most part useless for good security.  Cryptographic tokens such as USB dongles or Smartcards allow users to share the same physical token for all Servers and Appliances as well and are relatively easy to manage and are extremely difficult to hack.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 6 Talkback(s)
Stronger passwords should be a requirement....
.... dictated by the OS/software.
Higher importance of a network and its data should put higher
requirements on the OS and software itself. Think about swiss
cheese. Who would use a straine... (Read the rest)
Posted by: Mikael_z Posted on: 04/29/06 You are currently: a Guest | | Terms of Use
20 Gb of data  Roger Ramjet | 04/28/06
Look at it like this  nucrash | 04/28/06
Re: 20Gb of data  Scrat | 04/28/06
Great Points  Roger Ramjet | 04/28/06
Too true.  Scrat | 04/28/06
Stronger passwords should be a requirement....  Mikael_z | 04/29/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads