Leaked Report Shows United Nations Suffered Hack (seattletimes.com) 32
Sophisticated hackers infiltrated U.N. offices in Geneva and Vienna last year in an apparent espionage operation, and their identity and the extent of the data they obtained is unknown. From a report: An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says dozens of servers were compromised including at the U.N. human rights office, which collects sensitive data and has often been a lightning rod of criticism from autocratic governments for exposing rights abuses. Asked about the report, one U.N. official told the AP that the hack appeared "sophisticated" and that the extent of the damage remained unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. The skill level was so high it is possible a state-backed actor might have been behind it, the official said.
"It's as if someone were walking in the sand, and swept up their tracks with a broom afterward," the official said. "There's not even a trace of a clean-up." The leaked Sept. 20 report says logs that would have betrayed the hackers' activities inside the U.N. networks -- what was accessed and what may have been siphoned out -- were "cleared." It also shows that among accounts known to have been accessed were those of domain administrators -- who by default have master access to all user accounts in their purview. "Sadly ... still counting our casualties," the report says.
"It's as if someone were walking in the sand, and swept up their tracks with a broom afterward," the official said. "There's not even a trace of a clean-up." The leaked Sept. 20 report says logs that would have betrayed the hackers' activities inside the U.N. networks -- what was accessed and what may have been siphoned out -- were "cleared." It also shows that among accounts known to have been accessed were those of domain administrators -- who by default have master access to all user accounts in their purview. "Sadly ... still counting our casualties," the report says.
source (Score:3)
Is slashdot getting revenue linking to a local AP feed with anti-adblock software? Just go direct to the source:
https://www.thenewhumanitarian... [thenewhumanitarian.org]
And the suspect? Like Jerry's girlfriend, it rhymes with a part of the female anatomy.
the suspect? (Score:2)
> And the suspect? Like Jerry's girlfriend, it rhymes with a part of the female anatomy.
(puss) : US
Re: (Score:2)
(puss) : US
Of course the NSA etc spies on the UN, as documented by Snowden in 2015, but not this time.
https://www.cnet.com/news/nsas... [cnet.com]
Re: (Score:2)
More likely it rhymes with lifespan, quran or turbofan.
Take your pick.
Re: (Score:2)
More likely it rhymes with lifespan, quran or turbofan. Taker your pick.
That, or it rhymes with diarrhea, pizzeria, or South Korea.
Or like an orange blowhard once said, "I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK?" But probably one of those rhyming usual suspects.
Re: (Score:2)
UN is short for United Nations, so these "state backed actors" already have accounts in the damn system...
Melodramatic much?! (Score:5, Interesting)
Casualties?!
Reinforced defenses?!
"It's as if someone were walking in the sand, and swept up their tracks with a broom afterward,"
"The skill level was so high it is possible a state-backed actor might have been behind it,"
Good lord man - They hacked in and deleted the logs probably because one of your admins used the password Iamgod#1.
Compare the data to your backups to defend against anything changed (you did keep backups, right?) and if there was any incriminating evidence of human rights abuses that got out that you were sitting on then maybe that's a GOOD THING.
Re: (Score:2)
This is why you have a SIEM and a backup server separate from everything else, perhaps even using WORM tapes so logs can't be tampered with without physical help. On the UNIX side, a secure syslog box with everything locked down would ensure that this doesn't happen.
SIEMs are not rocket science. Nor is having them separate from the rest of your network structure and having their own backup system.
Re: (Score:1)
I thought everyone still directed logs directly to a dot matrix printer?
Re: (Score:3)
It's not the printer that makes it expensive. It's finding a computer with a Centronics parallel port.
Re: (Score:2)
It's not the printer that makes it expensive. It's finding a computer with a Centronics parallel port.
And the annual support and maintenance contract.
Re: (Score:2)
I thought everyone still directed logs directly to a dot matrix printer?
I believe in rock-solid security, so it's cuneiform tablets or nothing. My logs will last for thousands of years.
Sophisticated (Score:2)
Sophisticated? Sounds run-of-the-mill to me (not well protected assets hacked by those with some skills). Maybe they have some other evidence of the hackers munching on toast points with caviar while listening to aa collection of arias by Verdi.
Re: (Score:2)
Yeah - no kidding. My personal email server (with a whopping 2 email addresses) was under CONSTANT attack from Chinese, Vietnamese and Russian IPs trying all sorts of common exploits along with a brute force password attack (1 attempt with a common username/password combo every minute). (I finally got tired of the hassle and just run a service for $10/year with my registrar)
I had my username/password stolen in some big hack but I had updated all my important accounts with fresh passwords (and unique ones
Re: (Score:2)
Good lord man - They hacked in and deleted the logs probably because one of your admins used the password Iamgod#1.
It's the UN. They're not exactly known for skill or competence. For much of their organization, positions are simply gravy train jobs for member states, often hired or appointed more for political reasons than skill or actual expertise. Some of their orgs have top-notch people. The World Health Organization, for one. But much of Turtle Bay is filled with bureaucratic leeches and hangers-on.
Double hack! (Score:3)
How did the leaked documents get out?
Re: (Score:2)
How did the leaked documents get out?
Leaks are usually intentional. Leaks are used to promote a certain narrative or send a particular message, when using official channels would be politically complicated. More often than not, they do not occur due to intrusions or a lack of security. When information gets out accidentally they call it a hack.
Re: (Score:1)
I get sick to my stomach everytime I see mainstream publications writing articles about anything infosec related. They are peddlers of state propaganda only.
It was only after seeing reports from multiple news agencies about two different cases that I had direct knowledge of that I truly believed that journalists write/say whatever the hell they want. My boss gave them a very detailed but layman-appropriate quote on tape about how MS Blaster works, and they just ran with whatever scary nonsense they decided made them money and used a clip of him saying something like "it can propagate without human action". None of his talk about mitigating the worm, or anythi
Re: (Score:2)
I get sick to my stomach everytime I see mainstream publications writing articles about anything infosec related. They are peddlers of state propaganda only.
You are a peddler of anti-media propaganda. Mainstream publications, in most cases in most countries, are not beholden to government interests.
Typo in summary (Score:2)
The summary states "the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for exposing rights abuses" when it should state "the U.N. human rights office, which has on it many countries with autocratic governments which enable rights abuses". Such as Libya, Sudan, Venezuela, India, Philippines. At least the USA isn't on it any more, and the chairman, Saudi Arabia, is finally off too.
The UNHRC is a joke. It is anti-Semitic and does nothing but bash Isra
Re: (Score:2, Troll)
The UNHRC is a joke. It is anti-Semitic and does nothing but bash Israel at every turn. It has resolved more resolutions condemning Israel than the rest of the world combined. It's secret when anyone files a complaint, so nobody knows what's corruption is going on.
The real joke is you folks who think no one can ever possibly question the government of Israel or call them on their oppressive policies, their corruption, or their war crimes, without being anti-semitic. I have nothing against Jewish people (yes, I have Jewish friends and family members), nor the people of Israel, nor any religion, nor the people of any religion, and having a problem with what the Israeli government doesn't necessarily make me anti-semitic. You speak of corruption yet you give Israel a pa
Sand Tracks??? WTF (Score:1)
Actually, a skilled operator would have restored the logs to a state including all activity not-related to the incursion; left no traces within the compromised systems and the only (perhaps) discoverable traces would have been differences in total volume of network packet traffic as defined via the falsified logs and external network hardware/actual packet volume.
So, maybe this is a somewhat adept intrusion, but certainly not best skilled and only nation state type action. Plan B for that kind of hack; inst
UN has no data of value (Score:3, Insightful)
Re: (Score:2)
Sophisticated hackers my ass, someone opened an email attachment or clicked on a malicous email.
Inside man with a flash drive.