December 21st, 2009, 02:43 PM
Access to system
I have access to a system. I know the VPN password and I am in. I have local admin rights on one of the servers. I am not malicious and do not want to do anything. I just want to let the proper people, in this case the media know what is going on in this government agencies. What kinda of damage can a hacker if he got into such a system. I need this information to present it to the media. If any one can help it would be appreciated. Just an update. I was the Network Admin. The VPN password was not changed. I used a users credentials and got in to the terminal server and logged in with locally with my old admin password, how incompetent is that. So technically i have not broken in, I just walked right in. I am trying to protect the clients by exposing these incompetent people.
Last edited by monty400; December 21st, 2009 at 04:15 PM.
December 21st, 2009, 03:50 PM
A few thoughts:
1. You have broken the law by accessing that system.
2. You should be notifying that agency that they have a violation, not the media. See point 1.
3. Depending on the agency, with local system access rights you could do a lot or nothing. The local system could be a honeypot with false info in it. Or it could be a very important system that has info that if made public could cause lots of lives to be lost (then point 1 could be changed to treason if you made that info public).
December 21st, 2009, 04:01 PM
I was the Network Admin there. I created that VPN password and it is still used. also this is a terminal box with local admin right with my old password. So it is real. A hacker can install software to capture a host of information. I am not doing this to harm anyone. I just want to point out the managerial idiots that work there.
December 21st, 2009, 05:07 PM
Good question: would you "record" your call to the FBI to report and save the recording in case they are looking for a scapegoat? Or would you report it to a whistle-blowing site like wikileaks.com that is a community of everybody including law enforcement? Your access to the system will get lost in a sea of curiosity.
December 21st, 2009, 05:39 PM
Last edited by nihil; December 21st, 2009 at 06:26 PM.
December 22nd, 2009, 01:36 PM
Access to system
Thanks for your input nihil. No there was not any signing off any security policy.
Yes I was Network Admin. But as for one a Network Admin is responsible for the the security of a Network and management is also responsible to make such action is followed. When a user leaves all access from the network should be terminated. In the case of a systems guy leaving, access to the system should be completely closed; yes all password should be changed. Say I was a malicious person all I have to do is go to hacker bulletin boards and upload information. I am concern for the clients because it seems this agency is incompetent in providing adequate security for their systems thus potentially harming client information.
Last edited by monty400; December 22nd, 2009 at 01:39 PM.
December 22nd, 2009, 08:24 PM
The lack of a documented security policy is certainly a major shortcoming, however, I doubt if the management even realise the need for such a thing. In my experience they tend to rely on their IT professionals to take the lead in that area.
I agree that when an employee leaves then their user account should be closed, and if you are going to fire someone you should do that before telling them, and escort them off the premises. I have known cases where ex-employees have wreaked havoc before their account was closed.
I guess it is not unusual for common passwords not to be changed when someone leaves, but this is for applications that can only be accessed if you have a valid account and access to a local network machine. Stuff like pricelists, inventory specifications and the like. Because these accounts don't have data entry or modification rights this approach is usually considered satisfactory.
Your guys certainly don't understand VPN, but would you expect non-IT people to do so?
I guess the real issue is that even if you can get to the server, what can you do from there? Would it expose any sensitive information?
December 22nd, 2009, 08:44 PM
There is no information on that server its a terminal server but has access to the main database that is web based; software could be loaded, such as hacking software to capture passwords and so on. I just cannot comprehend why these guys would leave such a security hole. If I were malicious and gave this information to a hacker and they were good it would be lights out then client information would be at risk. You are right that I should inform them of it but I would love to report this.
December 22nd, 2009, 10:10 PM
I don't know what it's like with you, but over here the media would only be really interested if an actual breach or data loss had taken place. Other than that they tend to have the same level of IT security knowledge that your guys seem to
That bit is easy..............they just don't realise? As I mentioned, jointly used or common passwords are frequently not respected.
I just cannot comprehend why these guys would leave such a security hole.
If they had a documented security policy with supporting processes and procedures and had failed to follow them you might get more mileage, but they don't, so they haven't broken any rules (apart from common sense)
Once again I would urge you not to go to the media:
1. Whistle blowing can be career limiting.
2. As you were the Network Administrator you were probably a bit too close to the coalface for comfort? Unless, of course, you pointed out the lack of a security policy and procedures and were ignored?
I must admit that I find it rather strange that a government agency of all things doesn't have a policy in this area. We have had a few security breaches over here (UK) but they have generally been because staff failed to follow clearly defined procedures.
Are you sure that gaining access to the terminal server would allow someone to install software? All the ones I have ever used wouldn't let me unless I logged in as administrator.
Also, how secure is the VPN link...........presumably you then log in to applications and databases?..............isn't that encrypted and you would need a valid user ID and password?
Finally, is the client information held in plaintext or is it encrypted?
December 22nd, 2009, 11:03 PM
Yes I have local administrator rights on the server. I login with administrator and the old password I used. Yes you have access to the database with a user name and password of course. Like I mentioned a hacker could have a field day with this. I could just imagine the damage that could be done. I know whistle blowing may effect me more then this is worth. I should just let it go and move on, the place was totally dysfunctional and I am glad they handed me my severance.
Thanks Nihil for your advise.
By rpgraff in forum Spyware / Adware
Last Post: August 24th, 2004, 08:01 AM
By agent.idle in forum Other Tutorials Forum
Last Post: March 12th, 2004, 05:39 PM
By M@rin3 Snip3r in forum AntiOnline's General Chit Chat
Last Post: September 24th, 2003, 03:59 AM
By qwerty_smith in forum Other Tutorials Forum
Last Post: September 23rd, 2002, 06:29 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM