I wonder was it some IT guy
Older systems are a lot more vulnerable to attacks that can pull passwords etc from memory. So if bridie in accounts, running Windows 7, opens a dodgy attachment that program could extract any passwords from memory and maybe pull an admin account.
It also wouldn’t surprise me if people had admin rights to their systems.
Just that system though. It should be locked down with GPO if domain joined and should 100% not be domain admin. They got onto a network share through some bodies account I’d say. 700gb isnt massive
That’s how Sony were hacked,some fella opened an email for a job application with an “attachment” for a cv and boom.Theres a good podcast called The Lazarus Project on the BBC about it.
Did he get the job after?
He didn’t
That sounds like the security protocol is too complicated. Which they reckon is now as bad as too simple, for exactly that reason
What, the password is written on a sticky note stuck to the screen? Is the fob stuck to the screen as well?
Often what they will do is initiate some kind of fault or error on the PC, so that the end user calls IT support and someone logs onto the machine with an administrator account. They then use those details to attempt to access other machines on the network.
how can they get credentials from someone logging in? Do Microsoft store credentials in plain text somewhere in their registry?
I only use Linux because Microsoft is a hackers dream
There’s an application called Mimikatz that can dump the creds or even just the hashed creds from memory. They have mitigated against it to some extent with the new versions of Windows 10, but it would be trivial to do it with Windows 7. It’s pretty much the first tool any hacker will run on a system once they get access.
Exactly, people think they need the password, all they need is the token and they can do what they want for 14-24 hrs.
Apparently some DDOS attacks planned for today.
It was nice of the hackers to send the encryption to the HSE for them to unlock the computers.
a credssp token?
What’s the story with this stuff going up online before they do it? Trolling and showing off?
Basically yeah. They’ve redacted the info on anything they’ve published to date.
They want 20 million from the HSE but they’d accept a much lower sum for someone looking to buy the data on the Dark Web.
If the Russians put a nice usable web interface on it then some people might actually be able to find out who their birth mothers are.