IT Professionals, Guilty

Julio_Geordio · May 20, 2021, 10:46pm

I wonder was it some IT guy

TreatyStones · May 20, 2021, 10:49pm

Older systems are a lot more vulnerable to attacks that can pull passwords etc from memory. So if bridie in accounts, running Windows 7, opens a dodgy attachment that program could extract any passwords from memory and maybe pull an admin account.

It also wouldn’t surprise me if people had admin rights to their systems.

EstebanSexface · May 20, 2021, 10:52pm

Just that system though. It should be locked down with GPO if domain joined and should 100% not be domain admin. They got onto a network share through some bodies account I’d say. 700gb isnt massive

Massey · May 21, 2021, 5:48am

That’s how Sony were hacked,some fella opened an email for a job application with an “attachment” for a cv and boom.Theres a good podcast called The Lazarus Project on the BBC about it.

ironmoth · May 21, 2021, 5:54am

Julio_Geordio · May 21, 2021, 6:08am

Did he get the job after?

Massey · May 21, 2021, 6:09am

He didn’t

Julio_Geordio · May 21, 2021, 6:10am

That sounds like the security protocol is too complicated. Which they reckon is now as bad as too simple, for exactly that reason

PhattPike · May 21, 2021, 6:14am

What, the password is written on a sticky note stuck to the screen? Is the fob stuck to the screen as well?

TreatyStones · May 21, 2021, 8:29am

Often what they will do is initiate some kind of fault or error on the PC, so that the end user calls IT support and someone logs onto the machine with an administrator account. They then use those details to attempt to access other machines on the network.

EstebanSexface · May 21, 2021, 8:55am

how can they get credentials from someone logging in? Do Microsoft store credentials in plain text somewhere in their registry?

I only use Linux because Microsoft is a hackers dream

TreatyStones · May 21, 2021, 11:01am

There’s an application called Mimikatz that can dump the creds or even just the hashed creds from memory. They have mitigated against it to some extent with the new versions of Windows 10, but it would be trivial to do it with Windows 7. It’s pretty much the first tool any hacker will run on a system once they get access.

Ambrose_McNulty · May 21, 2021, 11:13am

Exactly, people think they need the password, all they need is the token and they can do what they want for 14-24 hrs.

Copper_pipe · May 21, 2021, 12:02pm

Apparently some DDOS attacks planned for today.

tazdedub · May 21, 2021, 12:05pm

It was nice of the hackers to send the encryption to the HSE for them to unlock the computers.

EstebanSexface · May 21, 2021, 12:13pm

a credssp token?

Tim_Riggins · May 21, 2021, 12:33pm

What’s the story with this stuff going up online before they do it? Trolling and showing off?

Copper_pipe · May 21, 2021, 12:36pm

Basically yeah. They’ve redacted the info on anything they’ve published to date.

They want 20 million from the HSE but they’d accept a much lower sum for someone looking to buy the data on the Dark Web.

KinvarasPassion · May 21, 2021, 2:07pm

If the Russians put a nice usable web interface on it then some people might actually be able to find out who their birth mothers are.

Copper_pipe · May 21, 2021, 4:55pm