Seeweb, chronicle of an attack
The first reports, then the confirmations: in the last three days it has become clear the attack that unknown people have aimed at the users of Seeweb, an appreciated Italian hosting provider, an attack with which many sites hosted by Seeweb have become malware spreaders . Something similar had also happened to other operators in the sector just recently. What appears clear speaking with Seeweb, is that we are facing a new type of attack and, up to now, partially inexplicable .
“What is striking – explains to Punto Informatico the manager of Seeweb, Antonio Baldassarra – is that we are not faced with someone who has exploited some exploits of the systems of the attacked servers, which run more or less half on Linux and half on Windows, but to someone who has had access via ftp with the password, that is, having the password in hand ”. What did those who penetrated those sites had already partially explained yesterday PC safe: on those sites an iframe was deposited that redirects users to a shooter server, in particular Rootkit.DialCall, “with the criminal goal – Baldassarra confirmed to PI – to capture data from users’ computers ”.
We are therefore not faced with an attack by some script-kiddie or defacer intent on penetrating a site and modifying its pages or contents – especially since the analysis of the Seeweb experts on the compromised sites nothing else has been altered – but in front of someone who obtained the ftp login password and used it to distribute malware.
Seeweb has completed an extensive reconnaissance and analysis of the servers, a security assessment from which it emerged that the machines hosting the approximately one hundred compromised sites they do not suffer from known bugs, they are not subject to exploits “not even zero-day at the level of rumors”, emphasizes Baldassarra. Not only that: an analysis of the applications used by users on the affected sites indicated that they do not give the possibility of compromise, nor have cross-site attacks, mass defacements, etc. been detected. “All the attention – explains Baldassarra – is focused on understanding how the passwords were captured”.
From this point of view, thanks to an attack attempt recorded in August, there are many users who, upon Seeweb’s request, had already changed their passwords, which are not stored in clear text on servers accessible from the outside. And sites of users who had long ago changed passwords were attacked.
“All this – underlines Baldassarra – clearly indicates a sort of technological differential in the two phases of the attack. Subject number one, technology number one, is the one who learns the password. Subject number two, on the other hand, carries out a trivial attack, exploiting that password, that is, having little valuable information in hand, such as ftp access, and using it to obtain more valuable information, such as user data “. The feeling of Seeweb, in short, is that those who stole the passwords are not those who then exploited them . A feeling that, if confirmed, could give another, even more disturbing, depth to what happened.
Obviously, it is all but a certainty. “Ftp access – Seeweb explains to PI – is naturally done by compromised servers, typically in Russia or in other places where it is difficult to investigate. Our level of attention on the issue is naturally extreme, to prevent the spread of attacks ”. Seeweb ran for cover by further modifying the password management and modification infrastructure.
“The hypothesis – continues Baldassarra – is that there may be a sniffing of passwords outside our network”. And that’s why you are conducting one search for an element that unites affected customers . “For example – explains the Seeweb executive – to find out if the users involved connect to the Internet through a given operator, or a specific ftp client. To understand all this, the data mining of the logs of all the servers is being done, not so much to understand what the attacker is doing, which has already been determined, but precisely to identify a minimum common denominator among this kind of users “.
Are we facing a criminal organization that uses password sniffers for its own purposes? This is one of the most disturbing hypotheses behind an attack which, given the size of the Italian hosting subjects that are affected, risks becoming epidemic. And is there dialogue between the affected companies? “Of course – concludes Baldassarra – we are discussing together how to proceed”. The hope is to get to the decisive element, to the “way” in which the attack is carried out and the password stolen, in the shortest possible time.
- GDF at school from BSA Experts from BSA, FPM, FAPAV and SKY held the first Sicilian seminars on the protection of intellectual property in Palermo…
- UK, 98% of stolen cells blocked London – Life is hard for those who steal a mobile phone in the United Kingdom: according to what revealed…
- The SIAE does not rule out copyleft A pilot project that will push the SIAE to an unprecedented approach to the concept of copyleft, a world that…
- BenQ M7, armored and with navigator BenQ does not seem to want to stop with the presentation of new models and, after the C30, unveils the…
- Case publishing, government guidelines The case of the new publishing bill approved by the Council of Ministers continues to arouse controversy and discussion. The…
- Siportal.it: here is the band for P2P Siportal announces the birth of LineAdsl.it, a portal conceived for “naked” ADSL sales for those who do not have a…
- AT&T: this is how you spy on a social network That the telecommunications giant AT&T is involved in murky relations with US state espionage in order to protect national security…
- How many feeders do you have? I’ll tell you who you are The mania (or phobia?) Of statistics is also contagious blogger And small webmasters , in the hope of a providential…
- Why fear the Russian Business Network If there is a case in which the word “cybercrime” is particularly appropriate, it is the one that includes the…
- Volume too loud? Infringement of Copyright Edinburgh – Metallic clang, doors creaking, bolts rolling to the ground. In the background a crackling radio, accompanying the work…
- GdF: the pirate companies of Florence In a press release, the Guardia di Finanza of Florence announced that it had carried out a series of inspections…
- The social network for over 60s The English DWP (Department for Work and Pensions) has just launched its social networking site, with the aim of promote…
- Marines connected by P2P radio It’s called WAND, Wireless Adaptive Network Development, and it promises to patch up poor coverage of communications on the battlefield…
- IFPI, no to legal P2P The news had gone around the world because for the first time a local division of the IFPI Federation of…
- Italian ICT is growing, more or less There is a new air among the experts who deal with the numbers of Italian ICT, the trend of the…
- AT&T, 600 free hot spots for California San Diego – Smoke still rises from the wildfires that ravaged California in recent days. AT&T has announced its intention…
- The pin that embarrasses the giant TLC Can an advertising campaign generate, in a mobile operator, such an embarrassment as to force him to apologize? This is…
- Trolltech says goodbye to Greenphone Oslo – Trolltech’s Greenphone, the first smartphone based on a fully open Linux-based software platform, had a very short life.…
- SCO at risk of bankruptcy Lindon (USA) – Three and a half years after launching its legal attack on Linux, SCO Group has initiated proceedings…
- Wikipedia can defame with impunity Paris – France has decreed that the Wikimedia Foundation, which hosts Wikipedia on its servers, is in no way responsible…
- DVD shooting machines throughout the USA Walgreen Co., a pharmaceutical chain operating in the US and Puerto Rico since the beginning of the last century, will…
- OxygenOffice speaks Open XML and VBA Almost exactly one month after the debut of the official version of OpenOffice 2.3, the OxygenOffice project has released its…
- At the end of October the Glofiish X800 E-Ten’s Glofiish X800 PDA-phone will arrive on the Italian market at the end of October, a multifunction terminal that promises…
- StumbleUpon infiltrates the entire network In just under seven months StumbleUpon, the best-known social bookmarking platform, changed ownership and reached 3.7 million users. It is…
- Telecom victim of a 350 thousand euro fraud Bologna – They reprogrammed Telecom Italia switchboards, bypassing their security systems, to make free calls. Tens of thousands of phone…
- Brain waves to enter avatars The most recent developments of brain interfaces Experiments have so far led to the possibility of giving commands to a…
- On Internet2 the future runs at 100Gbps San Diego (USA) – Speeds today unattainable even by the fastest Ethernet local networks, on the next generation American Internet…
- For your sake, no P2P Washington – It’s a question of national security: until further notice, until the competent authorities have declared them safe, better…
- Finland, thousands of compromised passwords They call themselves ZeroPoint and The Magical Pink Bear the crackers who in the past few hours have first violated…
- Jordan, those who criticize in jail It will do two years in prison 62-year-old Ahmad Oweidi al-Abbadi, a former right-wing deputy in Jordan, found guilty by…
- France, this is how P2P is fought Paris – There are many French associations that have accepted the invitation of the newly established anti-piracy commission to put…
- Italy is … cartocratic Once upon a time there was the computer protocol, dematerialization, digital signature and the obligation to use electronic mail within…
- Robots will love men Who has ever hoped to enter into a regular marriage with a robot (or a robot)? According to David Levy,…
- Copyright, the Austrian ax cripples a Canadian site We are not yet in the third world war for copyright, but certainly what happened in Canada proves once again…
- Novell fires the creators of AppArmor Two years after the acquisition of the company that created AppArmor, a well-known security software for Linux, Novell said it…
- Radiohead, free is not enough When piracy is a habit, not even Radiohead’s groundbreaking move can do anything. Potentially free, devoid of any kind of…
- RAI license, all against The declarations of those who take sides against the nebulous sortie of the president of the RAI board of directors…
- ADUC pulls the Telecom jacket Florence – On a war footing with Telecom Italia, ADUC from its observatory reports new problems and complaints raised by…
- RAEE, a conference in Rimini Rimini – The volume of waste from electrical and electronic equipment (WEEE) increases every year at a rate three times…
- Blogger against blogger in the name of Putin Moscow – If the Net is made up of conversations, why let conversations opposing power dominate the scene? Why not…
- Incredible? Even .mobi domains are selling like hot cakes .Mobi domains seem to be enjoying considerable success on the market. During the last Moniker.com auction, three domains for mobile…
- The other connectivity takes off Those who need guaranteed speed and high performance have always not benefited from traditional infrastructures but rely on companies that…
- Bari, netpoint seized Bari – They used the Internet to convey the bets they collected on a series of Italian sporting events and…
- A thong for mom Jammie Bibs for babies, t-shirts, dog clothes, even lingerie. Everyone has the logo stamped ” Free Jammie, Free Everyone “, All…
- Mr. Modchips is guilty London – Neil Stanley Higgs, a 39-year-old Englishman from Bristol who ran the Mr. Modchips site specializing in the sale…
- Hitachi cuts consumption of desktop HDDs San Jose (USA) – Today speed and capacity are no longer the only criteria by which to evaluate a 3.5-inch…
- Alice Flat is now faster. For who? Milan – Telecom Italia presses the accelerator on Alice Flat and announces an increase in the peak download speed, which…
- Who spams pays Twenty-seven months in prison, a $ 180,000 fine, according to AFP, the sentence imposed on a 28-year-old spammer from the…
- IFPI in Ukraine sings victory for 36 songs For the Kiev Court of Appeal, mp3.ua infringed HonestMusic’s copyrights, selling 36 songs from the small record company without authorization.…
- Do you use my news? I’ll sue you To the numerous diatribes that have already emerged due to similar circumstances, we must add the contrast between the Moreover…