Hacker with the nickname LMonoceros published on Habré an article describing numerous vulnerabilities in the computer system of Russian Railways. He was able to remotely access the company’s public proxy server and through it entered the computer network.
LMonoceros found out that anyone with minimal knowledge of information security could have access to tens of thousands of devices on the internal network of Russian Railways:
– IP phones
– Server IPMI interfaces
– Interfaces of virtualization systems (through them you can pick up the virtual servers themselves and their contents with personal data)
– Service interfaces
LMonoceros found broadcasts from about ten thousand cameras at various facilities of Russian Railways (including inside offices), servers with IP telephony, internal documentation (for example, presentations describing the device of railway stations) and many other data that should be kept secret … He also found traces that he was the first to penetrate the computer system of Russian Railways – it could have been secretly exploited by hackers for a long time.
LMonoceros suggested that the problem is related to the poor performance of the IT department of Russian Railways. The specialists did not bother to change the standard passwords on the network equipment, did not configure data leakage protection, and did not organize the detection of external attacks.
Russian Railways specialists contacted the hacker LMonoceros and, together with him, eliminated the discovered vulnerabilities in just a few hours. Company approvesthat the personal data of the holding’s clients did not leak, there is no threat to the safety of train traffic. Russian Railways also recalled that illegal access to computer information is a criminal offense (but did not explain whether the actions of LMonoceros fall under a criminal article).
*The article has been translated based on the content of iGuides.ru by www.iguides.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!