Washington DC Surveillance Hackers Arrested
Read the full report here
There is no evidence that points to the hackers specifically targeting surveillance equipment, or Genetec, nor did they have any interest in the live or recorded video on the recorders.
Yes, just targeting Windows.
I would say it was targeting stupidity, or laziness, more than Windows. How long would you guess it has been since those Server have been updated?
This will probably be enough to get my boss to listen to me. Thanks for sharing.
I'm floored that the customer didn't require the contractor to use a VPN and that the hackers used rdp to get in - that's almost as low tech as using default passwords!
At what point do we actually use the word "negligent"? What I'd love to know is whether there was anything in the specification requiring any baseline of network security or whether this was purely the integrator leaving the system open.
Unfortunately whoever is at fault would probably claim (correctly) that this is an accepted practice in the security business.
Do you think an exposed rdp port is more or less vulnerable than a cameras exposed http port?
I would say they are close to no different, but RDP is probably scanned for more frequently which means is it probably more of a vulnerability if my assumption is correct.
I would argue that depending on a contractor to secure your critical networks is a bad idea from the start. You should have competent professionals on staff to not only enforce standards on these contractors, but also to test what they install and verify it meets all appropriate protective measures.
Both are an issue - if the bad guy knows rdp vulnerabilities then he can probably get everything he needs to know off a service like Shodan. A hack using rdp would likely give the bad guy full control of the system in question - a hack of a camera would usually only give you access to the device.
Which is more vulnerable? Based on a quick Shodan search, cameras are certainly more plentiful... a rdp hack would be more destructive.
The issue with this is that anything (like RDP) that isn't essential to the operation of the system should be blocked by the firewall.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.