The Limited Times

Now you can see non-English news...

Anonymous activists uncover serious shortcomings in web hosting

2021-11-12T17:26:15.810Z


Actually, Anonymous activists only wanted to hijack Attila Hildmann's side. But they also attacked a German web host and discovered security gaps and poorly secured data.


Enlarge image

Anonymous activists at a demonstration (archive image)

Photo: Glenn Hunt / Getty Images

Just a few days ago, Attila Hildmann put his new website online after Anonymous activists hacked the old site and took it offline in mid-September. Now, late on Monday afternoon, there were again problems for the former vegan chef: "Oops we did it again", wrote Anonymous activists on the Telegram messenger service and referred to Hildmann's website. There was a cover version of the song of the same name by Britney Spears and the well-known Anonymous mask, instead of advertising for Hildmann's online shop and his Telegram channel, on which he spreads right-wing extremist agitation. An error message has been appearing on Hildmann's website since Tuesday morning and also on Friday morning.

To paralyze the site, the Anonymous activists attacked the Berlin web hosting company ProSite.

In addition to Hildmann's page, their systems also contain the pages and data of many other, uninvolved customers.

The activists apparently got a foot in the door of the ProSite systems by exploiting a vulnerability in the web space of a single other customer.

From there they were able to penetrate deep into the internal systems, which apparently were not armed against such an attack.

The attackers were also able to call up personal data such as addresses and credit card details of the customers in plain text - including the CVC codes that are used to authorize online payments with credit cards.

"This is a pasta strainer, but not a hoster," the attackers wrote on Monday evening in a blog post in which they admitted to the action.

The ProSite homepage itself was temporarily unavailable on Monday evening, and the company's hotline has apparently been overloaded since the incident.

ProSite has now confirmed the vulnerability.

Anonymous hackers can read emails

The credit card database found by Anonymous was not stored in accordance with the General Data Protection Regulation and has now been deleted, the company wrote in a statement days later.

Countermeasures were initiated and "the affected systems were immediately disconnected from the network and encapsulated."

Until Wednesday morning, however, Anonymous activists were able to read e-mails that were sent to an info e-mail address from ProSite, as SPIEGEL was able to verify. The Anonymous activists themselves spoke of “full access to ProSite”. You could also see recordings from security cameras and access the air conditioning settings of the data center and other internal systems.

The Anonymous activists told SPIEGEL that their target was only Hildmann, not ProSite's customers.

“The security gaps and conditions discovered at ProSite were 'bycatch' for us”.

The problems, however, are so serious and acute that they have been made public in an “anonymous way” ”.

In contrast to what is common in IT security circles, the vulnerability was not reported to the company or the authorities before the Anonymous blog post was published.

Alluding to security researchers who report newly discovered security gaps to the companies concerned and are therefore referred to as "white hat hackers", a member of Anonymous Germany wrote to SPIEGEL via email: "Anons are not white hats".

You do not feel obliged to make reports of this kind, but also do not categorically rule it out.

Large companies also work with Speedbone

The Berlin company Speedbone is behind ProSite.

Until the incident, this also listed large companies such as Vodafone, Telefónica or Strato as partners on its own website.

As a data center operator, Speedbone not only hosts websites via ProSite, but also offers larger companies what are known as carrier and colocation services, with which they in turn take care of network operations or their own Internet offers.

The services for so-called colocation customers were, however, "unaffected by the incident," said ProSite.

Criticism of reaction from ProSite

The Anonymous activists of the Anonymous Germany group, who have repeatedly attacked conspirators and right-wing extremists in the past, criticized ProSite's reaction to the hack.

A "serious part of the statement" is missing: ProSite and Speedbone should inform their customers about what specific protective measures their corporate customers, who could also be indirectly affected, should now undertake.

This includes, among other things, changing passwords and so-called API keys, i.e. access keys for special interfaces.

So far, it remains unclear whether Speedbone or ProSite have also informed their customers directly by email or have only published a statement on their website.

The company has so far left requests from SPIEGEL unanswered.

CEO posted right content on Facebook

After the incident, activists pointed out that Ulrich Eckhardt, Managing Director of Speedbone, is said to have spread right-wing extremist and vaccine-critical content on his Facebook page.

Accordingly, he shared contents of the magazine Compact, described the pandemic as part of an emergency plan and spread conspiracy myths.

At least that's what you can see on screenshots posted by activists on Twitter.

At the end of the statement on the ProSite page, the managing director apologized "for inappropriate or misleading postings" on his private Facebook page.

He has now deleted the postings and his personal Facebook account.

As a company, they want to distance themselves from racism or anti-Semitism and stand up for “diversity, freedom of expression and the promotion of minorities”.

Only recently, a former refugee successfully completed his training with the company and was then taken on for an unlimited period, ProSite said in the statement.

A spokesman for the Berlin data protection officer confirmed to SPIEGEL that it is currently examining a report about the data breach from ProSite.

Source: spiegel

All tech articles on 2021-11-12

You may like

Life/Entertain 2024-02-26T15:34:04.940Z

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.