dChan - Q Origins Project Archive

https://t.me/KanekoaTheGreat/5593

KanekoaTheGreat, [28.08.22 23:08]

"During the course of probing one such software provider, in early 2021 Gregg and his team stumbled across an IP address for a server that was purportedly associated with a company named Konnech, at least according to the records of services that track IP address ownership and location.

That IP address, it turns out, was located in China—it was evidently used by some instances of the software application for a period of time, before switching to a new IP address in Grand Rapids Michigan.

Geolocation tools that I used suggest that the server that was hosting this address in China was somewhere near Hangzhou, possibly somewhere near Zhejiang University…

While Gregg and his team were investigating, they ran some routine cybersecurity checks to see what services were being used by that Chinese IP address to determine what was behind it. One of these routine “scans” showed a port on that IP address—27017—that is typically used by a database application called “MongoDB”…

A common practice for cybersecurity professionals who are exploring a network is to “test the locks” when they find “open windows or doors” as they walk around a “building” of interest, and in this case, they did a quick check on the MongoDB port (“rattled the windows”) to see if it responded.

When it did, they next tried a pretty basic thing: they tested to see if they could log into it with the default, “out of the box” username and password. That would be a pretty dumb thing for the owner of this machine to have left in place, but it is surprisingly common.

In other words, as the cyber team rattled the windows and doors, they found a boneheaded error on the MongoDB installation that only a novice would be expected to make. The doors and windows weren’t even locked. In fact, they were wide open.

You see, when MongoDB is freshly installed, it doesn’t have proper security rules set up to restrict who can read and write data into it; unless the person configuring that MongoDB installation takes the extra necessary steps (and knows how to do it), MongoDB either has NO password, or the default password which is… well, you can probably guess. “PASSWORD”.

So Gregg’s team was able to “walk in the front door”, as it were, because there was no lock on the door, and “look around the place.”

What they found was shocking: they found data that included personal details of nearly 1.8 million US poll workers. Details like their names, phone numbers, addresses, etc. Even the names of family members: things that might routinely be collected when you hire someone and issue them a paycheck.

But they also reportedly found rich details about where election machines were located, including floorplans of buildings used in elections. Nominally, this information would be of use by the election agencies, because the application they were using helped them track their election machine inventory.

But none of this should have been left out in the open for just anyone to see; and it sure as hell shouldn’t have been done in China."

https://cognitivecarbon.substack.com/p/mongodb-what-is-it-and-how-did-it

Follow @CognitiveCarbonPublic

@KanekoaTheGreat