Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

48 comments

Probably old information (5, Informative)

suso (153703) | about 2 years ago | (#38216676)

1000+, I don't think so:

grep Password united_nations_hacked_by_trick_-_teamp0ison.txt | grep -v 000 | wc -l
584

I'm excluding the 000 passwords as being their actual passwords.

grep Password united_nations_hacked_by_trick_-_teamp0ison.txt | grep -v 000 | awk '{ if (length($4) < 6) { print $4; }
131

That's 131 of the passwords are less than 6 characters. I'm guessing these passwords are very old, before better security measures were put in place.

Re:Probably old information (4, Interesting)

suso (153703) | about 2 years ago | (#38216712)

Sorry, that last one got messed up:

grep Password united_nations_hacked_by_trick_-_teamp0ison.txt | grep -v 000 | awk '{ if (length($4) < 6) { print $4; }}' | wc -l

Re:Probably old information (1)

Anonymous Coward | about 2 years ago | (#38216936)

UN. Secure. Not.

Can't count how many times I've run across confidential UN stuff without even trying. Literally, WITHOUT EVEN TRYING. It's like the info just falls into your lap.

Security? That's a joke, son.

Re:Probably old information (1)

suso (153703) | about 2 years ago | (#38217012)

Ok, that's easy to just casually say. Now prove it. If its really that easy, do your duty and show everyone.

Re:Probably old information (3, Informative)

MacGyver2210 (1053110) | about 2 years ago | (#38217208)

Google "UN Internal Use Only" and "UN Confidential" and you will probably find at least a few documents that you shouldn't.

Re:Probably old information (5, Funny)

Anonymous Coward | about 2 years ago | (#38217472)

If they're unconfidential, what's the problem?

Re:Probably old information (1)

Anonymous Coward | about 2 years ago | (#38217852)

mod parent hilarious

Re:Probably old information (1)

dotancohen (1015143) | about 2 years ago | (#38218024)

Google "UN Internal Use Only" and "UN Confidential" and you will probably find at least a few documents that you shouldn't.

Right, internal use only. That is where UN IT security practices are, up their... er... for internal use only.

Re:Probably old information (1)

loustic (1577303) | more than 2 years ago | (#38224002)

Google "UN Internal Use Only" and "UN Confidential" and you will probably find at least a few documents that you shouldn't.

5th link point to this page :)

As usual... (3, Insightful)

ackthpt (218170) | about 2 years ago | (#38216682)

It's more a story of bad security practices than brilliant exploits by 12 year olds.

Re:As usual... (0, Interesting)

Anonymous Coward | about 2 years ago | (#38216792)

Well of course nothing of value was leaked - you could have their HQ blown up and nothing of value would be destroyed either (in fact, the GDP of every country on Earth would likely rise).

Re:As usual... (2)

mr100percent (57156) | more than 2 years ago | (#38223530)

Why is the troll getting modded up?

Look, the UN has made some glaring mistakes in the past, but overall, in 50 years it's averted several wars and organized the international community to usher in new public health practices and economic cooperation. It's peacekeeper efforts are successful most of the time, and its humanitarian assistance in places like Haiti saved plenty of lives. Net positives.

Re:As usual... (0)

Anonymous Coward | more than 2 years ago | (#38227024)

"it's averted several wars"

what was averted is impossible to know for sure.

"in new public health practices and economic cooperation"

economic exploitation? ...
Haiti? Haiti was a joke, donors were helping the military in the region, not the people.

Re:As usual... (2)

dotancohen (1015143) | about 2 years ago | (#38217998)

It's more a story of bad security practices than brilliant exploits by 12 year olds.

That _is_ the entire story. Nobody is saying that XYZ 1337 hacker group is evil and needs to be stopped. The security community is saying that it is about time that large organizations take security seriously.

Re:As usual... (1)

Curunir_wolf (588405) | about 2 years ago | (#38218824)

It's more a story of bad security practices than brilliant exploits by 12 year olds.

That _is_ the entire story. Nobody is saying that XYZ 1337 hacker group is evil and needs to be stopped. The security community is saying that it is about time that large organizations take security seriously.

This is the UN we're talking about. They don't take anything seriously except themselves. And it's reciprocal for the rest of us.

First Post (-1)

Anonymous Coward | about 2 years ago | (#38216692)

First leak!

Not Mutually Exclusive (5, Insightful)

bengoerz (581218) | about 2 years ago | (#38216730)

Judging by some of it's past inactions, it is arguable that 1,000+ UN accounts do not comprise anything of value.

Re:Not Mutually Exclusive (2)

ackthpt (218170) | about 2 years ago | (#38216822)

Judging by some of it's past inactions, it is arguable that 1,000+ UN accounts do not comprise anything of value.

and while you're cleaning up the men's room on the east end of the 4th floor, see what you can do about that smell Ahmadinejad left behind - someone should warn him about eating street cooking.

Ah, yes. Stuff of critical world import! This stuff is gold!

Re:Not Mutually Exclusive (2)

forkfail (228161) | about 2 years ago | (#38216916)

Isn't inaction the whole point?

It's action that's the problem. Action leads to escalation, which eventually, leads to nukes if left unchecked.

Inaction - having a governor on things - may not always produce the world you want, but it keeps this one from death by atomic fire and nuclear winter.

Re:Not Mutually Exclusive (1)

Baloroth (2370816) | about 2 years ago | (#38217170)

Inactions of dictators and governments, are usually a good thing. Not so for an organization that is supposed to hold dictators and governments back. Then it only makes things worse, because actions cease to have consequences, especially if the governments of the world rely on the UN to resolve the situation, which they often do. Well, except Israel, and the US for the past few years. Israel wouldn't exist anymore if it relied on the UN.

Re:Not Mutually Exclusive (1)

forkfail (228161) | about 2 years ago | (#38217854)

I'd propose that they do hold the dictators and governments back by having their representatives sit around and talk and talk and talk and do nothing else.

Sure, that means that the UN itself isn't taking action, but if that's the price we pay to not have a nuclear war, I'm absolutely good with paying it.

Re:Not Mutually Exclusive (1)

Obfuscant (592200) | about 2 years ago | (#38218202)

I'd propose that they do hold the dictators and governments back by having their representatives sit around and talk and talk and talk and do nothing else.

I'm not clear from the way you said this whether you are proposing that they do this in the future, or that you are proposing that the idea is they are doing this already.

Either way, having representatives sit around and talk and talk and talk does absolutely nothing to stop a dictator or other government from doing anything. The representatives of dicatators only job is to sit around and talk and talk and talk trying to delay any action against the dictator, which frees the bad guys up to do what they want while the UN fiddles.

Sure, that means that the UN itself isn't taking action, but if that's the price we pay to not have a nuclear war, I'm absolutely good with paying it.

You assume that the UN is a price we have to pay to prevent nuclear war, something that is far from a reasonable assumption. As I recall, the UN talked and talked and talked the entire time every country (who has done so since the UN was created) developed their nuclear arsenals.

Are the passwords plaintext, or hashes? (1)

JSBiff (87824) | about 2 years ago | (#38216738)

It's not clear whether the passwords are plaintext, un-salted hashes, or salted hashes. plaintext and un-salted would be pretty bad. If the passwords have a long random salt, they would resist rainbow-table attacks, I think?

Re:Are the passwords plaintext, or hashes? (1)

Smallpond (221300) | about 2 years ago | (#38216828)

Actually, it is pretty clear they are plaintext since the file is linked to the article.

Re:Are the passwords plaintext, or hashes? (2, Informative)

Anonymous Coward | about 2 years ago | (#38216836)

http://pastebin.com/FEcE9WzJ [pastebin.com]

Look plaintext to me, but also look old.

Re:Are the passwords plaintext, or hashes? (2)

tqk (413719) | more than 2 years ago | (#38224022)


Look plaintext to me, but also look old.

And a whole lot of stupid:

Email Address -: loh333@aemail4u.com
Password -: loh333
Username -: loh333

Email Address -: c.inayatullah@undp.org
Password -: inayat
Username -: Inayat

Email Address -: hamed.mobarek@undp.org
Password -: hm
Username -: Hamed 9

Email Address -: seyhan.aydinligil@undp.org
Password -: seyhan
Username -: seyhan

Email Address -: maryanne.kelly@ons.gov.uk
Password -: 000
Username -: Maryanne Kelly

 
... I could (probably) go on. It looks like they mostly assumed a UN login ID was pretty much a throwaway ID (minimal security, at best). I'm sure their people out in the field would appreciate their monumental indifference.

Explains a lot as to why this stuff was so easily cracked/hacked. Neither the UN nor its users cared, or maybe they just expected that it would eventually (inevitably?) be cracked.

We need a hero (4, Funny)

Hentes (2461350) | about 2 years ago | (#38216758)

Quick, someone log in with all of them, and announce World Peace!

Re:We need a hero (1)

Anonymous Coward | about 2 years ago | (#38217592)

Riiight... cause that would change everything.

Log in there and install as many backdoors as you possibly can! Loggers, rootkits, whatever you can!
Let us watch those fuckers!
Privacy is for private people. Governments must be open. Otherwise they are illegitimate. Never the other way around.

(Or just give them CarrierIQ phones and at best also infiltrate CIQ.)

security 101 (0)

Anonymous Coward | about 2 years ago | (#38216786)

How on earth did they get plaintext passwords? Nobody who knows the slightest bit about security stores plaintext passwords anywhere.

Re:security 101 (1)

gmuslera (3436) | about 2 years ago | (#38216914)

Planting keyloggers, or sniffing the network for trivially encripted passwords (i.e. proxy passwords), or setting a fake server where they should authenticate are a few easy alternatives to obtain passwords in unencrypted form, no matter how they are stored in the authentication servers.

The BBC has a bit more ... (2)

glrotate (300695) | about 2 years ago | (#38216966)

The BBC has a bit more, including a denial that anything of value was compromised.

It's the UN. Doesn't that go without saying?

Re:The BBC has a bit more ... (1)

AdamJS (2466928) | about 2 years ago | (#38217238)

What, blank denial, or the idea that they communicate anything of value?

Re:The BBC has a bit more ... (-1)

Anonymous Coward | about 2 years ago | (#38217696)

They're just subtly suggesting exactly what everyone else with half a brain thinks about Anonymous -- nothing of value. These aren't hackers, they're a bunch of script kiddies that pool money together to buy access to botnets and flood servers. That's all. Oh, of course they have their "LOIC," but that's just to detract attention away from themselves, hide themselves amongst the crowd and let people who didn't know any better go to jail. Remember all the warnings that Anonymous spewed about them taking down Fox News on November the 5th (reinforcing their ridiculous V for Vendetta fetish, since I doubt any of them knew who Guy Fawkes was before the movie came out)? Remember what happened? Nothing. Fuck all. Remember when they said they were going to disrupt the New York Stock Exchange? Yeah, that didn't happen either. You know why? They weren't capable of doing it, that's why. Anonymous makes claims that they're some kind of guerilla army on the Internet and it just doesn't match up with the facts, or their NUMEROUS failures to actually accomplish anything close to what they claim.

"We are Anonymous." Yeah, up until your members get arrested, which has happened quite frequently the past few years. I don't see you jumping to protect them. Oh yes, except for that incident where people in #anonops pretended to be Zeta's and threatened their own members, putting on a show to try and convince people that Anonymous were powerful enough to negotiate a deal with one of the most scary criminal organizations on earth -- they weren't. They didn't have shit. It was all a show, more ego-stroking, but the media lapped it up.

"We are legion." Well if a couple of losers sitting around in #anonops constitutes a legion then...fuck that, it doesn't. It's exactly what it is, a bunch of basement-dwelling sociopaths inflating their own egos on an IRC channel.

"Expect us." Expect you to do what, exactly? Post a pastebin instructing a bunch of script kiddies to flood a site and then claim the credit for it, or better yet, claim something "big" is going to happen and then nothing does? The only thing I expect out of Anonymous is a bunch of masturbatory bullshit.

"Respect us." Yeah...I don't think so. You're a bunch of fucking punks. Punks who have the audacity to believe that their little blip-on-the-radar attacks that don't even last more than a few hours (some of which aren't even effective at all).

Re:The BBC has a bit more ... (1)

renedox (866133) | about 2 years ago | (#38220454)

Nice rant except, it wasn't Anonymous.

Re:The BBC has a bit more ... (0)

Anonymous Coward | about 2 years ago | (#38217700)

Yes.

Thank you TeAmPoIsOn (3, Insightful)

demonbug (309515) | about 2 years ago | (#38217076)

If there is one thing that will result in the UN stepping in to places like Darfur, Rwanda, and Yugoslavia, clearly it is having email accounts and login credentials spread around. If only T3amP01s0n had been around in the 1940s they could have... um... published UN mailing addresses and lock combinations to prevent the creation of Israel and the disposition of the Palestinian people (? - did they mean dispossession, or do they mean that the UN creating Israel is responsible for Palestinians' bad dispositions?). Thank god for groups like TEAmpoiSON who are working to make the world a better place through releasing such incriminating information on a truly evil organization - clearly a blow for freedom!

I just don't understand the thinking behind actions like this, especially with respect to the groups stated reasons. The UN failed to step in to prevent genocide(s), so we are going to try to harm, embarrass, or destroy the institution... because then, there wouldn't be an institution failing to act in such circumstances, which is clearly a better alternative! And also, Israel!!

Of course nothing of value was compromised (0, Insightful)

Anonymous Coward | about 2 years ago | (#38217096)

You need to have something of value in order to compromise it. The UN is worthless,

Re:Of course nothing of value was compromised (2)

Curunir_wolf (588405) | about 2 years ago | (#38218882)

You need to have something of value in order to compromise it. The UN is worthless,

Sure. But, just like Pinky and the Brain, they have a plan [un.org] .

Not Supportive! (1)

Kamiza Ikioi (893310) | about 2 years ago | (#38217274)

I can't honestly comprehend what the use of hacking the UN is. First, it can do little except what the majority of nations or the Security Council tells it to do, and of that, there is not much. Second, agree with it or not, it is what it is. Hacking it, shaming it, or protesting it doesn't do anything but make it even less effective.

It's not as though they can change, as they have no real power to begin with. And it's not as though there is an alternative. For instance, we might think doing away with lifetime veto memberships might be a good thing, but that is never going to happen. Such nations are not going to pretend they are equal with all other nations.

At least the current UN structure recognizes that world powers exist, and their power needs a diplomatic equivalent.

I'm not defending the UN, but hell, it's all we got, people!

heart of the beast (4, Informative)

xeno (2667) | about 2 years ago | (#38217302)

I used to work for a UN agency and spent a year specifically working on governance reform for IT. The idea that "the" UN has email systems is kind of funny. While some agencies have well-designed, well-run, consolidated communications & IT systems, those are more the exception than the rule. By and large, each agency has multiple divisions or programmes that run their own IT systems with little to no effective oversight. Disparate systems and dependence on abandonware are prevalent. Governance & policies are (*ahem*) lacking in most cases, and enforcement is by and large nonexistent. Tell a Deputy Director that he has to have a password of more than four characters or change it more than once a year? Good luck with that.
There is simply no framework or middle ground for getting an agency or multiple agencies to adopt best practices when their reality vacillates wildly between disasters/getting shot at/real work one day, and political fights/internal corruption/not having enough money to run simple services on the next. While seeing this on pastebin is disappointing, it's not the least bit surprising. It falls more in the category of "someone noticed the door was hanging open and put some mild effort into it" rather than "1337 h@xx0r broke into a fortress."
The sad part is that the likely outcome of this event is a long series of dreary Euro-proper weekly meetings at UNDP and other agencies, eventually resulting in a task force of a dozen people at the Secretariat charged with defining what "fix" means, followed by a slew of small teams at each affected agency to work on the perceived ICT policy, operation, and configuration problems. But no authority will be given to those teams to mandate changes to their respective ICT Chiefs. In 6-9 months a series of changes to security controls will be recommended, but they'll be overridden, redirected, and mangled by their respective IT orgs; in all probability the money & effort will be unrecognizable and the effects negligible. It's like The Office without the slightest hint of humor.

The UN is of no value? (0)

Anonymous Coward | about 2 years ago | (#38217360)

"The BBC has a bit more, including a denial that anything of value was compromised."

Since it was the U.N. that was compromised, can we conclude that the U.N. is not of any value?

Unencrypted on purpose (1)

yakatz (1176317) | about 2 years ago | (#38217676)

As this xkcd [xkcd.com] does a great job of explaining.

ID: ObamaUN (1)

bryan1945 (301828) | about 2 years ago | (#38217932)

PWD: Change

Lusers.. (1)

Paracelcus (151056) | about 2 years ago | (#38218080)

Hiring lusers, with nepotism and cronyism being the dominant hiring criteria for IT staff in the US government as I'm sure is also the case with the UN! It's a miracle this doesn't happen more often.

I have some direct knowledge of this.

I'd say I want to shake "teamp0ison"'s hand... (0)

Anonymous Coward | about 2 years ago | (#38219378)

But I've already done that.

Seriously, why do you people focus so much on such a minor hack, when there's more major hacks going on, such as the social engineering via propaganda done by the government every day?

http://www.uggbootsoutletuggoutlet.com (-1, Offtopic)

wuxiangye (2521690) | more than 2 years ago | (#38222350)

I would like say if you wish to be better,just learn Ugg Boots Outlet [uggbootsou...outlet.com] .For me personally,i’m lose and dispirited, Ugg Outlet [uggbootsou...outlet.com] plenty of perssure on me which make me unbreath,it appears existence doesn’t have significant.I’m so busy for lives ,however when i meet uggs,i’ve transformed.The very first sight of uggs Ugg Outlet Store is thick and ugly, Ugg Boots Online [uggbootsou...outlet.com] i even not realize i’ll be infatuated together. Ugg Outlet Online [uggbootsou...outlet.com] However when i use them,i don’t want to provide them up. Ugg Outlet Store [uggbootsou...outlet.com]

Nothing of Value (0)

Anonymous Coward | more than 2 years ago | (#38228086)

I have a sneaking suspicion that this is actually one of the few times where there nothing "... of value was compromised."

Mostly because there was nothing of any value or worth coming from the UN to hack or steal.

nothing of value (0)

Anonymous Coward | more than 2 years ago | (#38234942)

It is kind of depressing that compromising 1000+ accounts still contains "nothing of value". What does the UN people actually do?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...