/ SECURITY WATCH

ISP Misconfiguration Nightmare

Popular articles

21 / 01 / 2017

ISP Misconfiguration Nightmare

In what could have been a worst-case scenario, an ISP unwittingly put its entire infrastructure at risk through faulty backup security.

Kwic Internet, a Canadian Internet Service Provider, accidentally exposed terabytes of data to the public internet through synchronization services that lacked authentication. This data trove included credit card numbers and expiration dates, many dozens of MySQL databases, internal company email archives, client email archives, and mountains of passwords scattered throughout.

Curiously, one of the database backups for Annex Media Publishing, a Kwic client, contained the details of all 38 million breached Ashley Madison accounts. What is a publishing company doing with the Ashley Madison dump? Steve Ragan, of CSOOnline (http://www.csoonline.com) hasn’t been able to get an answer about that from the company.

I’m calling this a near-worst-case-scenario due to only small evidence of infiltration by malicious entities. An r57 PHP shell was located within these backups, which suggests that bad guys have been able to gain at least moderate access to the live production side of one or more Kwic servers. I also saw plenty of support emails discussing clients claiming their websites, hosted by Kwic, were hacked.

If someone with criminal intent had indeed found this motherlode, and really wanted to cause trouble, they could be combing through the mountains of backed up emails in which Kwic staffers regularly pass along plaintext customer passwords. Here’s a censored sample:

 

All done.

Site is dev.securitypages.ca

FTP:

Username:    securitypages

Password:    [CENSORED]

 

MySQL:

Database:    securitypages

Username:    securitypages

Password:    [CENSORED]

 

Thanks,

KWIC Internet

Support Services

As an American, I must admit I’m not entirely familiar with Canadian breach notification laws. However, if there is any kind of mandatory reporting, this could quickly turn into a real nightmare situation. Not only would Kwic need to notify thousands of business and residential clients, those clients would then need to turn around and notify all their own clients. That’s the nature of high-level breaches where one company is hosting another company’s data. Think of it as a trickle-down notification process.


Welcome to the consequences of cloud-style hosting.

 

***
Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Researcher, Chris Vickery. 
Do you have security tips or suggestions? Contact: cvickery@kromtech.com or security@kromtech.com
Stay tuned to the latest security news by visiting MacKeeper Security Watch blog with Chris Vickery.