Deloitte, the accountancy and consulting company that yesterday admitted a major hack, had left its corporate Microsoft Active Directory server on the internet with remote desktop protocol (RDP) open - making its internal email system an easy target for hackers.
And Deloitte is also one of the biggest names in security consulting.
The apparently amateurish security error was uncovered last night by security researcher Dan Tentler, who found the open port via the Shodan search engine, which enables users to search for devices connected to the internet.
"The problem is they put a fucking active directory server directly on the internet with RDP exposed," wrote Tentler, adding: "[This is] the place where all the creds live… on the internet. With RDP open."
'a;sljfasdfjadjaserfaweakjwtgfaehasrhfasd;laksfkasrohawghasedjas;faskdga'seraowhjasjdfasdlfasgajhsdfjarfhoae;ahd pic.twitter.com/54O2PDy7zV— Dan Tentler (@Viss) September 25, 2017
again, the cert has no importance here.— Dan Tentler (@Viss) September 26, 2017
the problem is they put a fucking active directory server directly on the internet with RDP exposed.
The exposure raises questions over the competence of Deloitte's systems administrators, its IT department's quality control and its internal change-control processes, although one commentator tentatively suggested that it might have been set-up as a read-only server to support laptops that are never attached to the internal network.
one of them, yes.— Dan Tentler (@Viss) September 26, 2017
the place where all the creds live.
is just ...
on the internet.
with rdp open.
Others have suggested that it might be a honeypot set-up by the company.
I've seen people recommend putting read-only DCs on the Internet to support laptops that are never attached to the internal network.— Paul Dokas (@pauldokas) September 26, 2017
However, the exposure also indicates that Deloitte is running its Active Directory server on an unpatched version of Windows Server 2012, R2 - providing another helpful pointer to anyone wanting to crack Deloitte's systems.
Richard Stiennon, chief strategy officer at Blancco Technology Group, commenting, suggested that Deloitte's own security controls had clearly been lacking: "A complete data governance regime should put email at the top of concerns.
"While health records, financials and PII usually are considered first, it must be acknowledged that all of that critical information passes through email too. Email should be first protected against unauthorized access.
"But it's just as important to manage the content. One critical control is encryption so email exchanges cannot be read without the participants' keys. Another is to regularly scrub emails wherever they reside."
The reactor topped out at 100 million° C
Cosmic event will not cause any disruption on Earth, say scientists
Heber Curtis was the first to observe a cosmic jet in 1918.
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region