|
Posted by Unruh on December 3, 2006, 1:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
57005.48879@bredband.net writes:
>Note from poster: I got this post from another person who wishes to
>remain anonymous. I do know that the original author follows this
>newsgroup so follow-up comments will be seen.
>** apply virtual scissors here **
>In a recent report it came to light that the Dutch Security Software
>company Alfa & Ariss has been making unauthorised attempts to break in
>to both private and corporate computer systems.
>Alfa & Ariss, who made name for themselves by developing software for
>both the Open Source and Corporate markets for secure login
>procedures, as well as being contracted to implement this software in
>central Dutch government and banking agencies, have made confirmed
>attempts to at least gain access to several systems without obtaining
>authorization first from the owners and operators of those systems.
>The most disturbing attempts are the clear and verified, targeted
>attempts to access a Scandinavian company by probing for available
>services, including but not limited to telnet, SSH, FTP, LDAP, VPN,
>SSL and SMTP. These were made from the main IP address registered to
>them (82.94.105.130) in late October. The company's data wasn't
>compromised due to a good security setup, but the attempts themselves
>are an indication that Alfa & Ariss is apparently doing more than just
>develop software, and not all of it desirable.
>Next to this, the private user is apparently also not safe from them,
>as an ex-employee found out. His home-connected computer had its
>Internet connection flooded around the same time, and by checking
>access logs found out that the company had been snooping on his
>Livejournal (even after he left the company) as well as making
>complete copies of his personal and business related web pages.
>Even though invited to do so, no comments have been made by Alfa &
>Ariss so far, but the ex-employee states: "Yes, there have been
>problems with my connection. My modem complained about not being able
>to handle the traffic correctly, and probably a bunch of connections
>were dropped because of that. I'd say that is a clear example of
>Denial of Service right there. It didn't last long, but still..."
>"I also put a few blocks in place after that, and started keeping an
>eye on the IP. Surprisingly, it didn't end there, but instead, I found
>I got continued connection attempts from the office at just about
>every business day, and even some in the weekend and at night times.
>To this day they keep checking up on me, apparently."
>As to the reason why, there seems to be some confusion: "I'm a little
>limited in what I am allowed to say under my NDA, but I can tell you
>that even though I left the company in September on less than
>agreeable terms (having had the rights needed to do my job as security
>officer and network administrator revoked, forcing me to quit, next to
>lack of pay), I didn't have any negative consequences to speak of
>because of this. I, myself, was just glad to close it off this way, I
>have no desire to be in any way in touch with the people there, and as
>a matter of fact, the CEO demanded no further contact, himself. I even
>returned a few letters after they got sent to my address regardless of
>their own command. There is also nothing of interest for them to be
>found on my home system, apart from personal data for me and a few
>friends which they have no business in knowing or having access to.
>Although I can guess as a motive they might be searching for
>information to try and fine+sue me over the NDA; it would not surprise
>me if so, at all. Having set up a lot of the network stuff there
>myself though, I can tell you that if something like this originates
>from that IP, it's not been someone else or a system that got
>compromised and abused by someone else outside the office. Unless of
>course they really messed up their setup after making me quit, but I
>somehow doubt it."
>Further specifics are not known at this time.
This sounds nuts to me.
a) If the second person who claims to have been a security officer, network
administrator cannot setup his own system to make sure that the company
cannot get into his computer, then he deserved to have been fired. He is
incompetent.
b) There is nothing wrong with "Probing for telnet, SSH, FTP, LDAP, VPN,
SSL and SMTP." Those are services by which a computer links to the outside
world, and in particular by which outside computers are supposed to
connect. The only way to tell if you can connect is by probing. Now if they
DO connect and carry out nepharious tasks after doing so, that is a
different question.
Furthermore, IP spoofing is now at least 20 years old. Ie, there is no way
of knowing if those IP addresses have anything to do with the company. I
have no way of disproving the claims, but the evidence presented is
insufficient for the conclusions reached.
| 
XML site map