Email accounts of several hundred Ethiopian INSA agents hacked
A group of hackers managed to easily hack email accounts of several hundred Ethiopian INSA (Information Network Security Agency) agents. This hacking was possible due to security lapse of Ethiopian Information Network Security Agency agents.
The vision of the Information Network Security Agency is to realize worldwide competent National Cyber capability, as that plays an important role in protecting national interests of the Ethiopia. INSA's mission is to build the National Cyber Power that will be capable of protecting national interest, and also to provide the technical intelligence pertaining to the national interest in order to support the actions as well as decisions of the government.
Researchers from the research lab of Safety Detective have found a leak online that is related to the INSA agents. It was found that unauthorized access to email accounts of several hundred Ethiopian INSA agents has been gained by the hackers just by using the easily-predictable usernames as well as passwords.
During investigation, the researchers had found that the passwords used by the Ethiopian INSA agents were basic. Those passwords were not salted neither hashed.
In a blog post, the Safety Detective researchers said that "while the fact that hackers could so easily hack a security agency - and the Ethiopian INSA especially - is alarming, what was even worse was that the passwords we discovered in use by INSA were basic (and hackable) beyond belief. Basically, they weren't salted and hashed".
The Safety Detective researchers further added in the blog post that "while big databases usually have their data protected and encrypted (in case someone breaks in), this one didn't and had common passwords easy to decrypt". Out of 300 hacked credentials, 62 passwords had the '123' sequence whereas 142 contain 'p@$$w0rd' as passwords.
Upon discovery, the INSA was quick to resolve the problem. It has reset passwords of the hacked accounts, and also the internal email server was changed. However, the researchers from the research lab of Safety Detective believe that sensitive data is still being available with those hackers. In fact, the researchers believe that the hackers can use it for hacking the new email servers of INSA, in case they are not encrypted and insecure.
» SPAMfighter News - 6/24/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!