[clug] Hack attack on University of East Anglia's Climatic Research Unit

Steve Walsh steve at nerdvana.org.au
Mon Nov 23 00:26:18 MST 2009

On 11/21/2009 05:07 PM, Daniel Pittman wrote:
> Nope.  It is pretty much impossible to know without access to the technical
> details from the site.
> If you are looking for a general lesson to take home, the most commonly
> disclosed causes of attacks like this are:
> 1. Someone uses the same username and password for their corporate or
>     University login that they do for a low-value online site, and someone
>     obtains those credentials.
> 2. Someone uses a weak password, full stop.
> 3. Someone didn't keep patches up to date, so a three year old vulnerability
>     got exploited for the attacker to get in.

4. Someone got phished with the "please update your webmail records" 
email, and they just logged in and got what they needed that way.

Not every hack requires bad username/password policy or lack of patch 
plan, the old ways are still the best (Hi, Sylvia, it's Chris from the 
helpdesk. I'm updating records, and the details I have for your username 
and password don't match, can I get them again? Ok, so it's sysmith, 
yep, got that and the password is...? RodgerDodger78? Oh, ok, I see what 
happened, we had 87. thanks! )

Steve Walsh
Vice President / Sysadmin team member - Linux Australia
Networks and Technology - Linux.conf.au 2008
Evil Network Bunny - Linux.conf.au 2009
Networking alpha geek - Linux.conf.au 2010

More information about the linux mailing list