Wednesday 5 August 2015

Chinese VPN Service Uses Windows Servers Hacked



A commercial service that Chinese customers VPN connections offering appears to use dozens of hacked Windows servers of organizations and companies abroad, so claims the American security company RSA published today in a report ( pdf ).

The VPN service, which is called by RSA only by the codename "Terracotta", consists of more than 1,500 nodes worldwide.With a Virtual Private Network (VPN) make users through a secure tunnel connection to another server, for example to access the internet from there. This way, the ISP can not view the contents of the traffic, and it is possible to, for example, censored still visit web sites. The Chinese VPN service is thus offered as a way to bypass the firewall and Chinese as a way for users to protect their anonymity.

VPN services generally use their own servers where clients connect to it. In the case of going to the Terra Cotta according to RSA, inter alia, to hacked Windows-based servers from a variety of organizations. RSA researchers argue that the number of new servers from the VPN service will be expanded continuously. In addition, the attackers deliberately opt for Windows servers, because the platform includes VPN services can be configured quickly. A total of 31 Windows servers hacked discovered which were part of the VPN service. All were found to be hacked servers linked to the Internet, and did not use any hardware firewall.

Attack

To take over the servers are brute-force attacks against the administrator account. In case a working combination of username and password is found, the switch forwards a few hours later, the Windows firewall and install the Telnet service.After this, the attackers log in via Remote Desktop and then removing Windows Defender. The next step is the installation of a remote administration tool and create a new Windows account.

Finally the hacked server is configured for VPN service. According to RSA make both end users and cyber spies of the VPN service usage, which is offered in China under different names. In addition, users would not know that they are making use of hacked servers. The reason that the service servers of foreign organizations hacks would mostly related to cost savings.

No comments:

Post a Comment