1. Forum
  2. spooknet
  3. SN TERROR

  • Wagner group exposed

    From poindexter FORTRAN@700:100/20 to All on Thu Mar 23 07:13:00 2023
    I listened to the Risky Business podcast (episode #700) about the
    hacking of the Wagner group, run by Yvgeny Prighozin. The podcast laid
    out a pretty interesting story.

    At a high level, it sounded pretty cool - a google-less Android image on
    their phones, an OpenVPN mesh network, and an opsec-aware head who used
    a Psion device for tracking.

    Then, the wheels came off the story.

    Windows XP. Self-signed certs on the OpenVPN links. Use of free hosting services. Free Avast AV. Teamviewer. Skype. Psion PDA backups stored on
    a file server on the network.

    Not ideal opsec for a multi-faceted company with potentially shady
    dealings going on.

    There's more information (a lot more) about Prighozin's businesses
    spanning restaurants, hospitality, security services, a troll farm,
    retail and more - and their IT shared infrastructure at

    https://dossier-center.appspot.com/prig-it/

    It did make me think about how to make a properly secure a shady
    network. There's a bounty of open-source collaboration and comms tools
    out there now, along with industry standards for encryption and
    well-documented best practices. Hell, the NSA publishes guidelines on
    how to secure your networks!

    And, I want a Psion PDA. :)



    ... All of my certifications are self-signed.
    --- MultiMail/Win v0.52
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)
  • From Greenlfc@700:100/71 to poindexter FORTRAN on Tue Mar 28 13:54:40 2023
    That sounds like it's right up my alley, going to check it out now!

    GreenLFC º e> greenleaderfanclub@protonmail.com
    Infosec / Ham / Retro º masto> GLFC@mstdn.starnix.network
    Avoids Politics on BBS º gem> gemini.greenleader.xyz

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)
  • From debian@700:100/69 to poindexter FORTRAN on Tue Nov 28 20:58:43 2023
    Then, the wheels came off the story.

    Windows XP. Self-signed certs on the OpenVPN links. Use of free hosting services. Free Avast AV. Teamviewer. Skype. Psion PDA backups stored on
    a file server on the network.

    Not ideal opsec for a multi-faceted company with potentially shady dealings going on.


    I agree it is poor opsec for any company to be running old operating systems with potential incriminating evidence stored on them. That said, there are still plenty of companies that are running XP and older. My current employer still has a couple of XP machines kicking around on the production floor, still in active use. the semiconductor company I was working at before my current employer was running DOS 6.22 and linux 2.4. When I was working at fairchild, we had a system that was running a version of Unix (cant remember what specific unix it was) from the late 80s - that system held all the data about the wafer, what processes were ran, what stage it was at, etc.

    I myself still keep a couple old PCs kicking around, but I don't store anything of high value on them.

    73, debian

    How ya gonna do it? PS/2 it!

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)
  • From roman@700:100/69 to debian on Wed Nov 29 03:37:44 2023
    It's not a matter of using "old operating systems"; it's solely a matter of inability to configure these systems. Windows XP, even with the help of standard tricks and tricks, can be made so limited that even a shortcut on the desktop cannot be created without the knowledge of the administrator. As my experience with Novell, Windows 2000/NT, and Windows XP shows, modern administrators simply do not know the network and local policies of these systems. Since I live on 2-3 dollars a day, my working operating system is Windows XP. Because computers based on it are free. I have long replaced those programs that do not work in Windows XP with regular JS scripts. For example, viewing PDF, PSD and so on. Browsers for Windows XP are still being released. For another 4 years I was an active user of Windows 98. And I was forced to switch to Windows XP because it was not enough to implement TLS 1.3 support for Windows 98. You need to find HTML5 and JS libraries for these browsers somewhere.

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)
  • From poindexter FORTRAN@700:100/20 to debian on Wed Nov 29 06:16:00 2023
    debian wrote to poindexter FORTRAN <=-

    Windows XP. Self-signed certs on the OpenVPN links. Use of free hosting services. Free Avast AV. Teamviewer. Skype. Psion PDA backups stored on
    a file server on the network.

    Not ideal opsec for a multi-faceted company with potentially shady dealings going on.


    I agree it is poor opsec for any company to be running old operating systems with potential incriminating evidence stored on them. That
    said, there are still plenty of companies that are running XP and
    older. My current employer still has a couple of XP machines kicking around on the production floor, still in active use.

    Which is perfectly fine, as long as they're not on the internet. Back
    in the 2010s, I was surprised to notice that the voicemail systems I
    was running were running Windows 3.51. They were isolated in a LAN by
    themselves, so there wasn't an issue.




    ... We are living through a revolt against the future. The future will prevail. --- MultiMail/Win v0.52
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)
  • From debian@700:100/69 to poindexter FORTRAN on Wed Nov 29 19:15:36 2023
    Allot of these systems were technically on LANs, but some could be accessed from a more modern internet connected host. With the exception of a few companies, most didn't really have good security policies - mainly due to high turnover + lack of documentation (and lack of giving a crap). There were places I worked for that had very high levels of security - to the point where you couldn't issue a command without a chain of approval.

    But even some of these LAN only systems can still be compromised through a compromised PC (because even though the system admin configured the system to only have access to a LAN, there may be a managers PC that has access to the
    LAN and internet) - I guess that is not technically a LAN only system, but its what the network admin called it. *shrug*

    How ya gonna do it? PS/2 it!

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)