Phishing Site Discovered On Sony Thailand Servers 44
mcgrew tips news that security firm F-secure has found a live phishing site running on Sony's Thailand servers. "Basically this means that Sony has been hacked, again. Although in this case the server is probably not very important." This comes alongside news that a point service run by So-net, a Sony subsidiary, was accessed by an unknown intruder, who stole about $1,200 worth of virtual tokens. "The intrusions are believed to have taken place on May 16 and 17. So-net discovered the breach on May 18, after receiving consumer complaints. So-net halted the point redemption service following the discovery of the breach. The latest breaches are relatively minor in scale compared to the massive breach at PSN and Sony Entertainment Online. Even so, it only adds to the company's embarrassment."
Re:Thailand (Score:5, Interesting)
You've got a point.
I work in Australia for a company that does a lot of business throughout Asia, I've been on the internets for ages, and have a background in programming and finance, so I've got a weird diverse IT/Business background. So, I sometimes get assigned to figure out weird problems which the other guys can't figure out, despite the fact that I don't do that job.
Anyhow, every now and then I get given a job of "Somethings wrong with x system, when working with our y asian supplier/partner/customer/etc". These suppliers/partners/customers/etc, aren't small little back offices either, they're usually handling at least a several hundred thousand dollar piece of business, and at most they're handling a several million dollar piece.
The first one I got, I put a lot of effort in, and spent heaps of time looking at our side, getting as much information as possible, resolving that nothing was wrong on our side, and realizing what was happening on their side, then sending it to everyone concerned, which included their sides IT department. To the extent that I'd even figure out what software their running, find the manual, and find the section which dealt with this problem.
This inevitably resulted in them coming back to me with "No, it your side". It was literally that small and simple a response. I took them seriously, went off, tried to see if I could resolve it, and ... nope. Still definitely their side.
So, I got in contact with them, and tried to explain what was happening. At which point I noticed "Holy shit, these guys really don't know anything, I'm going to have to walk them through this".
A couple of days later, they still couldn't get it done, so instead they just gave me remote root/Administrator access to their entire network, with absolutely no oversight, so I can go through and make changes to their system, so it was setup correctly.
I shit you not. Sometimes this would mean changing their ssh setup, their sales/orders processing setup, their email server, their domain, everything and anything.
We use many suppliers, and when something changes with our products/services/internally, we often have to change suppliers. So, I've now done this about 5 times, for 5 different companies, throughout Asia. After the first time, I now don't hesitate to ask for root access, and I always get it. Without so much as a small amount of verification, sometimes they hadn't even been told internally of the problem. Although know is "There's this Australian guy, who's confident, and adamant that we've got a problem, and needs access to our systems".
It never ceases to amaze me.
I've thought about this a fair bit over the years, and I think it's apart of the honour/pride culture, where they don't want to have to admit to their managers that they did something wrong, so instead of admitting it, then working to fix it themselves (even with my guidance), they'd rather give a relative stranger complete access. From what I read, this is the sort of cultural problem that was seen at Fukishima, an inability to admit when they were wrong, such that only dodgy patches are undertaken, or possible problems are covered up, to save face.
I know one time when I did this, it got back to us through our customer, that "their IT department had worked with us to resolve issues on our end", which cracked us up. For the sake of getting the job done, we don't care if we take the blame, we just want it up and running smoothly.
Amateur Phishers... (Score:4, Interesting)
Man, that's a bit amateurish on the side of the phishers.
They had access to a *SONY* server. The same Sony who just admitted issues on their systems. Surely they should've just set up a fake phishing site imitating Sony? I mean, set up a realistic looking Sony form asking for way more information than you need, host it on Sony server so Sony's domain points to it, put it in a plausible looking path, and send out an email faking a Sony return address.
Honestly, this would present such a great phishing and drive-by-download install opportunity, I'm surprised they didn't use it. It originates from a Sony email address, the link points to a Sony server (and even if they type it in themselves, it's still Sony's domain), but a third party is really phishing that information. I'd guess you'd get a good chunk of people filling that information in. Forward them to the real Sony login page...
If they had access to the Sony SSL server... oh my.
Something like this would pass most of the basic sniff tests for phish emails and make it almost impossible to determine if it's really Sony or a phisher using Sony's server.