History unknown simple corporate hacking
In the modern world, where the magnitude of human error in terms of security threatens companies with huge material losses, negligible attention is paid to methods of unauthorized access. Many people remember what SuperDae Microsoft turned out to be, Snowden NSA, and so on. "North Korean hackers" Sony. Moreover, each of them stated that access to information was obtained quite simply.
In this article, I want to tell about the history of hacking of corporate Gameloft servers, unknown to the general public, which occurred in the summer of 2012. For those who do not know, Gameloft is one of the largest companies developing smartphone games, founded in 1999 by one of the Guillemo brothers, with about 5,000 employees, with an annual cash flow of hundreds of millions of euros.
')
For access to marektingovym materials the company contained the server extra.gameloft.org . There were at least five directories on the server:
The hacker’s frivolous achievement was that he, relying on luck, downloaded from the tmp_pub directory the de facto existing search indexing file .DS_Store. After a little editing, he was presented with a list of all the indexed hidden folders, about 50, he said. Having searched through each of them, a folder called SEB_G caught his attention. Short for Sebastien Givry. By a ridiculous coincidence, this was the folder of the chief sales director of the EMEA region. At that time, he quit his job, but the toli of the rules, the toli of his deeper thirst for document circulation left the company's heritage in this folder the entire archive of his mail from 2005 to 2012. 12 gigabytes unsolicited emails from Outlook. In the most innocuous letters with Arab partners, there were talks about the lack of cover for Elika in the mobile version of Prince of Persia.
Despite the fact that all the main concerns of the company's employees had to be done in a VPN-network, access to which was blocked by SecurID passcodes, there were network resources that were directly accessible from the Internet. The attention cost extra.gameloft.org/mkg_sub . A couple of login-password authentication authentication cracker found in the mail. In the directory there were folders of employees of the company (a great many) - complete materials. Business plans, release calendars of unannounced games, raw and not very builds. Among other things, hundreds of documents describing algorithms for maintaining marketing channels. In total, a couple dozen terrabayt data, assets for print, marketing, direct use in games:
After hours of searching, the cracker also managed to find:
The followers of the leak were promptly disclosed, all information was deleted, and the hacker was punished. According to him, from the temporary detention cell in Åland, access to the company's Google account lasted another two years, right before the meticulous Heartbleed. Access to the hypernet is still available, but apart from the advertising staff in the Latin American region, no one keeps documents there anymore.
A couple of months after the hack, the company laid off 250 employees.
In this article, I want to tell about the history of hacking of corporate Gameloft servers, unknown to the general public, which occurred in the summer of 2012. For those who do not know, Gameloft is one of the largest companies developing smartphone games, founded in 1999 by one of the Guillemo brothers, with about 5,000 employees, with an annual cash flow of hundreds of millions of euros.
')
For access to marektingovym materials the company contained the server extra.gameloft.org . There were at least five directories on the server:
- directory with marketing materials available to the press / mkg_pub,
- directory with direct confidential data for company employees and partners / mkg_sub,
- directory with materials on upcoming games / preview_pub,
- directory with information about the company (logos, history, etc.) / comm_sub.
- In addition, there was another folder in the root, which the staff used to store temporary files for the press / tmp_pub. In that were stored assets from the exhibitions held. The password to her google is quite simple - it was contained in the press releases of the company.
! But the root listing of this directory was not available for viewing.
The hacker’s frivolous achievement was that he, relying on luck, downloaded from the tmp_pub directory the de facto existing search indexing file .DS_Store. After a little editing, he was presented with a list of all the indexed hidden folders, about 50, he said. Having searched through each of them, a folder called SEB_G caught his attention. Short for Sebastien Givry. By a ridiculous coincidence, this was the folder of the chief sales director of the EMEA region. At that time, he quit his job, but the toli of the rules, the toli of his deeper thirst for document circulation left the company's heritage in this folder the entire archive of his mail from 2005 to 2012. 12 gigabytes unsolicited emails from Outlook. In the most innocuous letters with Arab partners, there were talks about the lack of cover for Elika in the mobile version of Prince of Persia.
Despite the fact that all the main concerns of the company's employees had to be done in a VPN-network, access to which was blocked by SecurID passcodes, there were network resources that were directly accessible from the Internet. The attention cost extra.gameloft.org/mkg_sub . A couple of login-password authentication authentication cracker found in the mail. In the directory there were folders of employees of the company (a great many) - complete materials. Business plans, release calendars of unannounced games, raw and not very builds. Among other things, hundreds of documents describing algorithms for maintaining marketing channels. In total, a couple dozen terrabayt data, assets for print, marketing, direct use in games:
- Tons of corporate presentations ( which is about the narrative design )
- Directing plans from partner companies, such as Ubisoft. ( Assassin's Creed promotion history in 100 slides )
- Builds for exhibitions and universal testing. (leaked to the network weeks before the release of My Little Pony for iOs)
- Trailers and videos. (replacing the Asphalt 8 Infinity podzaglovok after leakage)
- Toolkit and virgin and press whales. (Mentioned is a harmless java-framework AuroraGT )
- Contacts of the press and staff.
After hours of searching, the cracker also managed to find:
- The password from the PR channel on Youtube (the same password for sync passwords / bookmarks from Chrome), on a Google Drive account of which Romanian company marketers carefully updated the table with passwords from various social networks in xls.
- Hypernet password, hypernet.gameloft.com/navi .
- Authentication data for partner access to privftp01.gameloft.com.
The followers of the leak were promptly disclosed, all information was deleted, and the hacker was punished. According to him, from the temporary detention cell in Åland, access to the company's Google account lasted another two years, right before the meticulous Heartbleed. Access to the hypernet is still available, but apart from the advertising staff in the Latin American region, no one keeps documents there anymore.
A couple of months after the hack, the company laid off 250 employees.
Source: https://habr.com/ru/post/356652/
All Articles