Author Topic: Ubiquiti Breach  (Read 6524 times)

0 Members and 1 Guest are viewing this topic.

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Ubiquiti Breach
« on: March 30, 2021, 08:32:49 pm »
Whistleblower: Ubiquiti Breach “Catastrophic“: https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Change your PWs!
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #1 on: March 31, 2021, 11:49:26 am »
It did not last very long to surface ...

Think fast..
- What should be the worst nightmare for a serious data center buz ?

... A SINGLE NODE OF CATASTROPHIC FAILURE ...

- What exactly a "CLOUD" is ?
... A SINGLE NODE OF CATASTROPHIC FAILURE ...

- you have no clue who controls and access it
- you have no real vision of how the thing is managed
- you have left your control to the hands of unknown others..

last question: Why people trust that cloud thihg ?

Why Ubiquiti and not MIMOSA Mikrotik Cambrium ... others..

Paul  :popcorn:


 
The following users thanked this post: SL4P

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Re: Ubiquiti Breach
« Reply #2 on: March 31, 2021, 01:31:52 pm »
Someone screwed up the risk assessment. Cloud platforms are an attractive target, hack once and own millions of accounts or devices. However, the cloud isn't bad per se, but you need to know the pros and cons, and act accordingly. And even if you don't use the cloud you can create havoc for all your users, e.g by firmwares with hidden admin accounts. Some vendors are better, some are worse. They all have to face security issues from time to time. Some more often, some more rarely. No one is bulletproof.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 4979
  • Country: au
Re: Ubiquiti Breach
« Reply #3 on: April 03, 2021, 08:00:59 am »
This breach was far from catastrophic, in fact, it had no impact at all to most customers. Unlike most IoT services, Ubiquiti allows you to use their products completely offline and independent of their cloud infrastructure. Even if you want to remotely manage your devices over a VPN, you still have that option.
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: Ubiquiti Breach
« Reply #4 on: July 18, 2021, 10:49:50 pm »
People use cloud services because they are lazy and often dont have any critical or valuable information to protect.

Many of them never even realized they could install and manage all those services themselves.

It did not last very long to surface ...

Think fast..
- What should be the worst nightmare for a serious data center buz ?

... A SINGLE NODE OF CATASTROPHIC FAILURE ...

- What exactly a "CLOUD" is ?
... A SINGLE NODE OF CATASTROPHIC FAILURE ...

- you have no clue who controls and access it
- you have no real vision of how the thing is managed
- you have left your control to the hands of unknown others..

last question: Why people trust that cloud thihg ?

Why Ubiquiti and not MIMOSA Mikrotik Cambrium ... others..

Paul  :popcorn:
"What the large print giveth, the small print taketh away."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9803
  • Country: 00
  • Display aficionado
Re: Ubiquiti Breach
« Reply #5 on: July 18, 2021, 11:12:01 pm »
People use cloud services because they are lazy and often dont have any critical or valuable information to protect.

Many of them never even realized they could install and manage all those services themselves.

Nothing to lose like various parts of various governments?
 

Offline bson

  • Supporter
  • ****
  • Posts: 2159
  • Country: us
Re: Ubiquiti Breach
« Reply #6 on: September 29, 2021, 04:15:36 am »
Credentials like that are fine to keep and share using LastPass, 1Password and so on - but it needs to be protected with more than a password.  We use U2F devices - Yubikeys in particular.  Same with SSOs like Google, github/gitlab, and so on.  They all support U2F - for a reason!

And when people leave their accounts need to be taken down.
« Last Edit: September 29, 2021, 04:20:23 am by bson »
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #7 on: September 29, 2021, 11:45:15 am »
That scares the shit out of everything...

but also put things into a perspective where nobody cares anymore putting their privacy into the hands of unknown people trusted just by obscure labels such as "we care about your privacy..."  trust us..

No surprises there are currently about half dozens MEGA CORPORATIONS running a freak show.

Things will converge to those freak show and nobody cares anymore

These trends ahead in the mid-to-long term are very bad
They are and will concentrate that just to monetize the top of the pyramid..

and FU**** the rest

Paul
 

Offline SL4P

  • Super Contributor
  • ***
  • Posts: 2268
  • Country: au
  • There's more value if you figure it out yourself!
Re: Ubiquiti Breach
« Reply #8 on: September 30, 2021, 06:52:52 am »
LOL, wait for the ‘experts’ to say you should be using a ‘public VPN’ for your WAN connectivity 😱

Oh, I missed that VPN, Virtual Public Network… so it MUST be safe ?
Don't ask a question if you aren't willing to listen to the answer.
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #9 on: September 30, 2021, 07:42:59 am »
LOL, wait for the ‘experts’ to say you should be using a ‘public VPN’ for your WAN connectivity 😱

Oh, I missed that VPN, Virtual Public Network… so it MUST be safe ?

Personally i give a shit for VPN  as part of my activity i really do not care who is certainly wasting time logging me. 

But when i do want some obscure  cloudy bits...  i just switch my proxy to TOR

and i have 3 settings for that

I am pretty sure today even VPNs can be sniffed with remote tags placed on hashes and hidden code

TOR is a bit hard to spot

Paul
« Last Edit: September 30, 2021, 10:17:18 am by PKTKS »
 
The following users thanked this post: SL4P

Offline Ranayna

  • Frequent Contributor
  • **
  • Posts: 685
  • Country: de
Re: Ubiquiti Breach
« Reply #10 on: September 30, 2021, 09:48:35 am »
Well, considering that it is at least suspected that a large majority of TOR exit nodes are run bei various "Three Letter Agencies" i would not trust TOR all that much.
I would even think that it makes you especially suspicious. :p

On topic: In the past, despite not having had personal experience with Ubiquity hardware, i, and many IT people i know, often recommended it as consideration for affordable wireless products.
But since that breach i stopped doing that, and any consideration that i myself might upgrade to Ubiquity hardware had been stopped. When i learned that they now have started showing ads on the admin webpages of some of their devices i am really glad that i do not have anything made by them.

But this account bullshit is really becoming very common. There are Netgear switches that need a Netgear account to manage. There are now HP printers that need an HP account to set them up. And now Windows 11 Home Edition needs a Microsoft account. It's getting ridiculous, and the options for sane people get less and less.
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #11 on: September 30, 2021, 10:22:28 am »
Well, considering that it is at least suspected that a large majority of TOR exit nodes are run bei various "Three Letter Agencies" i would not trust TOR all that much.
I would even think that it makes you especially suspicious. :p
(..)

It may be mostly TRUE today..  reason I have even put aside my own relay..

But it was not like that a decade ago.
It became pretty clear that filthy hands got into the relays...

Nevertheless the amount of trouble and brute force they need to do is mostly worthless for the results..

Today I really give a shit for all that freak show  the agencies and mega corps are making..

Internet and software in general turned out like a serious anti-privacy surveillance monetizing paradigm ...

Reason such CLOUD buz fast ascending
And why obviously some targets are sweeter than others..

Politics and discrimination as usual

BTW running a relay or proxy may be suspicious for vicious minds trying to find targets 100% time..

Otherwise is just a plain proxy method like any other  being VPN or filter proxy

The world we live is sick and monetized 
Paul
« Last Edit: September 30, 2021, 10:27:15 am by PKTKS »
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Re: Ubiquiti Breach
« Reply #12 on: September 30, 2021, 11:17:00 am »
Most of the popular VPN services are marketed as some kind of privacy shield which they aren't. Marketing nonsense, as usual. There are many ways to pinpoint a specific web browser profile, not matter if via direct internet access, NAT or VPN with public exit. And those pesky enforced online accounts aren't a good idea either. Why should I give a LAN switch or a printer internet access? To increase my attack surface? Ever heard of network security? The vendors claim that they care about privacy and security. Still they try to enforce an online account which won't work without internet access. :palm: ²
 
The following users thanked this post: SL4P

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #13 on: September 30, 2021, 01:00:08 pm »
(..)Still they try to enforce an online account which won't work without internet access. :palm: ²

Don't  forget as today: 
- an online "account" monitoring
-  a required TPM identify tutored agent
- a UEFI  "trusted" firmware.

Not so long ago mostly account and MAC (which can be tinkered)

But that would not scale and leverage tracking system surveillance

So competition can be tutored
Paul
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Re: Ubiquiti Breach
« Reply #14 on: December 02, 2021, 09:37:39 pm »
Apparently it was an inside job:
Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”: https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/#more-57755
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #15 on: December 06, 2021, 11:11:45 am »
Apparently it was an inside job:
Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”: https://krebsonsecurity.com/2021/12/ubiquiti-developer-charged-with-extortion-causing-2020-breach/#more-57755

Finding someone to blame does not surprises me...

What really worries me is how many others disgruntled insiders are out there ?

WTF can anyone trust that their whole life data into this shitty cloud business ?

That worries me..

I think there is already too much (OUR) data under unknown disgruntled hands.

Paul
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Re: Ubiquiti Breach
« Reply #16 on: March 30, 2022, 05:28:49 pm »
Ubiquiti doesn't like what Brian Krebs wrote about the breach: https://www.courtlistener.com/docket/63197557/ubiquiti-inc-v-krebs/
They want US$ 350k compensation and at least 75k for trial costs.
 

Offline PKTKS

  • Super Contributor
  • ***
  • Posts: 1766
  • Country: br
Re: Ubiquiti Breach
« Reply #17 on: March 30, 2022, 05:43:51 pm »
I have been seeing such legal threats targeting simple individuals by large corporations and guilds exponentially multiplying  last 5y or so...

Around here several cases of just opinions ( even been protected by constitution )
been target of such "digital-case-seekers"....  sponsored by interests...

Considering last week all router VULNERABILITY affecting major vendors.

This  is just a laugh and a muck for serious people involved in security...

What matters is *IF* the company will actually hold responsible for their products...

What has been seeing by large...  no corporation as of today has been liable for virtually no incident...   zero... nada...

Legal threats will even shut down individuals seeking for better products.. AND SERVICES...

and they keep non liable for the problems...
collecting profits and disregarding best practices

Paul
« Last Edit: March 30, 2022, 05:45:29 pm by PKTKS »
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 10606
  • Country: fr
Re: Ubiquiti Breach
« Reply #18 on: March 30, 2022, 06:33:17 pm »
Those security issues are actually a good thing, showing people what kind of risks are involved with all this cloud crap.

Unfortunately, I don't think it has this effect.
Most people have gotten used to security breaches, software bugs, invasion of privacy, and so on. This has become their new "normal".

As to people not having "any critical or valuable information to protect", yeah for the average joe, maybe. But even that is deluded. Probably a large fraction of those average joes store contracts, bills, possibly medical information, possibly information that they do know even own (like stuff from other people) etc, on those cloud services. You tell me if this is not critical information.

This cloud stuff goes hand in hand with subscription-based everything. It makes people forever dependent, and kills the already limited autonomy they had.
 

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 2501
  • Country: us
  • Yes, I do this for a living
Re: Ubiquiti Breach
« Reply #19 on: March 30, 2022, 06:58:43 pm »
Ubiquiti doesn't like what Brian Krebs wrote about the breach: https://www.courtlistener.com/docket/63197557/ubiquiti-inc-v-krebs/
They want US$ 350k compensation and at least 75k for trial costs.

That seems like it's a SLAPP lawsuit.
 

Offline MrMobodies

  • Super Contributor
  • ***
  • Posts: 1524
  • Country: gb
Re: Ubiquiti Breach
« Reply #20 on: March 30, 2022, 08:46:59 pm »
- What exactly a "CLOUD" is ?
... A SINGLE NODE OF CATASTROPHIC FAILURE ...

- you have no clue who controls and access it
- you have no real vision of how the thing is managed
- you have *left your control to the hands of unknown others..

last question: Why people trust that cloud thihg ?

For VOIP I was concerned about these YeaLink "cloud" phones. A few UK ISP's I spoke to told me they use this portal setup in China to register them and Amazon "cloud" for the hosting which I was very unhappy about. I read somewhere last month in a news article, I looked just now but I can't find it that At&t have them inhouse where and block the zero positioning to YeaLinks server in China which is nice.

Quote
According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach.

In a contract I'd expect redundancy and over many networks owned and controlled by the isp's in the country I live in when making local calls apart from maybe calls to other countries.
 
The following users thanked this post: SL4P

Offline gmb42

  • Frequent Contributor
  • **
  • Posts: 277
  • Country: gb
Re: Ubiquiti Breach
« Reply #21 on: March 31, 2022, 10:02:14 am »
Ubiquiti doesn't like what Brian Krebs wrote about the breach: https://www.courtlistener.com/docket/63197557/ubiquiti-inc-v-krebs/
They want US$ 350k compensation and at least 75k for trial costs.

That seems like it's a SLAPP lawsuit.

At least that's what a lawyer not involved in the case says on Twitter and we all know they are paragons of the truth.

While I'm inclined to cut Klebs a lot of slack because of all the good work he does there's an odd smell about this, more info at The Register.

As far as I can make out, the "breach" was actually an extortion attempt by a disgruntled Ubiquiti engineer who was claiming to be reporting poor practices at Ubiquiti and which Klebs reported on using that engineer as a "source" and with the source's view of the story, and then subsequently reported about it again after the source had been indicted when he should have known that the source was not quite what he had made out to be.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 6955
  • Country: de
  • A qualified hobbyist ;)
Re: Ubiquiti Breach
« Reply #22 on: March 31, 2022, 10:31:27 am »
https://twitter.com/greg_doucette/status/1509184336188350465?s=20:

Quote
It's a SLAPP: the coverage by @briankrebs was substantially true and/or 1A-protected opinion, and the lawsuit basically admits it in the text itself

But @Ubiquiti intentionally filed in Virginia, because there's no anti-SLAPP statute there

I just put Ubiquiti on my do-not-buy list. ^-^
 

Offline jpanhalt

  • Super Contributor
  • ***
  • Posts: 2315
  • Country: us
Re: Ubiquiti Breach
« Reply #23 on: March 31, 2022, 12:00:52 pm »
Re: Doucette quote

Case was filed in Federal District Court Eastern District of Virginia (i.e., Washington DC area).  Federal law will apply.
 

Offline gmb42

  • Frequent Contributor
  • **
  • Posts: 277
  • Country: gb
Re: Ubiquiti Breach
« Reply #24 on: April 01, 2022, 11:21:07 am »
Re: Doucette quote

Case was filed in Federal District Court Eastern District of Virginia (i.e., Washington DC area).  Federal law will apply.

So does that mean the random lawyer is incorrect about SLAPP?  If so, I'm shocked!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf