This is a most excellent place for technology news and articles.
Muneeb and Sohaib Akhter, now both 34, had been in trouble before. Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
They had a track record and found employment in government IT
HR should've been fired for that fuckup.
A case study in why credentials are revoked before firings.
No. A case study against employing known criminals.
Both conclusions are correct, but step 1 was a background check
Don't know how it works in US, but in most of EU you're obligated to notify the employee about termination of work agreement like a month in adavnce. In case of IT revoking access that early would mean effectively month of paid leave.
Sounds nice.
Sounds nice.
That's why it doesn't happen
Commits hundreds of crimes then starts bringing up god. Class act.
Muneeb Akhter asked Sohaib Akhter for the plaintext password
The more scary part in this story is that the government stores your passwords in plain text!
So basically ANYONE with access to the database can steal your credentials, including employees, the government and any authorities.
Never re-use passwords.
Never heard of hashing and salting apparently
To be fair, what else could they do with that keyboard.
Why were they storing passwords in plaintext in the databases?!
First time reading about government systems, eh?
Why not? National Safety Department of Slovak Republic (Narodny Bezpecnostny Urad) had password NBUSK123… just government things
No, that was a bit different.
login: nbusr
password: nbusr123
my bad
The K in password doesnt match Republic in the name.
Totally secure.
Because like all critical infrastructure it was setup by somebody's kid on work experience
Well how else would they help the users if they ever forgot their passwords? Duh.
/s
Probably for the same reasons web browsers store them in plain text: They don‘t care.
the same reasons web browsers store them in plain text
Why one web browser stores them in plain text. Fucking Edge.
Who knows about the others, but I can pretty much guarantee you that Librewolf, for example, isn't doing that shit.
If you can autofill passwords without authenticating in some way, they are probably either stored in plaintext, or encrypted with a key that is stored in plaintext. Cause, like, how is it supposed to magically encrypt it.
And why couldn’t they have done that to the student loans system?
Like JFC, they could have instantly made themselves immune from trial-by-jury anywhere in America by doing that one tiny thing.
Student loans are loans from third party lenders which are cosigned by the federal government for collateral.
Even if every government record of it were destroyed, the loan servicers would have perfect multiple ledger copies of it all.
Oh for something important like that we have backups.
Probably not one of the 96(+) databases they had :(
DROP TABLE students
Wasn't that a premise in Mr Robot?
It was kinda the premise of Fight Club, although private sector instead of public
Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
I'm not gonna say there were signs that these two weren't the most law abiding of citizens to begin with, buuuuut...
I briefly worked with a government client that would bring in prison laborers to collect trash. From the IT building of the tax agency.
But don't worry, they were just white collar criminals. You know, people who only went to jail for stealing... financial data... The very thing that was accessible in that building.
Genius.
“Eh, they can recover from yesterday,” he said, referring to daily database backups.
But did they recover from backups? Don't leave the most juicy intrigue out of the story.
No one ever tested the backups so they don't know if they will work!
In a row?!
Its always interesting when people are both very smart and also very stupid at the same time.
Knowledgeable and smart are not the same thing. These two are very knowledgeable about the systems they worked on and database manipulation, believe it or not these are not hard skills to learn. But they were incredibly dumb regardless given every single action they took at every point in their lives.
