Another Dutch Security firm "Gemnet" get compromised. The hack appears to have started when someone discovered a publicly accessible instance of phpMyAdmin without a password. phpMyAdmin is a web interface for managing SQL databases that should not be facing the open internet, password required or not.
By manipulating the databases the attacker was allegedly able to gain control over the system and all of the documents contained on it. The parent company, KPN, insists the documents contained on the server were all publicly available.
webwereld reports that the hacker claims to have accessed non-public documents that outlined the secure communication networks and procedures for communication between KPN and governments and customers.
Gemnet CSP, KPN's certificate authority division, has also suspended access to their website. While KPN believes that Gemnet CSP has not been compromised, it would appear they are taking precautions while they investigate the incident. The attacker reportedly was able to obtain the password (braTica4) used for administrative tasks on the server as well.
Gemnet provide security consulting and authentication technologies to nearly all parts of the Dutch government including the Ministry of Security and Justice, Bank of Dutch Municipalities and the police.
Posts
