- ‣ The United Nations Suffers a Data Breach, Exposing 100,000 Employee Details
- ‣ KubeSphere Extends Collaboration To Amazon Web Services
- ‣ Red Hat To Acquire StackRox and Bring To OpenShift Platform
- ‣ DataStax Releases K8ssandra – The Latest Production-Ready Platform for Running Apache Cassandra on Kubernetes
- ‣ AWS Launches Location Service, Opening New Opportunities For Developers
- ‣ GDPR Violations Lead To $66,000 Fine for Swedish University
- ‣ CloudLinux To Invest A Million Dollars Annually In Project Lenix
- ‣ Google Launches Machine Query Language in General Availability for Cloud Monitoring
- ‣ AWS Launches Service Workbench for Researchers
- ‣ AWS Batch Support Now Available for AWS Fargate
- ‣ Highest-Rated Cloud Computing Companies to Work For in 2021
- ‣ Mirantis Launches k0s - The Smallest, Simplest Kubernetes Distro
- ‣ AWS Fault Injection Simulator Improves Cloud Chaos Engineering
- ‣ China claims it’s quantum computer is 100 trillion times faster than any supercomputer
- ‣ Red Hat OpenShift to Support Windows Containers from 2021
- ‣ How Do Teams Automate Security in 2020?
- ‣ Github Releases 2020 State Of The OCTOVERSE Report
- ‣ Twitter Signs Agreement With AWS To Leverage The Public Cloud
The United Nations Suffers a Data Breach, Exposing 100,000 Employee Details
Jan. 14, 2021, 9:05 a.m. in CyberSecurity
A security vulnerability was realized in the United Nations system by a set of security specialists and researchers where they could access the personal records of over 100,000 employees of the United Nations Environmental Programme(UNEP). The breach was stemmed from an exposed Git Directory and credentials which could be cloned externally and large amounts of information could be extracted without hassles.
The researchers found an exposed subdomain of the International Labour Organization (ILO) and this allowed them to access Git Credentials.
The personal information exfiltrated from the United Nation systems were travel histories of 100,000 employees.
The vulnerability of the system was reported on January 4th, 2021 to the ICT department and they thanked the researchers for the job well done.
The .git directory contained sensitive files that exposed the administrator’s database credentials
United Nations took the security threat seriously and was quick to patch the issue within a week
Security researchers have discovered a vulnerability in the United Nations system where they were able to exploit details of 100,000 employees. The researchers’ group is called Sakura Samurai and the discovery members include Jackson Henry, Nick Sahler, John Jackson, and Aubrey Cottle.
This action was done as a result of the Vulnerability Program organized by the UN to study their system and report any loopholes and vulnerabilities. While doing this, the group came across exposed git directories and credential files on domains associated with the International Labour Organization and UNEP. But the group was able to dump the files discovered and cloned the entire git repository using git-dumper. The security researchers were able to find a Git-credential file on one of the UN domains, allowing them to gain access to the whole Git repository, then to the database credentials stored on the WordPress configuration file “wp-confing.php”.
Some of the PHP files discovered in the breach contained plaintext database credentials that are associated with outer online systems of both the UNEP and UN ILO. Also, the publicly accessible .git-credentials files gave the researchers access to UNEP's source codebase.
Ultimately, the research group was able to exploit the travel history of UN staff, employee IDs, names, groups, travel details, dates, destination, length of stay, and other related details. As the group went further in the research they also came across demographic data, nationality, gender, payroll on a lot of employees, and even project funding records, employment evaluation details, and other related information. Sakura Samurai, the research group, reported the issue to the UN as thus
“Ultimately, once we discovered the GitHub credentials, we were able to download a lot of private password-protected GitHub projects and within the projects, we found multiple sets of database and application credentials for the UNEP production environment. In total, we found 7 additional credential-pairs which could have resulted in unauthorized access of multiple databases. We decided to stop and report this vulnerability once we were able to access PII that was exposed via Database backups that were in the private projects”.
Fortunately, the UN responded to the reports and drastic steps were taken to keep the system secured, nevertheless, there is a possibility that cybercriminals may have also been able to gain access to UN employees but at least the system security is being double-checked to avoid real-time wrongful access. Although the UN has concerns with how they will break the news to the concerned users whose information has been exposed.
Ultimately, once we discovered the GitHub credentials, we were able to download a lot of private password-protected GitHub projects and within the projects we found multiple sets of database and application credentials for the UNEP production environment. In total, we found 7 additional credential-pairs which could have resulted in unauthorized access of multiple databases. We decided to stop and report this vulnerability once we were able to access PII that was exposed via Database backups that were in the private projects.John JacksonFounder, Sakura Samurai (https://johnjhacking.com/blog/unep-breach/)