this post was submitted on 11 Feb 2024
818 points (98.2% liked)

linuxmemes

21198 readers
146 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    poopsmith
    zephyr
    rtxn
    818
    classic opsec mistake (discuss.tchncs.de)
    submitted 9 months ago by [email protected] to c/linuxmemes
    48 comments fedilink hide all child comments
     

    cross-posted from: https://discuss.tchncs.de/post/10692187

    so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

    the "hacker"(or rather cracker) was extradited from France to Finland.
    you can read about how terrible the company's security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

    or watch mental outlaw's video on the matter, or the Wikipedia article on the breach.

    now there are several things that shouldn't have happened (e.g.: don't do these things on your main OS, have root access disabled, etc.), but I'll leave that to you experts.

    you are viewing a single comment's thread
    view the rest of the comments
    [–] [email protected] 22 points 9 months ago (1 children)

    Not saying its actually what happened but I would ask how he knew about the data.

    Statistically, it should have been a random port scan that got in but since he‘s from the same country, he‘s either professionally or privately connected I assume. He either worked there in IT function, visited as a patient, dated an employee, etc.

    So in other words, he‘s not a master hacker but probably stumbled across this. I had this with a webspace provider once were I could see all other customers folders when I used ssh instead of the web interface. I couldnt access them but I got a wiff of how stuff like this happens. 99.9% of their customers are inept at IT stuff so a mistake in ssh would never come up since customers wouldn’t use it and in that one case, they overlook it.

    So, this might have been his first hack ever and it probably took a long time til he even understood what he had in his hands. Thats why I dont do stuff like this, I‘m prone to such mistakes as well. Most elaborate scheme imaginable and cc it by mistake to someone I know.

    [–] [email protected] 10 points 9 months ago (1 children)

    I just was reading Wikipedia and it said he was arrested previously for hacking.

    In 2015, when he was still a teenager, a Finnish court found Kivimäki guilty of more than 50,000 aggravated computer break-ins. Among other targets, he attacked large educational institutions in the US, hijacking emails, stealing credit card details and blocking site traffic.

    Kivimäki received a two year suspended sentence for those charges.

    https://yle.fi/a/3-12669196

    You're probably right he had some connection and stumbled onto the data, but this wasn't his first rodeo.

    [–] [email protected] 5 points 9 months ago

    Thanks for pointing it out. This makes it even more embarassing that he made a mistake like this. But I can still see how it could happen.