Because the employee set the password to "123456", amd stolen 450gb data?

Arrangement | Zheng Liyuan

Produce | CSDN（ID：CSDNnews）

Reality tells us , In many cases, life will be far more outrageous than the joke ： Because the employee set the password to “123456”, The company leaked 450Gb data —— This sounds very “ Bizarre ” Things about , It actually happened to the chip giant AMD The body of .

Last week, , A group called RansomHouse The blackmail organization claims , From AMD Stole 450Gb data , And everything “ Thanks to AMD Weak password set by employees ”.

One 、 No “ Blackmail software organizations ”, It is “ Professional mediator ”

RansomHouse As early as 2021 year 12 The month began to be active , At that time, it leaked the alcohol and gambling administration of Saskatchewan, Canada （SLGA） The data of , thus “ An instant hit ”.

Compared with other cyber criminal organizations ,RansomHouse There are some “ special ”. It doesn't think of itself as a “ Blackmail software organizations ”, Instead, define yourself as “ Professional mediator ”, It also said that it had never produced blackmail software or encrypted data ：

We have nothing to do with any violations , Nor does it produce or use any blackmail software . Our main goal is to minimize possible damage to interested parties .RansomHouse Members prefer common sense 、 Good conflict management and wise negotiation , In an effort to fulfill the obligations of all parties , Instead of an unproductive argument . These are all to promote friendly agreements 、 Even the necessary and sufficient principles necessary for fruitful friendly cooperation .

Despite this self introduction, no matter how “ Fresh and refined ”,RansomHouse The behavior of invading companies to steal data is still one after another ： Forefoot just claimed that from Africa's largest retailer Shoprite To obtain the 600 GB data , The hind foot is still in the mood to disclose the next invaded company , stay Telegram Post riddles on ：

We have prepared a new surprise ！ First , Here is a little puzzle for you ： The first person to unlock it will get relevant links . that , Please say the name of this company ：

1) Almost everyone knows

2) Name by 3 Letter composition

3) The first letter is A

Just write your guess on this channel , Then you can get a link in your private email .

Then a week later ,RansomHouse Published the answer ：AMD, And added “ You will be amazed at how they protect their security ”.

Two 、“ All thanks to these passwords ”

According to the RansomHouse Express , As early as 2022 year 1 It has successfully invaded in August AMD The internal network of , Stole “ exceed 450 Gb” The data of . So ,RansomHouse A data sample was also released as evidence , This includes network files 、 System information and weak password documents ：

RansomHouse Write... On its website ：“ This is a high-tech 、 An era of progress and high security , This sentence is of great significance to people . But when like AMD Such technology giants use simple passwords , If used ‘password’ To protect its network from intrusion , This sentence seems to remain only on the surface of beauty . It's a pity , This is it. AMD The real password used by employees , Yes AMD It's even more humiliating for the security department , Because of the documents we stole , They also received a large amount of construction funds —— All this is due to these weak passwords .”

Originally thought RansomHouse The statement of is just “ Exaggerate ”, But according to TechCrunch The analysis results of its public data samples show that ,RansomHouse It's not a joke ： part AMD The password used by employees is indeed too simple , Such as “password”、“123456” and “Welcome1” wait —— For hackers , intrusion AMD The internal system is as easy as a palm .

But this is also more confusing ：AMD Such a big chip giant , There is no security check on its system to ensure that employees use strong passwords ？ Or say , Get into AMD No other steps are required for the internal system , Just need a password ？

“AMD And any high-tech company should require multi factor authentication against phishing for all logins . If you can't use MFA, It also requires a strong and unique password .” One from the safety awareness training platform KnowBe4 Expert Roger Grimes Express ：“ Ironically ,AMD Employees are still using things like ’password’ Such a password to access critical Networks , This is really incomprehensible .”

3、 ... and 、AMD： An investigation is under way

stay RansomHouse Declare “ The mystery ” That day ,AMD In response ：“AMD Know that some lawbreakers claim to have from AMD Stolen data , An investigation is under way .” But about whether the ransom is required 、 Which systems have become targets 、 Whether customer data is accessed 、 Whether password security measures are set ,AMD All refuse to answer .

take the reverse into consideration RansomHouse The home page “ The victim ” list , add AMD Then there are six , The last two are Shoprite and AMD：

Besides , from RansomHouse From the description of this list , The main purpose of stealing data is for money ：“ These companies either believe that their economic interests outweigh the interests of entrusting data to others , Or choose to hide the fact that their data has been leaked .”

But according to BleepingComputer reports ,RansomHouse No direct contact AMD Asking for ransom , Instead, they intend to sell data to other entities or their competitors , Because it will “ More valuable ”.

Last , You are right about AMD What's your opinion on the event of data disclosure caused by employees' weak passwords ？

Reference link ：

• https://restoreprivacy.com/ransomhouse-group-amd-advanced-micro-devices/

• https://www.bleepingcomputer.com/news/security/amd-investigates-ransomhouse-hack-claims-theft-of-450gb-data/

• https://techcrunch.com/2022/06/28/amd-extortion-ransomhouse/