14 DAY TRIAL // While the United Nations Development Programme (UNDP) claims that the data on the servers breached by TeaMp0isoN is outdated and the server itself is old, the hackers say that the logs they found prove otherwise.
A few days ago, TeaMp0isoN managed to break into the servers of the UNDP, leaking usernames, passwords and email addresses of their members, including the ones of the administrators.
ThreatPost obtained a statement from UNDP representatives who reported that the group actually compromised an unpatched server that dated back to 2007 and the email addresses and the passwords were not in use any more.
UNDP stated that the server was taken offline and the passwords the hackers published were no longer valid.
I contacted one of the hackers involved in the operation and he revealed that what the UNDP affirmed is actually not true.
“The UN ‘old server’ thing is foolish. They can't protect themselves in any way and that’s a fact. Just when seeing their passwords, even from admins, based on the 123456 charset, is just an embarrassment,” said a member of TeaMp0isoN.
They don’t want to reveal exactly what vulnerability they used to breach the systems, since they claim that it was not fixed yet and they plan on using it on other occasions.
“I’ll keep my mouth shut since they said they already fixed it, but they didn’t. And shutting down random servers at UN will not solve their problem,” he added.
It turns out that they still have access to the server UNDP representatives declared was shut down, but they don’t plan on launching an attack against them, instead they only want to continue exploiting its data.
Even more, they revealed that the logs they found were clearly dated 2011, which means that the data it stores is not as old as officials suggest.