https://tech.sina.com.cn/i/2018-09-25/doc-ifxeuwwr7938577.shtml
腾讯员工好奇检查酒店WiFi漏洞 被新加坡安全局逮捕
腾讯员工好奇检查酒店WiFi漏洞 被新加坡安全局逮捕
新浪科技讯 北京时间9月25日上午消息,在新加坡参加网络安全会议期间,一位腾讯工程师入侵了其所住酒店的WiFi。
现年23岁的郑杜涛(Zheng Dutao,音译)为腾讯的安全工程师。在入住新加坡飞龙酒店时,忽对酒店的WiFi服务器是否存在漏洞心生好奇。
郑杜涛成功黑入酒店WiFi服务器,并在一篇名为“Exploit Singapore Hotels”(利用新加坡酒店漏洞)的博文中公布了酒店管理员的服务器密码。该文引起新加坡网络安全局(CSA)的注意,CSA随后对其进行了抓捕。
周一(9月24日),郑杜涛因其黑客行为被新加坡国家法院罚款5000新加坡币。他承认一项针对其的指控,即故意泄露密码,导致飞龙酒店的数据暴露于未授权访问的威胁之下。另一项类似的指控也纳入对郑杜涛的量刑考虑范围。
上个月,郑杜涛抵达新加坡参加“Capture the Flag”竞赛,该比赛与正在洲际酒店举行的网络安全会议共同举行。涉及黑客攻击和反黑客攻击的各路安全专家均有参与该比赛。
8月27日晚,郑杜涛入住武吉士站附近的飞龙酒店。一天后,他对酒店WiFi服务器是否存在可能的漏洞感到好奇。他成功地通过谷歌搜索到酒店WiFi系统的默认用户名和密码。
接入酒店WiFi网关后,郑杜涛在接下来的三天内开始执行脚本,破解文件和密码,最后成功登入酒店WiFi服务器的数据库。
酒店的服务器模型确实存在一个漏洞,郑杜涛利用该漏洞获取了服务器访问权限。他还曾尝试访问飞龙酒店旗下小印度分店(“Little Indian”)的WiFi服务器但未成功。
在他的个人博客上,郑杜涛记录了自己的黑客行为。他在文章里公开飞龙酒店WiFi服务器的管理员密码,并在WhatsApp群聊中分享了他的博客文章的访问链接。
“披露这些访问代码,郑杜涛清楚地知道,飞龙酒店的WiFi服务器上的漏洞极有可能为其他人用于非法目的,从而可能对连锁酒店造成损失,”副检察长Thiagesh Sukumaran说。
检方表示,2014年以来,郑杜涛一直在撰写有关服务器漏洞的博客。以上事件是他第一个发布自己发现的漏洞。
CSA发现他的博客文章后立即提醒了飞龙酒店管理层。郑杜涛在对方要求后删除了文章。飞龙酒店IT副总裁于9月1日向警方提供了这次黑客攻击的报告。
检方要求对郑杜涛处以5000新加坡币的罚款,称郑杜涛似乎出于好奇而犯罪,且并未造成任何“有形损失”。但是副检察官指出郑杜涛不止在一个论坛上分享该篇博客文章。
“郑杜涛先生作为一名网络安全专业人士理应清楚在博客上公布管理员密码后,该密码为非法目的所利用的可能性极高。”副检察官说道。
根据检方的说法,由于其他酒店也采用相同的服务器模式,郑杜涛的行为也可能导致其他酒店成为网络攻击的受害者,使得黑客可以访问获取酒店客人的信息。
副检察官补充说,判决有助于震慑国外人士擅自访问新加坡系统。
郑杜涛的律师Anand Nalachandran指出,虽然郑杜涛的行为可导致风险增加,但其并未对酒店造成实际损害。考虑到郑杜涛已经在监狱中待了几天时间,律师请求罚款最高不超过5000新加坡币。
对于擅自披露密码的犯罪行为,郑杜涛可能面临三年监禁与最高1万新加坡币的罚款。(木尔)
Tencent employees curious to check the hotel WiFi vulnerability. Arrested by the Singapore Security Bureau
Tencent employees curious to check the hotel WiFi vulnerability. Arrested by the Singapore Security Bureau
Sina Technology News Beijing time on September 25 morning news, during the cyber security conference in Singapore, a Tencent engineer invaded the WiFi of the hotel where he lived.
The 23-year-old Zheng Dutao is a security engineer at Tencent. When staying at the Fragrance Hotel in Singapore, I was curious about whether the hotel's WiFi server was vulnerable.
Zheng Dutao successfully entered the hotel's WiFi server and published the hotel administrator's server password in a blog post called "Exploit Singapore Hotels". The article caught the attention of the Singapore Cyber Security Authority (CSA), which was subsequently arrested by the CSA.
On Monday (September 24th), Zheng Dutao was fined 5,000 Singapore dollars by the Singapore National Court for his hacking. He pleaded guilty to an allegation that the password was deliberately revealed, causing the data of the Fragrance Hotel to be exposed to the threat of unauthorized access. Another similar allegation was also included in the scope of Zheng Dutao's sentencing considerations.
Last month, Zheng Dutao arrived in Singapore to participate in the “Capture the Flag” competition, which was held in conjunction with the Cyber Security Conference being held at InterContinental Hotels. Security experts involved in hacking and anti-hacking attacks are involved in the competition.
On the evening of August 27th, Zheng Dutao stayed at the Feilong Hotel near Bugis Station. One day later, he was curious about whether the hotel WiFi server had a possible vulnerability. He successfully searched the default username and password for the hotel WiFi system via Google.
After accessing the hotel's WiFi gateway, Zheng Dutao began executing scripts, cracking files and passwords in the next three days, and finally successfully logged into the database of the hotel's WiFi server.
The hotel's server model does have a vulnerability, and Zheng Dutao used the vulnerability to gain access to the server. He also tried to access the WiFi server of the Little India branch of the Fragrance Hotel but was unsuccessful.
On his personal blog, Zheng Dutao recorded his hacking behavior. In the article, he published the administrator password for the Fragrance Hotel WiFi server and shared the access link for his blog post in the WhatsApp group chat.
"Disclosing these access codes, Zheng Dutao clearly knows that the loopholes in the WiFi server of the Fragrance Hotel are very likely to be used for illegal purposes by others, which may cause damage to the hotel chain," said Deputy Attorney General Thiagesh Sukumaran.
The prosecution said that since 2014, Zheng Dutao has been writing a blog about server vulnerabilities. The above incident was his first release of the vulnerability he found.
CSA immediately alerted the management of the Dragon Hotel after discovering his blog post. Zheng Dutao deleted the article after the request of the other party. The vice president of IT at Fragrance Hotel provided the police with a report on the hacking attack on September 1.
The prosecution demanded a fine of 5,000 Singapore dollars for Zheng Dutao, saying that Zheng Dutao seemed to commit crimes out of curiosity and did not cause any "tangible loss." But the Deputy Prosecutor pointed out that Zheng Dutao not only shared the blog post in a forum.
“As a cyber security professional, Mr. Zheng Dutao should be aware that after the administrator password is posted on the blog, the possibility of using the password for illegal purposes is extremely high,” said the Deputy Prosecutor.
According to the prosecution, because other hotels also use the same server model, Zheng Dutao's behavior may also cause other hotels to become victims of cyber attacks, allowing hackers to access information about hotel guests.
The Deputy Prosecutor added that the verdict would help to deter foreign visitors from visiting the Singapore system.
Zheng Dutao’s lawyer, Anand Nalachandran, pointed out that although Zheng Dutao’s actions could lead to increased risks, it did not cause actual damage to the hotel. Considering that Zheng Dutao has been in prison for a few days, the lawyer requested a fine of up to 5,000 Singapore dollars.
Zheng Dutao may face a three-year imprisonment and a fine of up to 10,000 Singapore dollars for criminal acts of unauthorized disclosure of passwords. (Mur)
腾讯员工好奇检查酒店WiFi漏洞 被新加坡安全局逮捕
腾讯员工好奇检查酒店WiFi漏洞 被新加坡安全局逮捕
新浪科技讯 北京时间9月25日上午消息,在新加坡参加网络安全会议期间,一位腾讯工程师入侵了其所住酒店的WiFi。
现年23岁的郑杜涛(Zheng Dutao,音译)为腾讯的安全工程师。在入住新加坡飞龙酒店时,忽对酒店的WiFi服务器是否存在漏洞心生好奇。
郑杜涛成功黑入酒店WiFi服务器,并在一篇名为“Exploit Singapore Hotels”(利用新加坡酒店漏洞)的博文中公布了酒店管理员的服务器密码。该文引起新加坡网络安全局(CSA)的注意,CSA随后对其进行了抓捕。
周一(9月24日),郑杜涛因其黑客行为被新加坡国家法院罚款5000新加坡币。他承认一项针对其的指控,即故意泄露密码,导致飞龙酒店的数据暴露于未授权访问的威胁之下。另一项类似的指控也纳入对郑杜涛的量刑考虑范围。
上个月,郑杜涛抵达新加坡参加“Capture the Flag”竞赛,该比赛与正在洲际酒店举行的网络安全会议共同举行。涉及黑客攻击和反黑客攻击的各路安全专家均有参与该比赛。
8月27日晚,郑杜涛入住武吉士站附近的飞龙酒店。一天后,他对酒店WiFi服务器是否存在可能的漏洞感到好奇。他成功地通过谷歌搜索到酒店WiFi系统的默认用户名和密码。
接入酒店WiFi网关后,郑杜涛在接下来的三天内开始执行脚本,破解文件和密码,最后成功登入酒店WiFi服务器的数据库。
酒店的服务器模型确实存在一个漏洞,郑杜涛利用该漏洞获取了服务器访问权限。他还曾尝试访问飞龙酒店旗下小印度分店(“Little Indian”)的WiFi服务器但未成功。
在他的个人博客上,郑杜涛记录了自己的黑客行为。他在文章里公开飞龙酒店WiFi服务器的管理员密码,并在WhatsApp群聊中分享了他的博客文章的访问链接。
“披露这些访问代码,郑杜涛清楚地知道,飞龙酒店的WiFi服务器上的漏洞极有可能为其他人用于非法目的,从而可能对连锁酒店造成损失,”副检察长Thiagesh Sukumaran说。
检方表示,2014年以来,郑杜涛一直在撰写有关服务器漏洞的博客。以上事件是他第一个发布自己发现的漏洞。
CSA发现他的博客文章后立即提醒了飞龙酒店管理层。郑杜涛在对方要求后删除了文章。飞龙酒店IT副总裁于9月1日向警方提供了这次黑客攻击的报告。
检方要求对郑杜涛处以5000新加坡币的罚款,称郑杜涛似乎出于好奇而犯罪,且并未造成任何“有形损失”。但是副检察官指出郑杜涛不止在一个论坛上分享该篇博客文章。
“郑杜涛先生作为一名网络安全专业人士理应清楚在博客上公布管理员密码后,该密码为非法目的所利用的可能性极高。”副检察官说道。
根据检方的说法,由于其他酒店也采用相同的服务器模式,郑杜涛的行为也可能导致其他酒店成为网络攻击的受害者,使得黑客可以访问获取酒店客人的信息。
副检察官补充说,判决有助于震慑国外人士擅自访问新加坡系统。
郑杜涛的律师Anand Nalachandran指出,虽然郑杜涛的行为可导致风险增加,但其并未对酒店造成实际损害。考虑到郑杜涛已经在监狱中待了几天时间,律师请求罚款最高不超过5000新加坡币。
对于擅自披露密码的犯罪行为,郑杜涛可能面临三年监禁与最高1万新加坡币的罚款。(木尔)
Tencent employees curious to check the hotel WiFi vulnerability. Arrested by the Singapore Security Bureau
Tencent employees curious to check the hotel WiFi vulnerability. Arrested by the Singapore Security Bureau
Sina Technology News Beijing time on September 25 morning news, during the cyber security conference in Singapore, a Tencent engineer invaded the WiFi of the hotel where he lived.
The 23-year-old Zheng Dutao is a security engineer at Tencent. When staying at the Fragrance Hotel in Singapore, I was curious about whether the hotel's WiFi server was vulnerable.
Zheng Dutao successfully entered the hotel's WiFi server and published the hotel administrator's server password in a blog post called "Exploit Singapore Hotels". The article caught the attention of the Singapore Cyber Security Authority (CSA), which was subsequently arrested by the CSA.
On Monday (September 24th), Zheng Dutao was fined 5,000 Singapore dollars by the Singapore National Court for his hacking. He pleaded guilty to an allegation that the password was deliberately revealed, causing the data of the Fragrance Hotel to be exposed to the threat of unauthorized access. Another similar allegation was also included in the scope of Zheng Dutao's sentencing considerations.
Last month, Zheng Dutao arrived in Singapore to participate in the “Capture the Flag” competition, which was held in conjunction with the Cyber Security Conference being held at InterContinental Hotels. Security experts involved in hacking and anti-hacking attacks are involved in the competition.
On the evening of August 27th, Zheng Dutao stayed at the Feilong Hotel near Bugis Station. One day later, he was curious about whether the hotel WiFi server had a possible vulnerability. He successfully searched the default username and password for the hotel WiFi system via Google.
After accessing the hotel's WiFi gateway, Zheng Dutao began executing scripts, cracking files and passwords in the next three days, and finally successfully logged into the database of the hotel's WiFi server.
The hotel's server model does have a vulnerability, and Zheng Dutao used the vulnerability to gain access to the server. He also tried to access the WiFi server of the Little India branch of the Fragrance Hotel but was unsuccessful.
On his personal blog, Zheng Dutao recorded his hacking behavior. In the article, he published the administrator password for the Fragrance Hotel WiFi server and shared the access link for his blog post in the WhatsApp group chat.
"Disclosing these access codes, Zheng Dutao clearly knows that the loopholes in the WiFi server of the Fragrance Hotel are very likely to be used for illegal purposes by others, which may cause damage to the hotel chain," said Deputy Attorney General Thiagesh Sukumaran.
The prosecution said that since 2014, Zheng Dutao has been writing a blog about server vulnerabilities. The above incident was his first release of the vulnerability he found.
CSA immediately alerted the management of the Dragon Hotel after discovering his blog post. Zheng Dutao deleted the article after the request of the other party. The vice president of IT at Fragrance Hotel provided the police with a report on the hacking attack on September 1.
The prosecution demanded a fine of 5,000 Singapore dollars for Zheng Dutao, saying that Zheng Dutao seemed to commit crimes out of curiosity and did not cause any "tangible loss." But the Deputy Prosecutor pointed out that Zheng Dutao not only shared the blog post in a forum.
“As a cyber security professional, Mr. Zheng Dutao should be aware that after the administrator password is posted on the blog, the possibility of using the password for illegal purposes is extremely high,” said the Deputy Prosecutor.
According to the prosecution, because other hotels also use the same server model, Zheng Dutao's behavior may also cause other hotels to become victims of cyber attacks, allowing hackers to access information about hotel guests.
The Deputy Prosecutor added that the verdict would help to deter foreign visitors from visiting the Singapore system.
Zheng Dutao’s lawyer, Anand Nalachandran, pointed out that although Zheng Dutao’s actions could lead to increased risks, it did not cause actual damage to the hotel. Considering that Zheng Dutao has been in prison for a few days, the lawyer requested a fine of up to 5,000 Singapore dollars.
Zheng Dutao may face a three-year imprisonment and a fine of up to 10,000 Singapore dollars for criminal acts of unauthorized disclosure of passwords. (Mur)
