Quote:
Originally Posted by SmokeyTheBear
When you setup nats you provide login details for those whom you wish permission to access nats. Anyone else remotely accessing nats software using an account that was not created with these permission would be a backdoor as is commonly known.
|
I think you're wrong on this - there was no back door in the sense you mean it. On every single TMM install, the user info was downloaded once tmm_fred's account was authenticated, using regular nats scripts to extract user db info. Those scripts required authentication, which is why like clockwork, the tmm admin account logged in, then that script was then called millions of times.
Even on virgin installs, virgin as in they were not yet even live so why was the tmm admin account being used to login at regular intervals?
TMM John publicly stated their central db was hacked (by russians if I'm not mistaken) which kept all the admin login details and that was then being used by a script to login regularly to extract new user details. Emails to my knowledge.
Where things are grey is that TMM John stated an investigation was under way and the community (or clients I can't remember which) would be kept informed. Nothing was said further due to "ongoing investigation". An investigation either yielded no clues or the investigation story was a cover up. Either way, no-one heard anything official from TMM.
Which is where all the whispering came from... rogue employee (Fred?) or not? I don't know. Like I said, the DC and initial client had all the evidence from their own investigation, which was submitted to TMM months before this whole thing blew up publicly. The only reason the DC went public was because of TMM's procrastinating position.
