Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday February 21 2020, @06:01PM   Printer-friendly
from the turning-Citrix-inside-out dept.

"SoyCow4275" writes in with this story via IRC:

Hackers Were Inside Citrix for Five Months:

Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.

In March 2019, the Federal Bureau of Investigation (FBI) alerted Citrix they had reason to believe cybercriminals had gained access to the company's internal network. The FBI told Citrix the hackers likely got in using a technique called "password spraying," a relatively crude but remarkably effective attack that attempts to access a large number of employee accounts (usernames/email addresses) using just a handful of common passwords.

In a statement released at the time, Citrix said it appeared hackers "may have accessed and downloaded business documents," and that it was still working to identify what precisely was accessed or stolen.

But in a letter sent to affected individuals dated Feb. 10, 2020, Citrix disclosed additional details about the incident. According to the letter, the attackers "had intermittent access" to Citrix's internal network between Oct. 13, 2018 and Mar. 8, 2019, and that there was no evidence that the cybercrooks still remain in the company's systems.

Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver's license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.

It is unclear how many people received this letter, but the communication suggests Citrix is contacting a broad range of individuals who work or worked for the company at some point, as well as those who applied for jobs or internships there and people who may have received health or other benefits from the company by virtue of having a family member employed by the company.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by Anonymous Coward on Friday February 21 2020, @06:39PM (5 children)

    by Anonymous Coward on Friday February 21 2020, @06:39PM (#960770)

    which is that citrix the company provides cyber security services to lots of big businesses.

    So if they are getting hacked and their employees are compromised, what does that do to the security of their customers?

    This is not just an identify theft breach.

    • (Score: 5, Funny) by ikanreed on Friday February 21 2020, @07:38PM (4 children)

      by ikanreed (3164) Subscriber Badge on Friday February 21 2020, @07:38PM (#960807) Journal

      The amount of valueless bullshit on most company VPNs is incredibly high.

      I can just imagine breaking into some of the places I've worked "oh look, this might be valuable, a sharepoint page with a 6 gig powerpoint presentation on the transformation of business data into policy compliant business data"

      • (Score: 1, Informative) by Anonymous Coward on Friday February 21 2020, @08:16PM (2 children)

        by Anonymous Coward on Friday February 21 2020, @08:16PM (#960816)
        but if you steal the credentials for lots of people with admin access to the network you can snoop through it and find all the valuable or compromising stuff.

        This is a major breach with national security implications.

        • (Score: 2) by ikanreed on Friday February 21 2020, @08:20PM (1 child)

          by ikanreed (3164) Subscriber Badge on Friday February 21 2020, @08:20PM (#960820) Journal

          I'm gonna level with you, I may have not been entirely serious in that assessment.

          But I was very serious in participating in the fourth steering committee meeting for defining pilot models of policy compliant data that adhere to best practices! We used big red cartoon Xes for examples of non policy compliant data that is to be avoided!

          • (Score: 1) by fustakrakich on Saturday February 22 2020, @12:48AM

            by fustakrakich (6150) on Saturday February 22 2020, @12:48AM (#960886) Journal

            We used big red cartoon Xes

            Ah, ok, that explains the 6 gigabytes...

            --
            La politica e i criminali sono la stessa cosa..
      • (Score: 2) by Runaway1956 on Saturday February 22 2020, @01:56AM

        by Runaway1956 (2926) Subscriber Badge on Saturday February 22 2020, @01:56AM (#960899) Journal

        I've browsed through our own VPN connected shares. If I were a vindictive disgruntled employee, I could find a few gig of stuff that might prove valuable, in the right market. So very much has zero value to anyone, other than the authors and/or the supervisors who directed the authoring. It would be something of a task to distill the valuable out of the valueless.

  • (Score: 2) by DeathMonkey on Friday February 21 2020, @06:56PM (2 children)

    by DeathMonkey (1380) on Friday February 21 2020, @06:56PM (#960784) Journal

    Jebus, they just made Sting [ultimateclassicrock.com] super jealous!

    • (Score: 0) by Anonymous Coward on Friday February 21 2020, @07:46PM (1 child)

      by Anonymous Coward on Friday February 21 2020, @07:46PM (#960810)

      First time I heard the word, "Citrix", I thought it might be some kind of a big bug... (insect, possibly from "cicada"?)

      • (Score: 0) by Anonymous Coward on Friday February 21 2020, @08:37PM

        by Anonymous Coward on Friday February 21 2020, @08:37PM (#960826)

        Citadel or Ricks?

  • (Score: 4, Funny) by Azuma Hazuki on Saturday February 22 2020, @02:07AM

    by Azuma Hazuki (5086) on Saturday February 22 2020, @02:07AM (#960903) Journal

    "Yer muvver's op-shec is Shitrix, Trebheckch!"

    --
    I am "that girl" your mother warned you about...
  • (Score: 2) by jasassin on Sunday February 23 2020, @04:04AM

    by jasassin (3566) <jasassin@gmail.com> on Sunday February 23 2020, @04:04AM (#961290) Homepage Journal

    They don't lock the accounts after five or ten failed login attempts?

    Let alone forcing password creation with small and capital letters with one number and one symbol!

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(1)