Ordinarily I would feel bad for Mr. Wu, having that sort of intimate detail about his person life revealed like this... but the following negates that feeling entirely: No encryption and then just...
I remember the feeling of dread as it came over me when I imagined what could have been exposed in those 500 desktops previously sold unencrypted and unwiped via Able Auctions. I then moved on to one of the Supermicro servers and began to mount various disk image files using the StarWind software. The first image I explored contained multiple folders of invoices from their retail stores, while the second contained of images of devices. I mounted one image belonging to Steve Wu the founder of NCIX. Inside I found data going back 13 years, financial documents, employment letters containing SIN numbers, and data from Mr. Wu’s home computer which featured personal documents and images of his family mixed in with numerous private photos of high end escorts from mainland china.
Ordinarily I would feel bad for Mr. Wu, having that sort of intimate detail about his person life revealed like this... but the following negates that feeling entirely:
On my way out, I couldn’t help but think about how Jeff boasted that he was able to “crack their ISCSI server with very simple tools in five minutes” and called their security “really, really, bad” and I would whole heartedly agree with him there. This entire scenario could have been avoided by simply implementing full disk encryption within their organization or destroying the drives as their bankruptcy loomed. NCIX founder Steve Wu worked in IT for many years and fully understood the risk involved in his choice not to encrypt any data and then the repercussions of him abandoning the assets in a warehouse. Mr. Wu’s reckless behavior has harmed every individual and business NCIX dealt with, by allowing millions of confidential records to be sold without any oversight to anonymous buyers. The data can easily be used to cash out credit cards, craft convincing phishing messages containing details on purchases and commit identity theft.
No encryption and then just sold all the company desktops, servers and loose drives without even bothering to wipe them first. :/
Incidentally, Linus Sebastian (former host of NCIX Tech Tips) even went to the bankruptcy auction and filmed it for his new YouTube channel (Linus Tech Tips). I absolutely can't wait to see what he has to say about this on his next WAN show podcast episode, especially considering his personal details might very well be included in the leaked data and he didn't paint a particularly flattering picture when he discussed the senior management of NCIX on a previous episode about the bankruptcy (at the 44m28s mark).
Edit - Some additional interesting stuff to look at:
Ordinarily I would feel bad for Mr. Wu, having that sort of intimate detail about his person life revealed like this... but the following negates that feeling entirely:
No encryption and then just sold all the company desktops, servers and loose drives without even bothering to wipe them first. :/
Incidentally, Linus Sebastian (former host of NCIX Tech Tips) even went to the bankruptcy auction and filmed it for his new YouTube channel (Linus Tech Tips). I absolutely can't wait to see what he has to say about this on his next WAN show podcast episode, especially considering his personal details might very well be included in the leaked data and he didn't paint a particularly flattering picture when he discussed the senior management of NCIX on a previous episode about the bankruptcy (at the 44m28s mark).
Edit - Some additional interesting stuff to look at:
LTT Forum post about the leak: https://linustechtips.com/main/topic/974112-ncix-data-breach-2018/
Someone there posted a pretty damning screencap from the LTT NCIX auction video too: https://linustechtips.com/main/uploads/monthly_2018_09/image0.jpg.e9fb217e6ebad25aaf52b24ea25a87cc.jpg