While Halloween only comes around once a year, organizations are constantly encountering situations that are downright scary. In honor of Halloween we thought readers might get a thrill out of a few frightful, but true, cyber tales as experienced by cyber security expert and SANS Institute Instructor, Dr. Eric Cole.
Invasion of the System Snatchers
Consider this dreadful example. It is a seemingly beautiful afternoon and Dr. Cole is leaving to play golf (something he rarely has the opportunity to do). As he's getting ready he receives a call from his client; they are in panic mode after having just received a call from the FBI alerting them that they have had a system compromised by an APT (gasp!). He rushes to meet his client onsite (so much for playing golf) and they begin the dreaded search (if you want to find a needle in a haystack, you first have to reduce the amount of hay). This gruesome task, which led to the identification of the compromised boxes, required them to perform painfully-strict outbound packets while sorting the traffic based on outbound connections, length of the connection and size of the data leaving the organization.
How scary is this:two of the compromised boxes were another foreign adversary that they did not even realize compromised their network while the other system was an administrator who was running an illegal NetFlix video store from the company's data center! Perhaps the most gruesome part of this tale is this was a Fortune 50 organization that had no clue what was happening on their network -- very frightening!
I Know What You Did....At The Mall
Consider this next tale. An organization wants to ensure better security and protection after a laptop is stolen from an employees car while he is shopping at the mall. While full disk encryption could help protect data from a stolen laptop, the CIO asked that the incident be investigated to determine exactly what happened. After speaking with the user he confirmed the car was locked and the laptop left on the back seat. Seems harmless, but wait, upon additional questioning the user began to appear very uncomfortable. Finally, following some hesitation, he admitted the car was a convertible and the top was left down as he went into the mall. It does not happen often, but Dr. Cole was speechless. Perhaps the most frightening thing about this tale is people who use this logic are given access to sensitive corporate data. How terrifying is that!!
If you dare to read on, here's another laptop horror story. This particular organization is very concerned about protecting the data on their laptops; therefore, they decide to install full disk ("on the fly") encryption on all laptops. They spent several months evaluating products and installing the software. Despite doing what they believed to be their due diligence, they overlooked one extremely disturbing software feature -- when the user logs in, it unlocks the keys that enable the data on the hard drive to be decrypted and read (how scary is that!). Essentially the strength of the system is based on the robustness and protection of the user's password.
Sign up for Computerworld eNewsletters.