AOH :: ISNQ6309.HTM

AusCert 2010: Defence illusion hack rooted in reality

AusCert 2010: Defence illusion hack rooted in reality
AusCert 2010: Defence illusion hack rooted in reality


http://www.computerworld.com.au/article/346907/auscert_2010_defence_illusion_hack_rooted_reality/ 

By Darren Pauli
Computerworld Australia
18 May, 2010 

A government agency was almost crippled after an employee opened a 
Trojan-infected PDF file, exposing some 40 adminstration passwords to a 
hacker.

That's the hypothetical scenario posited by a Defence Signals 
Directorate (DSD) cyber security technical investigations expert - who 
did not wish to be identified - speaking to the AusCert conference in 
Queensland this week. His job is one of response, where he conducts 
forensics on a compromised agency to reveal possible data loss or 
exploit methods used by hackers - essentially maintaining the latter 
part of the DSD motto "reveal their secrets - protect our own".

The scenario was complied from actual breaches and security incidents 
that the 24 x 7 DSD team had worked on. The fake agency, dubbed 
govtenders, had come close to suffering a catasophic breach after a user 
fell victim to a targeted phishing attack - something the agency sees 
often along with targeted attacks on client-side and third-party 
applications.

Once the rogue PDF was executed, the phoney attack could have exploited 
adminstration rights, made available by common and large-scale systems 
and network management tools like HP Openview, the DSD spokesman said.

"The point to take home is that if you are running on one machine [both] 
local adminstration rights and domain adminstration on a management 
agent, you're stuffed," the DSD spokesman said.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/

Site design & layout copyright © 1986- CodeGods