By Darren Pauli
18 May, 2010
A government agency was almost crippled after an employee opened a
Trojan-infected PDF file, exposing some 40 adminstration passwords to a
That's the hypothetical scenario posited by a Defence Signals
Directorate (DSD) cyber security technical investigations expert - who
did not wish to be identified - speaking to the AusCert conference in
Queensland this week. His job is one of response, where he conducts
forensics on a compromised agency to reveal possible data loss or
exploit methods used by hackers - essentially maintaining the latter
part of the DSD motto "reveal their secrets - protect our own".
The scenario was complied from actual breaches and security incidents
that the 24 x 7 DSD team had worked on. The fake agency, dubbed
govtenders, had come close to suffering a catasophic breach after a user
fell victim to a targeted phishing attack - something the agency sees
often along with targeted attacks on client-side and third-party
Once the rogue PDF was executed, the phoney attack could have exploited
adminstration rights, made available by common and large-scale systems
and network management tools like HP Openview, the DSD spokesman said.
"The point to take home is that if you are running on one machine [both]
local adminstration rights and domain adminstration on a management
agent, you're stuffed," the DSD spokesman said.
Best Selling Security Books and More!
Shop InfoSec News