Social hackers target McAfee staff in church, at carparks

Powered by SC Magazine
 

Lockheed attack only the shape of things to come.

No place was sacred from cybercriminals who were getting bolder in their attempts to steal confidential data, going so far as to bail up a security vendor's staff member - in a church.

McAfee chief security officer Brett Wahlin said the security vendor's staff were physically harassed and its network defences tested by hackers.

Hackers sought information to undermine McAfee's firewalls, intrusion-prevention systems and critical infrastructure protection platforms relied on by millions of users, he said.

At least one worker was approached by a suspected attacker while in church after his movements were tracked through online social networks, he said. He posed as a colleague in an attempt to wheedle information from the McAfee worker. And similar attempts were made on staff in car parks outside of company offices, Wahlen said.

Others received phone calls from suspected attackers who attempted to obtain information such as usernames and passwords.

Attackers have assumed the roles of contractor, customer or partner to convince staff to hand over sensitive data.

The attacks started in March when security company RSA was hacked and information on its popular SecurID token system was stolen.

SC Magazine believed attackers stole crucial information to link SecurID serial numbers to seeds, allowing them to determine the token numbers used by customers.

Last week, defence contractor and RSA customer Lockheed Martin was hacked in an attack that may have used duplicate SecurID keys and a keylogger that provided enough information to access the company network.

The contractor denied that data was stolen but Wahlin said it was part of bigger plans beyond Lockheed's systems.

"They are building a respository on stolen information. I don't know what the final target will be, just wait and watch", Wahlin said.

McAfee replaced its SecurID tokens and shored-up security after the RSA breach, he said, because they were among those to be targeted.

Such  attacks were often called advanced persistent threats and include attacks using known and zero-day exploits.

Wahlin expected the frequency to increase: "To accentuate the damage of APTs is to exploit social engineering".

He advised organisations to educate their staff about the dangers of talking to strangers or those not authorised to receive information.

Cold war tactics

Information control is difficult for organisations so McAfee turned to Cold War tactics.

"We are looking at applying the principles of counter-intelligence to the private sector, notably around security clearances," said Wahlin, a former US counter-intelligence operator.

"We are testing what the employee base will accept. Tracking what you do when you are not at work - that was possible in the military, but that doesn't fly in business."

Workers bringing their own computers and devices such as smartphones into the office further complicated attempts to lock down the business, he said: "You can't simply sieze a personal device to perform forensics, there are laws that prevent that".

Circles of trust

By the end of this year, McAfee's internal network will have four rings to allocate access rights to devices depending on their levels of trust.

The private cloud, defence-in-depth model provided the greatest access on the inner rings to the most secure devices, and restricts access towards the outer rings.

While devices in the outer rings are assumed to be vulnerable and must use virtual interfaces to connect to limited services such as email, it was the second layer that Wahlin said was most interesting.

"Devices are supported but unmanaged ... the problem is who owns the device?" he said.

Copyright © SC Magazine, Australia


Social hackers target McAfee staff in church, at carparks
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 337

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 142

Vote