Former hackers protect NSW's critical infrastructure

Powered by SC Magazine
 
Page 2 of 2 | Single page

Some of the more interesting attacks were conducted over McDonalds' 860 stores that offer free wireless networks, monitored by Earthwave.

“My colleague gets a call from some company who says someone had logged on from our IPs and deleted their entire file server and web server,” Minassian said.

“The attacker had logged on using a VPN back to his office from a [McDonalds] Stanmore store and used a content management system to delete everything. Then he logged on to his Facebook and Twitter.”

Within an hour, Earthwave had the attacker's name and friends list. The unnamed victim, which would normally require legal authority to obtain details of the attacker, had quickly pinned the assault on an IT staffer who was fired days earlier.

“It was hacking 101. He thought he was safe, but we had his logs.”

Another recent investigation saw engineers tracking IT staff within a Federal Government agency who for months had stolen and forwarded sensitive internal emails to hundreds of staff.

The culprits were caught siphoning emails from the agency’s board and chief executive to external Hotmail and Gmail accounts, and sending those messages to hundreds of staff inboxes from there.

“We went in after hours and put in an appliance which captured every packet that went through. We found the IP addresses linked to those emails and they called the police,” Minassian said.

Earthwave also investigates more serious offences, including a large child pornography ring in which some members accessed monitored web sites from McDonalds stores.

The current investigation spans multiple countries and involves law enforcement from the FBI and Interpol.

Malware

Malware writers were increasingly deploying new malware variants against SCADA (Supervisory Control and Data Acquisition) networks, according to a chief engineer within the SOC.

He said those targeted attacks, while generally ineffective, were often a prelude to wider attacks.

“They might feel that SCADA, with all the media hype, is less secure -- which is not necessarily the case -- so they try to target them first.”

But the majority of attacks targeted vulnerabilities that admins had neglected to patch.

In the last month, engineers had spotted an uptick in attacks against Cisco firewalls within the finance sector that targeted vulnerability that was patched years ago. The hole enabled attackers to access the management console on the firewalls.

Copyright © SC Magazine, Australia


Former hackers protect NSW's critical infrastructure
 
 
 
Top Stories
There's no coke and hookers in the cloud
[Blog post] Where did the love go?
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1043

Vote