Former hackers protect NSW's critical infrastructure

Powered by SC Magazine
 
Page 2 of 2 | Single page

Some of the more interesting attacks were conducted over McDonalds' 860 stores that offer free wireless networks, monitored by Earthwave.

“My colleague gets a call from some company who says someone had logged on from our IPs and deleted their entire file server and web server,” Minassian said.

“The attacker had logged on using a VPN back to his office from a [McDonalds] Stanmore store and used a content management system to delete everything. Then he logged on to his Facebook and Twitter.”

Within an hour, Earthwave had the attacker's name and friends list. The unnamed victim, which would normally require legal authority to obtain details of the attacker, had quickly pinned the assault on an IT staffer who was fired days earlier.

“It was hacking 101. He thought he was safe, but we had his logs.”

Another recent investigation saw engineers tracking IT staff within a Federal Government agency who for months had stolen and forwarded sensitive internal emails to hundreds of staff.

The culprits were caught siphoning emails from the agency’s board and chief executive to external Hotmail and Gmail accounts, and sending those messages to hundreds of staff inboxes from there.

“We went in after hours and put in an appliance which captured every packet that went through. We found the IP addresses linked to those emails and they called the police,” Minassian said.

Earthwave also investigates more serious offences, including a large child pornography ring in which some members accessed monitored web sites from McDonalds stores.

The current investigation spans multiple countries and involves law enforcement from the FBI and Interpol.

Malware

Malware writers were increasingly deploying new malware variants against SCADA (Supervisory Control and Data Acquisition) networks, according to a chief engineer within the SOC.

He said those targeted attacks, while generally ineffective, were often a prelude to wider attacks.

“They might feel that SCADA, with all the media hype, is less secure -- which is not necessarily the case -- so they try to target them first.”

But the majority of attacks targeted vulnerabilities that admins had neglected to patch.

In the last month, engineers had spotted an uptick in attacks against Cisco firewalls within the finance sector that targeted vulnerability that was patched years ago. The hole enabled attackers to access the management console on the firewalls.

Copyright © SC Magazine, Australia


Former hackers protect NSW's critical infrastructure
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1075

Vote