The Feeding Frenzy

In 2008 I had the honour to deliver a Keynote at the E-COPP Security event, hosted by Loughborough University. This presentation discussed the aspect of Cyber Crime, and the associated threats that were impacting the interconnected world, users, and global organisations. The theme of this presentation was really all about sending out a battle cry that, Cyber Crime, Cyber Fraud, and the potential of Cyber Warfare should be expected to grow, in what was, then the coming years of 2009, 2010, and onward. However, I was somewhat knocked of balance to find that a very senior academic, involved in the world of Cyber Security, expressed that he disagreed with my assessment, and stressed that such computer crimes were actually in decline! – thus blowing my Keynote right out of the water – but, all the same, I did stand my ground!

The underpinning of this opposing opinion that ‘CyberConflict’ was actually in decline was based on the low levels of detection, and visibility of cyber adversity, with statistics tending to demonstrate that things were getting better. It looked like, for some reason, all of the bad guys had been out to their local outfitter, and had purchased a brand new White Hat! This of course was certainly not the case – the reason was, it was around this time when the ‘Insecurity’ Industry started to go deeper underground, and rather than rattling their cybertronic tools, they were being much more gentle, and sensitive, and were starting to evolve into the new world of cloaked operational activities – their intent was no longer to boast of their dark-skilled computer prowess, but were much more focused on the mission of gathering gilt.

In this year of 2011, I feel we are aware that the progressive path of CyberConflict has been in a continued state, and now also encompassing the interests of the Hacktivism community, adding their lot into the pot of the darker world of CyberConflict.

But all that said, what really worries me is, when I see images of some young hacker who has literally just left school, linked to the profiles of some of the organisations who have suffered incursion, and compromise, I am very very concerned!

Now this is just yet a suggestion, but could it be that these successful incursions are not so much about smart hacking techniques, but more a case of leveraging passive tools, to target low hanging, exposed fruit which makes available logical intelligence which can be harvested by a 'Footprinting' activity (as per the Cuckoos Egg - Cliff Stoll - re nix shadow password files being exploited off-line).

I feel one area which gets overlooked is that of the potential attacker to running some Black Hat tools to gather masses on information in the form of DNS records, files, and content obtained from Metadata, which may be extracted in the form of Data Leakage – and you may take it from me, based on first hand experience, post analysis and extraction of such meta-objects, these can provide information on, internal users, file structure, O/S type, and version, applications, servers, e-mail addresses, user names, IP addresses, printers, internal servers, and at times, hard coded files (as I have discovered, in one case, complete with user ID, and password).

And further analysis of the above can even evidence as to how some users are working within that environment – e.g. – say using Privileged accounts for routine BAU operations, which may then assist a would be hacker to design his/her vectors of attack against a targeted individual users. The other benefit of such passive 'Footprinting' of course is, as it is based on Data Leakage, and extracting Metadata from published, or obtained objects, it tends to be very silent, and doesn’t tend to set off any alarms.

The conclusion is an easy one - if more organisations evaluated their own perimeters of operations seeking out any actual or possible opportunities for passive data leakage, in my opinion, there would be a significant reduction in successful inclusions. So when you next commission a penetration test, just consider adding in a little consideration for Data Leakage – trust me, it makes a lot of sense.

Comment on this blog