Monday, 20 July 2015

“Hacking Team” Gets Hacked, Caught Using Trivial Passwords

Until last week, an Italian cybersecurity company known as “Hacking Team” was reputed to be an elite provider of sophisticated spyware and hacking tools to numerous governments, police agencies and intelligence services.  But then they found themselves on the receiving end of a hack, with over four hundred gigabytes of emails, source code and internal documents collected and posted online for all to see.  Adding insult to injury was the fact that the hack apparently resulted from a failure to employ basic cybersecurity practices on their own systems. 

The attackers announced the public availability of Hacking Team’s files by hijacking the company’s official Twitter account and providing a direct link to a storage repository and an associated Torrent file.

News outlets reviewing the now-public Hacking Team data report that key security staff at Hacking Team utilized passwords with simple variations of “password” for privileged root access to key systems, which are well-known to be susceptible to hybrid attacks that crack passwords using a dictionary list while substituting numbers and symbols for certain alpha characters (e.g., replacing “s” with “$”) as well as appending numbers or special characters to the end of words. 

There are many other aspects to this hacking story that are attracting attention, but perhaps the key takeaway is that even highly-sophisticated companies and users can fall victim to cyber-attacks when established cybersecurity practices are not properly administered.  This underscores a few essential points that should always be emphasized with senior management at firms:

  • Never get complacent when it comes to monitoring and improving cyber-security practices;
  • Policies for complex passwords and other security defenses are not effective unless enforced and audited; and
  • Tech-savvy IT and information security personnel are not entitled to “self-determine” their personal level of compliance, and in many instances should be subject to stricteroversight because they often have root access and administrator privileges on corporate systems.

View the original content and more from this author here: http://ift.tt/1Sw14UK



from cyber security caucus http://ift.tt/1Mffjxn
via IFTTT

No comments:

Post a Comment