Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Crime is still Crime! Pt 2 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Crime is still Crime! Pt 2


There is an interesting piece running on several web news outlets and twitter is abuzz with HBGary Federal being hacked by Anonymous. HBGary was in the news less than 3 days ago stating they were tracking down members of Anonymous and aiding the FBI.

Last month we ran a piece Crime is still Crime and were assessing the risks of non-security firms "attacking back."

http://www.isc.sans.org/diary.html?storyid=10300

With today's events and HBGary having an incident it re-enforces the advice for of assess your risk and posture before attacking back. Esspecially for those that are not in the Information Security field. If your revenue driver is making baby bottles then ask yourself is this the right move and do I have the skill set on staff.

Less than 3 days ago:
http://uk.finance.yahoo.com/news/Cyberactivists-warned-arrest-ftimes-3487898538.html?x=0
Today:
http://nakedsecurity.sophos.com/2011/02/07/hbgary-federal-hacked-and-exposed-by-anonymous/

I have been following these events (And will continue to follow) from the start as they cross government lines and this could set legal precedent for the future. Let's stay tuned as this takes shape.

And remember a paraphrase/quote from Cliff Stoll's The Cuckoo's Egg "Professionals don't make big mistakes, they make little ones!"

Richard Porter

--- ISC Handler on Duty

Richard

157 Posts
ISC Handler
I think some sensitive organizations allow HBGary remote access into their networks for incident response and such. Imagine the awkward conversations happening today with those customers. And HBGary essenitally publicly taunted Anonymous to start all of this off.
Anonymous

Posts
The social engineering apparently used in the attack is definitely thought-provoking. Having reset the password for and gained access to an admin's email account with an external provider, and armed with a history of sent and received emails stored therein, could an attacker persuade one of your co-admins to reset your account password? And could you then sudo into a server's root account using the same?

Is your organisation's own, secure email infrastructure so good that your employees actually do use it? Do you actually sign your email as standard practice, such that unsigned email would immediately appear suspicious? And are there real barriers in place to prevent further escalation of privileges if an account is breached?

The method employed by Anonymous perhaps reflects how HBGary likewise supposedly used social engineering and perhaps even attempted exploits or trojans. This too is worrying. Would law enforcement really have paid for information obtained in this way, and acted upon it? If an analysis is made of the leaked documents and emails it may bring some answers.
Steven C.

171 Posts Posts
(Disclaimer: Not law enforcement, not a lawyer.)

That's a good question, Steven.

They might treat information gathered using black hat tactics in the same way as information provided by an informant. I don't know if it would be admissible as evidence but it could be used to provide direction or uncover leads that could be followed up using more conventional methods.
No Love.

37 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!