Protect What You Can. Dam the Rest.July 16, 2013 2 Comments
We are more than a stereotype. We are everything that could happen. Concocted and linked together to prepare for the worst and hope for the best. We are the sum of our parts. We are Murphy’s Law…a hypercane.
I’m in the big leagues now. A state-sponsored hacker. I am 2 l33T 4 u. If I were a professional athlete, I’d be on the cover of the Wheaties box. If I were a rock star, I’d allow only green M&M’s in my dressing room. Management hired me personally, but I’ve never even been there. I have a handler that meets me in public places. How cool is that? Management wants the intellectual process that Organization X (O.X.) is using to produce its new widget. Time to go to work.
See, I like to think of network security like a dam. The concrete is the firewall. The water reservoir is the stored data. The water that passes through, to be used or converted to energy, is the information sent out over the internet or stored on a device. Ideally, I’d like to have access to the entire water reservoir in order to find what I want. So naturally, I’ll begin by testing the dam. Most firewalls are riddled with holes that have yet to be patched and I just need to find one. I operate on the basic assumption that the Dutch boy hasn’t enough fingers to plug all of the holes in the dam.
I run a scanner program to sequentially “ping” IP addresses of the networked systems, testing for open ports. Nothing doing. Employing a few more tried and true techniques, I quickly realize that I’m dealing with a NGFW. Next-generation firewalls are all over the dam place these days. Really should just be called generation firewalls at this point. Kind of like how Dippin’ Dots has been the ice cream of the future since 1987. O.X.’s IT team is running a NGFW with an intrusion protection system (IPS), application control and URL filtering. It’s like a Go-Go-Gadget Dutch boy. I’m still going to get what I came for, but it won’t be by going through the dam.
Using public information available on O.X.’s website, I find the name of the project lead for the new widget. Jeffrey looks like an eyes-on-the-prize type. Let’s hope he brings his work home with him and that he’s as oblivious as he looks. A quick web search and I’ve got his home address. The security on his home network is a joke and I’m through it in no time.
- I’m a chief executive at O.X., accomplished and bright. I didn’t have a meteoric rise but, instead, I paid my dues. I’m proud to be where I am. It’s hard sometimes. Sometimes I feel like I’m holding the reins on a cart that’s before a horse. But we do good work and this new widget is going to help a lot of people. Once it is patented and production begins, it will revolutionize the way people approach their healthcare. I can’t believe the things we can do now. Technology has allowed us to work together simultaneously on almost anything from almost anywhere. This new software, Galaxy, has really helped my team collaborate more efficiently, while easing the task management burden on me. It’s an exciting time.
Looking through Jeffrey’s files on his home PC doesn’t yield much fruit. A few work files here and there but nothing that I need. He seems to have a file synchronization folder that is connected to his work, but it’s clearly an enterprise-grade sync application with security controls and permissions. It also looks like the files are hosted on-premise at O.X., instead of in a cloud. Not much chance of finding anything that way.
I turn to his email in hopes that he’s been sending files related to the new widget. This is interesting. There are zero attachments, just emails with links. O.X.’s IT team must have an encryption technology in place. Most of the emails are entirely made of links. On several, I can read the text of the email, it refers to an attachment, but there’s only the hyperlinks. I click into one link and I’m taken to a secure file transfer site and prompted for a username and password. I’m not going to get anywhere with this. Switching gears, I isolate the emails that were sent from mobile devices. They always forget to secure those. More of the same, just links and links and a few unencrypted emails with attachments. The attachments are worthless to me but I run my eDiscovery program to look for metadata that might be useful at some point. Every single email is completely free of metadata. Organization X is cleaning all metadata from all emails, even mobile device emails, on the outbound Exchange SMTP Gateway. For all you n00bs, they’re scrubbing metadata from every email on every device with a server-based metadata removal solution. I’m starting to get a little discouraged when, pwnage, an email without encryption sent to his wife from a tablet. Pay dirt.
It’s been a busy week at O.X. My team is just finishing the final touches on our presentation to the board of directors. If it goes well, our widget will be in production and available to the masses in just a few short months. I’m out of the office today, wrapping up some final details on pricing and I’d really like my wife to look over this summary document before the board sees it. She’s good at making sure my thoughts are coming across in a way that people, other than myself and my team, can understand. I accidentally left my cell at home and I’m running out of time. A quick email from my tablet, giving her my Galaxy username and password and which document to edit, should do the trick though.
Wow, I chuckle to myself. For a certified genius, Jeffrey sure is an idiot. I open the link in the email to the Galaxy collaboration portal and enter his username and password. Now all I have to do is find all the files on the widget, copy them to an external drive and it will be time for one of those drinks with a little umbrella it while relaxing on a beach somewhere. But, when I try to log in, I am prompted for a two-factor authentication token. You have got to be kidding me! This Galaxy software is set up to do something along the lines of sending a text message, with a code that expires in 60 seconds, to his cell phone that must be entered after the username and password.
The presentation to the board was a success! Production of the widget begins next week and I couldn’t be prouder of my team, and my wife for that matter. The edits she made in Galaxy to my presentation document really brought the point home to our CEO in a way that I would never have thought of. I’m a lucky man, and things are really going my way.
Now I’m pissed off. I’m going to have to go old school and that is risky. A quick anonymous call to a local Joe Schmo private detective and I’m having Jeffrey followed under the pretenses of discovering an extramarital affair. After a week, Joe Schmo reports back. Luckily, Jeffrey runs his life like a boring Swiss watch. The same routine day in and day out. He carries the same laptop case to his car every evening from work. On the same three days a week, he stops at the same gym and does the same workout routine for the same amount of time. Funny, no affair though. Half the time you find that too. I wait in the gym parking lot wearing dark pants and a dark hoodie. Nothing complicated about a smash and grab, but it’s got an unlimited amount of environmental unknowns. This is the part I hate. I move quickly, using the end of a spark plug to shatter the rear right window, grab the laptop bag, and I’m gone.
Well I was having a good week up until now. Someone broke into my car while I was at the gym and stole my laptop. I know I shouldn’t have left it in plain sight in my backseat, but this is a really good neighborhood and sometimes I just don’t think. At least all of my files for the widget are backed up in Galaxy. I wait for the police and fill out a burglary report. I’ll tell IT about it when I get to work in the morning.
I had thought it would take me part of the night to gain access to the laptop but, lucky for me, genius Jeffrey uses the same username and password for his computer that he does for the Galaxy software. I’m in. A folder named “Widget Research” right on the desktop, how convenient. I kind of feel like I’m opening a chest full of buried treasure as I click the folder open and hundreds of documents, containing thousands of pages of widget information, are immediately at my fingertips. I am alerted that a digital rights management software has a “wrapper” around all of the files. This could potentially restrict what files I can open, edit, copy, print, etc. It appears that Jeffrey has full permissions for every document. Finally, a bit of good luck. I was starting to feel a lot like Wile E. Coyote using fool proof acme products and falling flat on my face just inches behind oblivious Jeffrey as he zooms by with his work and a casual “meep meep.”
Cloning the entire drive, including the Widget folder, just to be sure, I make a quick call to my handler and a 9 AM meeting is set at a coffee shop down the street. I show up and he is already sitting in the corner with a laptop open. Without exchanging pleasantries, he extends his hand and I turn over the cloned drive. He connects it to his computer and the internal fan roars to life as thousands of pages of information load onto his screen. He smiles and presses a few keys before spinning the laptop around to me. I try to contain myself as I stare at a number with so many commas it barely fits on the screen and a flashing button that says “transfer.” My hand is literally trembling as I reach up. And, with one click, I’m rich.
Traffic is terrible this morning and I’m freezing to death because the plastic trash bags duct taped over my rear window are hardly satisfactory at keeping cold out or heat in. It’s almost 9:15 when I finally get into the office and I head over to the IT administrator’s office to let him know about my computer. He nods his head and pulls up the admin panel for the rights management software. Suddenly, I can’t believe what he is telling me. It appears that my entire file library was cloned to a separate drive during the night. Someone was after my team’s work. It had never occurred to me but apparently a strong network firewall is only the beginning of securing O.X.’s data. He tells me that about two-thirds of all breaches (64 percent) are actually due to internal causes, specifically human factors combined with system glitches. I feel terrible and he lets me sweat for a moment before laughing to himself and clicking a few buttons that lead to a pop up saying “access revoked.”
Walking away from the table at the coffee shop with visions of sugar plumbs and bugatti veyrons dancing in my head, I hear my handler say the only word I’ve ever heard him speak. “STOP.” I turn around and he is frantically clicking and typing as each file is closing down on his computer. One by one the access is being revoked. Impossible. I cloned the drive and he copied the files onto his hard drive. There is no way the rights management “wrapper” could still act on the files. He glares at me and stands as a black sedan pulls up in front of the shop. I get the feeling I don’t have the option whether or not to get in.
I really have to hand it to my IT guys. They really saved my butt and made it possible for me and my team to help a lot of people with the new widget. They had to have some help and I really wish I could personally thank everyone involved. I know I see the same puzzle looking logo on almost all of my non-Microsoft software. Well, there is work to be done and I’m sure that they already know.
Michael Susong is the Marketing Manager for Litéra Corp. based in McLeansville, NC. Michael has a B.A. from the University of North Carolina’s School of Journalism and Mass Communication. He has worked for Vail Resorts as a marketing coordinator, field reporter for “Another Heavenly Morning Show” on the Regional Sports Network and freelance writer for Demand Media.
Fresh Ink, SECURITY