http://www.thestar.co.za/index.php?fSectionId=225&fArticleId=2973225 By Jacques Wessels October 30, 2005 Can the government IT systems be hacked, broken into and information stolen or planted? The answer is yes. It is a fact of life in the IT industry that there is no such thing as a secure network. IT systems and networks can have a high or low level of security, but the perfect impenetrable network does not exist. Is it a trivial matter to break into government systems? This is a question that needs deeper understanding. The government.s information security policies are modelled around the BS7799 standard, which is an internationally recognised benchmark for information security around the world. But the problem comes with implementing those policies. On October 10, it was reported that government websites were repeatedly hacked into by a group calling themselves the "Beyond Crew". Technical personnel fixed their web servers only to have them hacked into again by another group known as "BHS-Team". These systems were built on platforms generally regarded as very secure. A hacker is a person with very good technical computer skills that uses those skills to gain access to computer systems. As is the case with web servers, the reason is often a form of prestige within the hacker community on being able to gain access. How does all this tie into the current saga between Minister Kasrils and the NIA on claims of stolen e-mails? The NIA claims an .agent. either intercepted the e-mails or fabricated them. For a more objective opinion, it would be useful to bring certain events into focus. Deputy president Phumzile Mlambo-Ngcuka's laptop was recently stolen. It is alleged that presidential legal advisor Mojanko Gumbi's laptop was also stolen. Government websites have very recently been hacked and defaced, and now there are supposed e-mails of a sensitive nature doing the rounds. If indeed the laptops had been acquired by someone with the correct level of technical skills, it would be a fairly routine exercise to find and interpret sensitive information. The e-mails may well have been obtained from the laptops themselves. If the laptops are not to blame, that leaves the possibility of an agent breaking into the government network. This may sound easy, but a high level of technical expertise is required for this. Government networks use devices called firewalls to enforce computer security policies. A firewall is a device that makes decisions on which users from the Internet may access a protected network. A hacker would therefore have to compromise the firewall security to gain access to the internal government network. This is a very complex task since firewalls are explicitly designed to stop this from happening. It is however not impossible, and there are many companies that get hacked despite their state-of-the-art firewalls. The question is whether your security policy is smarter than the hacker you are trying to keep out. Government has a fairly smart policy and if implemented properly, there is a far more likely scenario. According to research on security in the computer world, the weakest link is the human one. Couple this with the fact that more than 70% of information security breaches occur from within the organisation, the most likely scenario is that someone already inside the government computer network gained illegal access to information. Once a hacker has physical access to a network, the picture changes dramatically. The exercise of stealing data and breaking into computer systems becomes a trivial exercise. Computer networks and computer systems can be compared to a noisy bar and its patrons respectively. It is easy to .tune. into a single conversation at a time . a conversation meant for your ears, but it is also possible to eavesdrop on other conversations. Eavesdropping on network traffic such as e-mails and chat room conversations is called "sniffing" in hacker terms. Some forms of sniffing attacks allow a hacker access to data even on switched networks by inserting the hacker.s computer between two communicating computers. These attack methods are known as "man-in-the-middle". They can also allow a form of digital impersonation called "spoofing" where the hacker can send e-mails that look like they came from another person. One important point remains. Even though it is entirely possible to obtain information such as e-mails, the hacker will always leave some kind of trail. Every web page, phone call, e-mail message or even chat room conversation can be traced, intercepted or monitored. Without exception. This is also true of government systems and will prove to be critical in finding the truth. If the e-mails did originate within government then log files will exist, and if proper forensic investigation is conducted, then it should be possible to trace their origin. -=- Jacques Wessels is a computer science lecturer in the Engineering faculty at the Nelson Mandela Metropolitan University _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 31 2005 - 04:33:26 PST