[ISN] AusCert 2010: Defence illusion hack rooted in reality

From: InfoSec News <alerts_at_private>
Date: Thu, 20 May 2010 00:35:39 -0500 (CDT)

By Darren Pauli
Computerworld Australia
18 May, 2010 

A government agency was almost crippled after an employee opened a 
Trojan-infected PDF file, exposing some 40 adminstration passwords to a 

That's the hypothetical scenario posited by a Defence Signals 
Directorate (DSD) cyber security technical investigations expert - who 
did not wish to be identified - speaking to the AusCert conference in 
Queensland this week. His job is one of response, where he conducts 
forensics on a compromised agency to reveal possible data loss or 
exploit methods used by hackers - essentially maintaining the latter 
part of the DSD motto "reveal their secrets - protect our own".

The scenario was complied from actual breaches and security incidents 
that the 24 x 7 DSD team had worked on. The fake agency, dubbed 
govtenders, had come close to suffering a catasophic breach after a user 
fell victim to a targeted phishing attack - something the agency sees 
often along with targeted attacks on client-side and third-party 

Once the rogue PDF was executed, the phoney attack could have exploited 
adminstration rights, made available by common and large-scale systems 
and network management tools like HP Openview, the DSD spokesman said.

"The point to take home is that if you are running on one machine [both] 
local adminstration rights and domain adminstration on a management 
agent, you're stuffed," the DSD spokesman said.


Best Selling Security Books and More!
Shop InfoSec News
Received on Wed May 19 2010 - 22:35:39 PDT

This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 22:43:40 PDT