Deceptive Duo Preys On Poor Security Practices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
5/3/2002
02:20 PM
50%
50%

Deceptive Duo Preys On Poor Security Practices

But some say their hacks may not get the attention they're hoping for

Most cyberattacks could be avoided if companies paid closer attention to IT security and learned from past mistakes. That's the message conveyed by Gartner research director Richard Mogull in a security report published last week that quickly got the attention of two hackers who call themselves the Deceptive Duo. The pair, who've spent the past two weeks breaking into government and other critical infrastructure networks and defacing Web sites in the name of "national security," promptly set about defacing a Gartner Web site maintained by an Australian hosting company.

Targets of the duo have included servers from Sandia National Laboratories, the U.S. Geological Survey, and Bottom Line Technology. The hackers generally exploit known vulnerabilities and administrative mistakes to get into the networks. Such attacks would be harder if organizations maintained better security policies and procedures, but that doesn't seem to be happening: The Gartner report predicts that about 90% of cyberattacks through 2005 will continue to exploit security flaws for which fixes or preventative measures exist.

Security professionals agree that the problem is widespread, even if they don't like the tactics the Dynamic Duo uses to call attention to the issue. "This is illegal and these guys should be thrown in jail, but it does show a kind of malaise out there when it comes to security," says one security professional at a large financial-services company who asked not to be identified for fear of becoming their next target.

Earlier last week, the pair hacked into a server at the U.S. Geological Survey, posting a screen shot from a USGS database that included employee names and passport numbers. A spokesman says the employee data had previously been stored on a protected system, which was then reassigned as an unsecured print server, but that the employee information was never cleaned off the hard drive. The Gartner report cited poor security governance as one reason organizations are vulnerable to cyberattacks.

The pair also defaced a number of regional banks' public Web sites, which primarily included marketing materials. They apparently used a remote-management tool to gain access to a Microsoft Internet Information Services server run by ibanks.org, which hosts the banks' Web sites, says Robert Alsbury, owner of Bottom Line Technology and co-founder of iBanks Inc. In addition to the defacement, the pair got their hands on a small data file holding the names and Social Security and checking-account numbers of 18 people who participated in a trial Web-payment system that ibanks.org was floating.

William Crowell, president and CEO of security firm Cylink Corp. and former deputy director of the National Security Agency, says such actions may not have the effect the hackers say they want. "Yes, it does increase the awareness of certain net admins and CIOs," he says, "but I don't think it's getting the attention of CEOs and boards, who are focused on business performance and revenue production."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll