15 April 2008
After many years in the IT industry I’ve discovered a hacker needn’t be the stereotype we expect. According to the FBI, the most common hacker is probably sitting in the cubicle next to you, right now. This is someone who gets to work early, takes his or her turn cleaning out the office fridge, tells funny stories at lunch and, at some point, makes a stupid move. It often starts when the hacker-next-door sees a file directory or workstation that’s just too juicy to pass, like one named "salary comparison". It’s simply too tempting not to peek inside.
Curiosity is one scenario motivating the most common hacker. Another is revenge or industrial espionage. What organisation has time to do professional, in-depth background checks on every temporary IT consultant? Often this part-time help is called on when times are hardest and corners are cut. The result is that people get easy access to the most sensitive and otherwise impenetrable systems.
No matter what the reason, internal attacks make up 70 per cent of all security breaches, according to the FBI. The next question is, how do these attackers get access to critical systems?
Once that hacker-next-door decides to break into a target system, their next stop is a search engine. A few key words later and anyone can discover that the most common – and effective – type of hack is to become what’s called a "script kiddie". Script kiddies use default lists of privileged passwords, or the super-user/administrative codes built into every piece of hardware and software.
Let’s turn back to our hacker-next-door who wants into the "salary comparison" workstation. They don’t know who owns this workstation, but they can search to find what the default administrator passwords are for the machine they’re working on. According to a recent survey, 20 per cent of all workstations have an administrator ID that’s still set to the default password. If the built-in default doesn’t work, the would-be hacker might try some simple passwords like CompanyName123.
Once the hacker enters a target system with a privileged password, they now have more access to data than the system’s legitimate users.
This begs the question of why enterprises leave their privileged passwords, the keys to their kingdom, open and unmanaged? The reason is simple: manually changing these codes is extremely time-consuming, so these back doors generally stay open. Visit professional hacker sites and their biggest complaint about script kiddies is that once the amateurs do something flagrant with privileged passwords, these wonderful secret passages into a company’s data get closed to the professionals.
Of course there are automated ways to securely change privileged passwords by managing them in digital vaults which tie an individual ID to a shared one. This software is now being used by many security-savvy enterprises around the world. However, until these solutions become standard tools in most enterprises, I’d keep a close eye on the folks around you. You never know who is privileged to your information!
Calum Macleod is western European director of Cyber-Ark Software
