Back in my days of running my Managed Service IT business where we managed hundreds of computer networks for clients across the nation, I used to tell a story of the importance of holistic security. We would setup servers and routers behind firewalls and keep the systems updated and patched and as secure as possible within the budget of the client. All of this was to protect client networks from attacks via the Internet or internally or with spoofed Wi-Fi.
But then I read about an incident in the US where a small group of men posed as a cleaning crew and entered an office during the late afternoon. They went about their cleaning activities raising no suspicions. When all the employees went home, the ‘cleaners’ entered the server room and physically removed all the servers from the server room and left the building with them!
The hacking attempts on Australia’s major political parties is one that should send shivers down the spines of all Australians as a potential attack on our democracy. It is generally accepted that the US has Trump instead of Hillary as President due to hacking of Democratic Servers and ‘spear fishing’ e-mails. This then allowed a systematic release of false information combined with confidential documents into the American information ecosystem in the lead up to the election.
There are a number of methods that hackers use to interrupt normal operations for a business or political party and many are much easier than gaining access to the actual servers. Denial of Service (DoS) attacks can flood a server with so much information that it renders it all but useless. Staff could leave a notebook in a café while they pay a bill and cookies can be stolen before the staffer returns – which would effectively hand over a number of passwords and usernames. E-mails can be sent with ‘urgent’ information that needs to be opened – which installs keylogger software which sends a hacker every keystroke typed in to a PC. During the course of just a few days, that would effectively include most passwords used to gain access to resources on a server. In the movie about his hacking activities, Edward Snowden would always cover the camera and microphone on his PC to physically prevent eavesdropping. As much as we think of hackers running brute-force algorithms and lines of text whizzing down a computer screen, it is sometimes the simple items that users forget. How many homes have smart TVs and smart home devices such as an Amazon Echo or a Google Home Mini? I am sure hackers would find it easier to eavesdrop via some of these devices to a home of a government employee than target a server of the Australian Government.
There are approximately 14,485 nuclear warheads in the world but the next world war may not be fought on battlegrounds by troops with guns. Governments are employing skilled computer technicians to attack the networks that make societies function. Keep that in mind when you next type in a password of 12345!
Mathew Dickerson