Monday, October 26, 2009

Manic Monday

What vital IT threat should I cover today? The latest email scam riding the ether is an e-mail pretending to come from the FBI or the Homeland Security department. It has various topics and contents. But they all include an attachment that is a malware, which will search through your computer looking for financial information, and will install a key-logger on your system. Your first suspicion should be to ask "Why is the FBI sending anything to me?" They won't. Unless you belong to a law enforcement department, and even then it's not likely. Please avoid the temptation to play Sherlock, and just delete it. The feds are already aware of this one. But if you would like to read something from the DHS, then by all means go here.

Do you recognize this little Gizmo? It has become ubiquitous in the IT world. They are relatively inexpensive, come in many sizes and shapes, will fit easily in your pocket and look like they belong in a 007 movie. They are just like bad advice; everybody has some. In fact they are so common place that most people are not suspicious of them.
However, not everyone shares this open trust. And rightly so. They are great for students to carry homework back and forth to school. And for people who want to bring work home and finish later. Unfortunately School computer networks are notoriously insecure. And these little FOBS can transport infected files everywhere they go. So when Junior brings his term paper home to work on over the weekend, he leaves something nasty on the PC that you are using to finish the cost analysis spreadsheet for your CFO. So the virus that was on the school's library computer last Thursday is now on the Corp Financial Officer's PC, today.
Sound a little far fetched? In my work I have actually had this very scenario play itself out. But this little tool has a far more sinister element. They can actually be configured to be a boot device.
Lets play a scenario. The year; 2009. The place; a corporate office in a large metropolitan area of the US. The players; CEO of the corp. And a young, hyper-intelligent IT specialist from the help desk.
The day starts like any other work day Friday. Except the CEO can't get into the secure server to retrieve files needed for the Board of Directors meeting tonight. The CEO 's admin assistant calls the help desk, all the triage questions are bypassed and an "Immediate Urgency" trouble ticket is issued. Since this is the CEO, the help desk assigns the best tech they have to the job. Credentials, degrees, and numerous accolades for superior performance of duty. The tech gathers the tools to get the job done and heads for the front office. The CEO is off to a downtown meeting, so the Admin Assistant allows the tech into the bosses office. The assistant was making online reservations for the bosses vacation plans next week, so he leaves the tech alone in the office.
The astute technician quickly discovers from the less than cryptic error message, the user permissions had been revoked from the CEO's account. Probably one of those silly jerks in the SYSADMIN group did a fat-finger on the keyboard yesterday. No time to wonder why? It's a case of do or die. The tech quickly restores the user access permissions to the CEO's account. But the only prudent thing to do is verify the access is working. So she uses the CEO's login to access the secure server. His corporate files are visible and the names of the files are very interesting. Especially the one named "LAYOFFS."
Temptation becomes desire. The consequences are weighted. She was logged in as thec CEO. So the file's access would show the CEO as the last opener. But the time/date stamp showed the file was last closed yesterday. If she opened it now it could be traced to her quit easily. So out comes the trusty thumb drive. It is attached to the lanyard hanging around her neck. She loads the drive into the USB slot and decides to take the contents of the entire directory. 7 Gig in all. There is plenty of room on the 16 Gig thumber. Wait! Someone might notice a trafic flow that big on the highspeed ethernet. But it's only 7:47 AM. Th network engineers are still in their daily morning meeting. And the only security guy here this time in the morning is out back smoking a cigarette. In fact he'll be there until 8:05 when the CSO shows up as per his ritual.
Seven minutes later Shelley the IT tech is back at her desk, with a copy of every file in the CEO's private directory. She opens the LAYOFFS file and third from the top, is her name. Now she feels justified for taking the other files also. Plus this explains the HR appointment on her calendar set for 3:00 PM today. Time is short. If she's being fired this afternoon, she has a lot of work to do.
These little tools pose such a serious security threat, many companies have forbidden their use. Some have taken a more drastic step, and have filled the USB slots on corp PCs with epoxy. There is another possible threat. If you use one of these little gems, besure to safe guard it. There are a couple of companies that manufacture secure thumb drives. But they are quite expensive and won't be found in the local Walmart. In many instances the data housed on a computer is far more valuable than the computer itself. If the data is placed on a device the size of your thumb, I don't need to go anywherenear your PC to steal its most valuable commodity.
'MEMER THIS: Security is inconvenient by its nature. And any new convenient device is bound to open a plethora of security issues.


2Thinks said...

Interesting. I thought a lot of college kids used these quite regularly. I think my son did. Maybe they don't anymore.

NicNacManiac said...

Scary...I can see this happening quite easily. We really do trust these IT helpers with our life and maybe we should monitor what they are doing....we are only human afterall and sometimes we forget that curiosity killed the cat. Great advise, really makes us think!! xOxO

Kelly Combs said...

Wow - you are a wealth of information. Very interesting!

Edie said...

What a story. So did she sabotage something before she was laid off or did she come to her senses? You really need to think about who you're trusting and with what information.

Great information, and I learned something too! :)

You changed from blue to yellow. Getting ready for fall huh?


Shonda said...

Wow how times are changing so quickly. Great to be aware of the little things that can cause havoc.

Amber said...

"Security is inconvenient" ... good reminder. We really want it both ways don't we.