Armed Polite Society
Main Forums => The Roundtable => Topic started by: Lee on October 27, 2011, 08:18:17 PM
-
Does anyone know what this hack involved? The company I work for is one of the companies hacked.
http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/index.htm?hpt=hp_t2
-
Does anyone know what this hack involved? The company I work for is one of the companies hacked.
http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/index.htm?hpt=hp_t2
This is why decentralized security is good. Any centralized service will attract attention. If you host one web site, you have one web site that can be compromised. If you host ten thousand web sites, you have a LOT more folks looking at you.
-
I guess what I'm trying to understand is- what was gained by the hacker -and what was potentially compromised at these companies and organizations?
I've noticed over the past 6 months or so, that I've been getting a lot of spam on my work email. They used to block all of it. I get more now in a week than I used to get in a year.
I assumed it was due to the "do more with less" focus that we live with now. Is it possibly related to this?
-
I keep seeing this thread title and thinking it pertains to a political figure. :P
Hackers hack for fun, leverage, marketable trade secrets, infrastructure control, revenge, or a combination of these. Some people take up lockpicking as a hobby. Some people juggle geese.
-
I guess what I'm trying to understand is- what was gained by the hacker -and what was potentially compromised at these companies and organizations?
I've noticed over the past 6 months or so, that I've been getting a lot of spam on my work email. They used to block all of it. I get more now in a week than I used to get in a year.
I assumed it was due to the "do more with less" focus that we live with now. Is it possibly related to this?
Money or lolz usually.
If they're going after corporations, they want to steal something worth money. Bank accounts, credit cards, personal information, etc. Don't forget that organized crime got in on the ground floor with the illegal and destructive variety of hacking. PRC followed suit quickly.
Most spam these days comes from botnets. Previously viruses were just random destructive programs. Those still exist, but the majority of newer viruses are not really viruses but small relatively discreet nodes in an often sizable array of other nodes. They can be multipurpose (spam drones, DDoS nodes, a mini Tor network) but usually they're single purpose.
The more modern botnets are actually quite well designed. You have a very large number of drone nodes, controlled by a secondary tier of command and control nodes with obvious heavy redundency. You can't take out the botnet by taking out even a large percentage of the command and control nodes. Communication is encrypted. The botnet operator doesn't have to contact all the nodes, just a handful of command and control nodes. The commands are passed laterally and down.
Spam traffic can widely vary depending on the number and size of botnets operating at any given moment.
-
I guess what I'm trying to understand is- what was gained by the hacker -and what was potentially compromised at these companies and organizations?
Passwords, basically. RSA makes (made) this multi-factor authentication thingy that you put on your keychain. It's like a little watch that displays a number that changes every couple of minutes (you can order something similar from your bank). So when you go to log in to whatever, the system demands that number to let you in. The provider has a device in their datacenter that was pre-synchronized with your keychain device so it knows what it should be. The RSA hack involved an attacker stealing RSA's database of the seeds for generating the numbers, so an attacker can now guess what the number on your keychain thingy is going to be.
It ia basically universally accepted that it was a quasi-state-sponsored Chinese attacker, so they were aftrer money, secrets, prestige, basically anything you can think of.
-
It ia basically universally accepted that it was a quasi-state-sponsored Chinese attacker, so they were aftrer money, secrets, prestige, basically anything you can think of.
Thanks! No problem then...the company I work for already gave them all of those I think. >:D
-
the company I work for already gave them all of those I think.
Mr. President?
-
As-Salam Alaikum