On Monday July 11, the hacker group Anonymous announced that it penetrated Booz Allen Hamilton. See their post Here.
According to the post, the attack was easy and took only 4 man hours. It was easy because they managed to find a server with no security. After penetrating the network, they got passwords, sources and much more. Their best treasure seems to be a dump of roughly 90,000 military emails and password hashes that were not salted (non salted hashes allow for a much easier dictionary attack). Additionally, they found various information that will help them penetrate many other government agencies, federal contractors and various companies.
We would expect better security from Booz Allen Hamilton, and so did the hackers from Anonymous. But more troubling are the passwords and other credentials that were obtained that would allow penetration of many other networks with better security.
Hacking is like looking for a piece of string. Once you find a string, you start pulling on it, and it takes you wherever it takes you. Everywhere you get to, you look for additional strings to start pulling on that will take you to even more places. It is similar to an avalanche as every additional piece you get allows penetration of many other pieces.
There’s a common analogy saying that security is like a chain, and its strength is that of the weakest link. Unfortunately, it’s not only your chain that needs to be strong, but also that of everyone you’re associated with, everyone they are associated with, and so on.
In other words – you can be breached. If not due to your weak security, then because one of your employees uses the same password and it’s stored in another company that isn’t secured very well. And if all those are secured, than one of the employees in those companies might have a password in other places that are not secured. Sooner or later, those strings that hackers pull on will lead them to your network and they will find their way in.
If any security can be breached because hackers find passwords to your systems, there is only one option – monitor the activity of your users and look for the attack. Detecting the attack will allow you to stop it as well as handle the consequences. Knowing what was compromised and how is the most important aspect of handling an attack.
Focus your resources on the main information storage you need to protect like databases and big file servers. While hackers will always find interesting things inside your network, doing as they please inside your databases without anyone knowing is truly the worse case scenario. Blue Core Research specializes in Oracle database auditing to enhance your Oracle database security. Ask for a demo and see how we can help.