Wednesday, January 25, 2012

Nitro

It has been more than 2 months at the cert. My first task was making a report about what was by Symantec called the Nitro case.

Usually I will not blog about this but I learned a couple of valuable lessons.

The first thing about this case was that social engineering was used and this is a real life proof that it is used out there. Awareness training is a hard but necessary thing. I admit I have no easy solution but I guess that starting with explaining to people what it is might be a good thing. I listen to the SE podcast and one of the items they had on the show is actually ITsec setting up a fake website and sending out email with a link and see how many people can be tricked. It is something worth considering I think.

The next thing I learned is that the modus operandi was that all data was gathered and staged on internal servers. It made me think of a DBA problem. A lot a the customers were not monitoring their servers and network. When you know your hard disk space changed over a couple of nights from x% to z% when you were expecting y% a series of bells should go off. The same thing on the network, the traffic on systems should be predictable. Although we have this technology it is not easy to implement and it will not stop the attack, you will only discover it.

Finally I think the most important lesson is that it can happen to everyone.