IT Security Rewind – Week of November 14, 2011


by Josh Arrington

The Thanksgiving holiday is a great time to reflect on the things we are grateful for in IT security like data protection, fraud prevention, identity management and other preventative approaches. Here’s our look at the biggest stories of the week, where those approaches may have failed. IT teams take note, don’t let these headlines ruin your turkey dinner:

From Russia, with No Love: According to reports from Wired and CNET, hackers from Russia were able to destroy a water pump at a utility in Illinois by hacking into their SCADA system. This is a disturbing attack, as the hackers apparently breached the network of the company that made the SCADA system, stealing customer usernames and passwords. Worse—this appears to be very similar in scope and process to the recent RSA breach, and it also highlights to continued vulnerability of SCADA systems to these types of attacks (and the importance of controlling privileged access points and hardcoded passwords).

No Safe Space: Details are just beginning to form surrounding new of a Romanian hacker accused of hacking into NASA beginning on Dec. 12, 2010. Authorities claim that the hacker was able to obtain unauthorized access to protected data—an indication that abuse of privileges may have occurred. The hacker, who ended up destroying most of the data, was arrested and charged with multiple crimes.

No One Loves the IRS, Especially the GAO: In broader security news, the Government Accountability Office (GAO) has blasted the Internal Revenue Service (IRS) for failing to implement stronger security measures after numerous reports regarding organizational weakness in internal control over information security. The GAO takes particular exception to the IRS “deficiencies in its controls over access to the automated systems and software applications” and other weaknesses that “increase the risk of unauthorized individuals accessing, altering, or abusing proprietary IRS programs and electronic data and taxpayer information.” If the details are true, it’s quite evident that the IRS is not effectively and proactively managing privileged accounts and identities.

That’s our news for this week—let us know what we missed, and what you are, or aren’t thankful for in the realm of IT security!

Leave a Reply

Your email address will not be published. Required fields are marked *

You must be logged in to post a comment.