Warning: Simple Steps to Breaking the Security Perimeter and Unlocking the Keys to the Corporation

Watch out! It is amazing how simple it is to break into companies and steal all their data. This story "Anatomy of a Break-in" details how easy it is by profiling "step-by-step" how Ira Winker and his team were able to compromise all the critical systems within two days including having the ability to steal sensitive information and threaten the entire IT infrastructure of a business.

I recommend you take a moment to read the piece where I have highlighted a few extracts:

- "We uncovered information about the company's generic technical architecture by looking at trade Web sites and postings the company's IT staff had made to newsgroups."
- "Our search turned up more than 100 Web servers, though the IT staff had figured there were fewer than a dozen."
- "As happens in about half our reconnaissance efforts, we found evidence of illicit employee activities."
- "...found that the system was logged on as the administrator. He quickly opened the User Administration tool and added a new user to the system, then added the user to the Administrator group."
- "Jeff and Kevin identified the CEO's and pulled up his password. They logged on to his account. They also learned the CEO's secretary's name and pulled up her account."
-" We acquired information critical to the company's success, such as financial information, key project status, multibillion-dollar proposals, and other insider information. We also accessed information that could have compromised the CEO's personal safety.."
-"We eventually got the admin accounts for the Unix network. This, of course, provided an immense amount of engineering and project data."

We invite you to share your security stories with us here or send me an e-mail at sibaraki@cips.ca.

Thank you,
Stephen Ibaraki

Comments (2)

  1. Barnaby_Jeans says:

    When this post was initially published, the link to the anatomy of a break-in article was incorrect.  This is now fixed with the correct link (http://www.securitypipeline.com/showArticle.jhtml?articleId=177100480&pgno=1).

Skip to main content