Tuesday, June 14, 2011

Spear phishing or hacked fobs suspected in IMF attack



Paul Marks, senior technology correspondent
Entrance to International Monetary Fund building, Washington DC (Neil Overy/Gallo Images/Getty)
IMFhacking.jpgA cybercrime technique known as "spear phishing" may have been used to launch a massive cyberattack on the International Monetary Fund (IMF).
The organisation - still reeling from the arrest of its director-general on sexual assault charges last month - has suffered what the New York Times calls "a large and sophisticated cyberattack whose dimensions are still unknown".
It is not yet clear what documents and emails were stolen from the IMF. But the organisation stores highly confidential data on the parlous fiscal state of many nations - and such information could be highly valuable to an attacker wishing to sell it on. The FBI is investigating.
Rumours abound online about how the IMF attack may have been affected. One possibility is that the attack started with with a "spear phishing" exercise - while others suggest a possible (perhaps additional) role for the keyfob tokens that security firm RSA has admitted were recently compromised by hackers - and which it is replacing.
In a spear phishing attack, staff at an organisation are individually targeted with emails that attempt to exploit their interests or home/work contacts - in the hope that they will either reply with more useful information aboout themselves or open an attachment containing a data-transmitting virus. This attack route looks possible since on 1 June the IMF's IT department reportedly emailed all staff warning them not to open emails and attachments from unknown sources.
Meanwhile, RSA keyfob tokens generate a pseudo-random number that changes every minute. The number is used alongside a permanent PIN to authenticate computer users logging on to a network. But spear phishing attacks can help attackers guess this PIN. Lending credence to this attack theory, the IMF is said to have emailed staff on 8 June saying it intended to swap out all the RSA keyfob tokens they were using.
In recent weeks, major league firms like Sony, Lockheed Martin and L-3 Communications have suffered similar cyberattacks, seriously denting public perception of the ability of big business to build secure computing systems.

0 comments:

Post a Comment

 
Design by Wordpress Theme | Bloggerized by Free Blogger Templates | coupon codes