“Whether it’s an insider attack or someone coming from the outside…at the end of the day, they are always leveraging the same types of known vulnerabilities”, Bosnian, who is Cyber-Ark’s executive vice president of Americas and corporate development, told Infosecurity.
Bosnian cited the case of David Palmer, a former employee at defense contractor McLane Advanced Technologies, who broke into McLane’s servers and deleted payroll files of a McLane customer in retaliation for being fired and not receiving help from the company in filing for unemployment benefits.
Palmer, a former IT administrator with McLane, pled guilty last week to computer hacking charges in US District Court for the Western District of Texas. Prosecutors alleged that Palmer set up a backdoor user account called “Palmer Lt” before being fired by McLane at the end of 2009, according to a report by TechWorld.
Palmer used that account to get access to McLane’s computer system and shutdown the server that hosted the payroll system of Lone Star Plastics, a McLane customer. He was able to access that account from a variety of locations, including WiFi networks at the Bikinis Sports Bar and Grill and Buffalo Wild Wings in Texas.
“David Palmer had a backdoor account that he had created….If you look at what he did internally, shutting down the servers that were hosting the payroll systems, that’s not something a normal end user could do. You need to have privileges or have the admin account to those systems in order to do that”, Bosnian said.
To prevent these types of attacks, Bosnian advised companies to “know where your privileged accounts are…and make sure you have them locked down, number one. And number two, if you let someone go, you need to make sure you de-provision them from their systems and from being able to gain access from the outside world”.
Bosnian cited the incident of a former Unix computer programmer who worked under contract with Fannie Mae as another example. The programmer, Rajendrasinh Babubhai Makwana, was convicted last year of planting on Fannie Mae’s network a malicious script embedded in a program in retaliation for being fired.
According to the FBI, Makwana used his access to Fannie Mae to plant a malicious script that was designed to destroy all of the mortgage lender's data, including financial, securities, and mortgage information. The script was discovered by a Fannie Mae engineer before it was able to execute.
“Different name, different target, same basic scenario, and what is the commonality behind it, the same basic vulnerabilities being leveraged by these people: external access still existing, powerful internal access still existing, no tracking of powerful usage internally. And you leave yourself open to these kinds of attacks”, Bosnian cautioned.