Anonymous Hacks FBI Conference Call On Cyber Pirates
The group posted a 16-minute recording of a call in which U.S. and foreign law enforcement officials discussed two alleged teenage members. Officials are calling it a “low level cybercrime” but the call could have been about how to thwart a plot to blow up an airplane or even how to capture Bin Ladin.
Security pundits believe that an email to one of the call participants was intercepted by Anonymous and they simply dialed in. The FBI claims that one of the email recipients forwarded it to Anonymous. No matter how it happened, it’s easy to laugh and say that law enforcement is stupid, but the truth is that many organizations are being targeted by advanced persistent threats (APT), and your organization may be one of them.
And not only are your organization’s computers and networks being targeted, but if you are on someone’s hit list, your employees’ home networks and computers are probably being targeted as well.
I discussed some ways to help mitigate an APT against your company in this blog post but wanted to reiterate how easy it is to use commercial off the shelf (COTS) encrypting USB devices from SPYRUS to protect confidential information. While this may start sounding like a commercial, I swear that it really isn’t and there are concrete actions below that you can use to protect your confidential information.
The SPYRUS Hydra Privacy Card® (Hydra PC™)
Hydra PC combines the features of a smart card (certificate storage and signing) with an encryption engine and a USB flash drive. But unlike other encrypting USB flash drives, Hydra PC can:
- be configured to work only on specific PCs so that it cannot be unlocked anywhere else
- encrypt files that can be stored anywhere, not just on the drive
- share encrypted files with specific individuals using public key infrastructure (PKI)
Now let’s look at this specific Anonymous hack again and see how it might have been prevented. The below steps are for the ultimate in protection. Confidential information can be encrypted and decrypted on your internet-connected PC if you are certain that it is not compromised.
- Hydra PC devices are assigned to employees of the FBI and other law enforcement agencies.
- Security administrators configure PCs that are authorized to be used with the Hydra PC device. The Hydra PC device cannot be unlocked on an unauthorized PC, preventing data leakage.
- Authorized users insert their Hydra PC device into an authorized PC that is connected to the Internet and email their sharing certificates to all other parties. This is similar to the way that you would send email certificates or PGP keys to other users before you can receive encrypted information from them. Interception of a sharing certificate is useless, but it can be sent “back channel” if desired.
- An FBI employee sets up conference call and creates a document with the conference call information on a PC that is not connected to the Internet.
- The employee inserts their assigned Hydra PC device into the PC, authenticates to it, and encrypts and signs the Word document, incorporating the sharing certificates from only the authorized recipients of the document, and placing it on the Hydra PC flash drive.
- The employee disconnects their Hydra PC device from the PC.
- The employee connects their Hydra PC device to a computer that is connected to the Internet, authenticates to it, creates an email to all of the authorized recipients of the document, and attaches the encrypted document.
- Recipients insert their Hydra PC device into an internet connected PC, authenticate to it, and copy the encrypted document from the email to it.
- Recipients then move their Hydra PC device to a PC that is not connected to the Internet, and decrypt the document to gain access to the information.
This method may take a few extra steps than simply sending an email around, but if the information is truly confidential, then it’s worth the extra time. And unless you have a mole either creating the document or on the recipient list, the information is safe from disclosure because the file is never in a decrypted state on any PC that is connected to the Internet.
Additionally, a forwarded copy of the document is useless without a Hydra PC device that is on the authorized sharing list to decrypt it.
The use of Hydra PC encrypting devices is not limited to government or law enforcement – it is available to US residents directly from Amazon and as long as you aren’t’ in a restricted country, everyone else can buy directly from SPYRUS or a reseller.