Search This Blog

Tuesday, August 23, 2011

Notes from the World of Hacking...

Shionogi, a US arm of a Japanese pharmaceutical company with offices in both New Jersey and Georgia, was hacked by Jason Cornish, 37, a former employee. Cornish delete some 15 virtual servers containing all sorts of important company data, i.e., email servers, etc., after resigning from his position over a dispute with a senior manager.

The cost of the damages was over 1/2 million USD.

Cornish attempted to disguise his actions by performing the hack from a local McDonalds offering free WiFi.

Unfortunately Cornish forgot one thing - don't pay with your credit card if you're up to no good.

According to this court document (PDF) Cornish had purchased $4.95 worth of food just prior to his attack.  FBI personnel were able to link Cornish via Web Logs, a gmail account, the VISA number on his card, and IP of the McDonalds.

But McDonald's and its free WiFi aren't the only nexus of hacking in your neighborhood.

Recently, at the  recent Black Hat security conference in Las Vegas, it was revealed that medical devices like insulin pumps and blood sugar monitors which use wireless controllers are vulnerable to hacking.

Jay Radcliffe, a security research who also has diabetes, was able to show how to wireless access his insulin pump and sugar monitor - controlling how much or how little insulin in produced as well as controlling what information was displayed regarding the state of his insulin.  Radcliffe could even make the pump show that it was providing insulin when it was not and show that it was not providing insulin when it was.

In the case of Radcliffe the pump and monitor were controlled by a wireless remote which was easily reprogrammed using a USB interface.

At the end of the day computers and computer security are only about as reliable as the people who run them - you can have all the unbreakable encryption in the world but if you leave the key lying around on the desk someone will steal it.

No comments:

Post a Comment