Over the last six months the name Edward Snowden has appeared in the news almost daily. He’s popped up in articles about the US government, the National Security Agency (NSA) and the CIA.
Reports even suggest that he’s received death threats from senior US officials. So, what exactly did Mr. Snowden do to become public enemy number one?
Basically Snowden is the world’s most famous rouge employee. He’s a former NSA contractor who stole highly secretive information and disclosed it to the media. And the ramifications of his actions seem to have no end.
Obviously the case of Edward Snowden is extreme, but employees going rouge isn’t all that uncommon. This means that companies need to ensure that privileged accounts – the “keys to the IT kingdom” – are secure and all passwords are kept up-to-date.
Large organizations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts. They can then anonymously access and extract an organization’s most critical data using these common attack vectors:
I. Shared Accounts – Looking to cut corners and make things simpler, systems administrators often re-use the same password across multiple systems and among multiple administrators. This is convenient for the IT staff. However, if a hacker or malicious insider can get hold of this common, shared password, he’s just gained access to systems throughout the network.
II. Storing passwords on a spreadsheet – Similar to shared accounts, one seemingly easy way for an IT team to keep up with all the administrator passwords they need for their jobs is to store them on a spreadsheet accessible to the entire IT group. It seems easy, but how can you track who is accessing these critical passwords and what they’re using them for?
III. Don’t touch it and it won’t break – Large organizations have many specialized passwords called service or process account passwords. These are used in services, tasks, COM applications, IIS, SharePoint and databases. They’re difficult to find and track, so these passwords often remain unchanged. But even if the IT staff does try to change them, the change can potentially result in system crashes and downtime. So, why bother, is the common attitude. At least until one of these old, static passwords falls into the wrong hands.
IV. Social exploits – A seemingly innocuous email might actually be the finely crafted work of a dangerous hacker. A privileged user inside a corporate network who clicks the wrong link might unknowingly be giving a hacker elevated rights into the network. Similarly, a clever hacker might be able to simply convince an unsuspecting user into revealing his password or install a flash drive with harmful payload.
V. Brute force – This old school model of hacking involves tools commonly available on the Internet called “rainbow tables” that let hackers quickly break weak passwords and gain access to the network.
VI. Application exploits – Organizations that fail to stay up-to-date with required security patches to their Internet-facing applications are in for a rough ride. Published and unpublished exploits to Web services software, database platforms, and a host of other applications can give hackers control of your data.
VII. Former IT Admins and Contractors – Former employers and contractors often leave their jobs with their privileged account passwords remaining active. And that’s even long after the termination of their employment. So just because someone is no longer employed doesn’t mean he can’t still access his former systems and wreak havoc.
VIII. Default passwords – Many hardware devices, applications and appliances – like firewalls and UTMs – come pre-configured with default passwords that are publicly known. If these default passwords aren’t changed, they’re an easy access point for a hacker.
Once Privileged Access is Obtained
Once a hacker accesses a password through one of these internal or external attack vectors, the intruder can leapfrog from system to system. He can compromise privileged accounts throughout the organization until the IT infrastructure is mapped and its most valued information can be extracted at will.
Securing Privileged Accounts
With automated privileged identity management, privileged accounts are located, provided with unique, complex and regularly updated credentials, and access is delegated and audited.
This means that even if one privileged password is somehow decrypted by a hacker, his access is only temporary and can’t spread beyond that single account. Thus ensuring that your highly critical IT assets remain locked down.
Want to learn more about privileged account security? Follow us on Twitter.