Simply Security - News, Views, and Opinions from Trend Micro

Posted on July 5th, 2012 in Current News, Internet Safety by Simply Security | 1 Comment | Tags: Current News, Internet Safety

When it comes to supercomputers and state-of-the-art technology, the federal government is ranked as having the No. 1 machine in the entire world.

When it comes to supercomputers and state-of-the-art technology, the federal government is ranked as having the No. 1 machine in the entire world. Getting access to its inner workings should be impossible but one hacker proved recently that data security, no matter the scale, is never completely impervious to attack.

Stemming the flow

PCWorld reported that a Pennsylvania man, Andrew James Miller, was able to gain access to the fifth largest computing facility in the world, the National Energy Research Scientific Computing Center (NERSC), and was attempting to sell the information he uncovered there for $50,000. The center conducts scientific experiments and studies regarding high energy, nuclear and biological research, among other topics. It also is a leader in the quest for a fusion and alternative energy solution.

Fortunately, one of his contacts turned out to be an undercover FBI agent, but serious data security problems could ensue at the NERSC as that was not the only transaction that took place. Miller, believed to be a member of an organized hacking ring called the Underground Intelligence Agency, highlights the vulnerability of systems at any level to the growing threat of organized malicious Internet groups.

"Miller and other members of the conspiracy remotely, surreptitiously, and without authorization, installed 'backdoors' onto computer servers and created 'magic passwords' that provided 'root' access to these compromised servers," read an indictment against Miller published by InformationWeek. He is currently facing charges of conspiracy and two types of fraud, according to the statement.

Strategic attacks

This may be one of the first data breaches for the federal government, but state-run agencies and private industry have already seen massive injury this year The Privacy Rights Clearinghouse has counted over 250 substantive incidents of malicious intrusion within the last six months. Among the most egregious were Social Security theft within the South Carolina Department of Health and Human Services and the leak of Global Payment Systems that revealed credit and debit card numbers for nearly 2 million accounts.

These incidents show that attacks are aiming for higher-value targets and are achieving surprising success. In most cases, weak passwords or low-quality encryption resulted in data security protocols that didn't pose much of a challenge, especially when dealing with organized raids.