Security Scene: January Edition
By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer
Only a few days into 2021, and it appears to be giving 2020 a run for its money. It was naive to hope for a quick improvement, but I remain an optimist!
Dark Reading published a rollup of The Coolest Hacks of 2020 that I found enjoyable. My favorite was a story I had missed, about two penetration testers whose engagement went rather poorly. Despite having physical proof of being hired to attempt to break in, they ended up in jail and their company had to post $50,000 bail each. (Actually, their company said no, but the CEO insisted that the bail be paid.)
You’ve probably heard of the Christmas day bombing in Nashville, targeting an AT&T building there and revealing how fragile our localized communications infrastructure can be. It took two days to get the cell phone service back to 65 percent capacity across three affected states.
Unfortunately, attacks against technology are not new and the article notes that between “1996 and 2002, groups such as the Earth Liberation Front and the Animal Liberation Front engaged in some 600 criminal acts of arson, sabotage, and vandalism on research laboratories, multinational corporations, and the logging industry. Like the Nashville attack, the purpose was to harm property, not people.” An article shared by Dave Farmer further points out that we drive by fiber huts with minimal security on a regular basis, hidden in plain sight.
And of course, there was the Solarwinds hack. (Or was it another company?) While information is obviously still coming out, take the time to read through some takeaway lessons and in-depth analysis of how the attack worked.
Here’s hoping 2021 quiets down a bit.