THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Knowing the detailsWhen it comes to hacking, there are two major culprits to blame. Well, the Democratic Party tried to blame the hacking of Mrs. Clinton’s email server on the Russians. While it was really, the Chinese doing it and they got the emails in real time. So maybe those 33,000 that have seemed to evaporate in mid-air can be found. Maybe if the President were to ask President Xi of China if we can get those back, we could have some closure to the Clinton scandals (maybe). Malware Installed The way the Chinese did it was ingenious if you think about it. They installed malicious software that routed Secretary Clinton’s personal emails to China in real time. The hackers were able to gain access to a “secured server” and were able to install software that went undetected. This sort of setup is not only dangerous, but it is also illegal due to the classification of the email that was going across the server. The malware was sophisticated enough that it went undetected for perhaps months, if not longer while the server was in operation. Due to the illegal activities of destroying government property (in the form of emails) and other activities we may never know fully the impact of the Chinese hacking of the Mrs. Clinton’s email server. Her use of sophisticated hardware wiping software will make it nearly impossible to retrieve the information that forensic investigators would need in order to piece together the data about what software was used on the system. Email Targeting Reasons When it comes to emails, they present a very interesting target. Not only do you get to see what sort of things that people are doing in their personal life. Nevertheless, you are able to see more details than just trying to hack an account and guessing the name of their favorite pet as a kid. Emails are a personal and intimate picture into our daily lives. This is one reason whey hardening email servers is so important for any business or government. While the specific details of the Chinese hack into the server remains a secret at the time of this blog posting. It is safe to say that Mrs. Clinton’s email was a specific target that the Chinese were very interested in having access to. (This is one reason why you don’t use unsecured devices in a foreign country). The risk of using an unsecured system in a country that is known to have a very sophisticated hacking apparatus is just asking for trouble. Hardening Servers
When it comes to email servers, they should be treated with special care due to that so many organizations rely on them for most of their business communications, if not all. Servers need special care when setting them up. The following steps should be taken:
Ethics in IT Security While it continues to baffle me as an IT Security Professional about those that would commit such an egregious act in the first place. No matter who you work for, if there are blatant acts to circumvent the legal system you should determine if it is in line with your own personal ethics. If like most of us, we run across information that may be of a sensitive nature. It comes with the territory of being in this industry. When anyone who has ever had a security clearance for the government knows, you go through rigorous training and classes on the handling of classified information. Regardless of whether you thought it was one way, and then come to find out that it was something different, ignorance is not an excuse. Especially for someone who had her experience and background. (She should have known better). Summary While the details of this compromise are still coming out, we don’t know the specifics of the type of malware that was used or who knew that the compromise even happened. Creating a system that is outside of legal conformities also puts all of the information that is contained or that passes through it a position of vulnerability. If the server was in a secured environment or used government equipment, then there may be some loopholes. This may have permitted the setup and configuration of the server offsite. However, with what we know is Mrs. Clinton didn’t ask, and if she did, those in charge would have denied it. Disclaimer Statement: This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, or organizations that the owner may or may not be associated with in a professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any individual or political party. All content provided on this blog is for informational purposes only. The owner of this blog makes no representation as to the accuracy or completeness of any information on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|