Security News > 2011 > January > Hackers break US government smart card security
http://news.techworld.com/security/3258312/hackers-break-us-government-smart-card-security/ By Robert McMillan Techworld.com 27 January 11 The US government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them. Over the past 18 months, security consultancy Mandiant has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. In a report set to be released Thursday, Mandiant calls this technique a "smart card proxy." The attack works in several steps. First, the criminals hack their way onto a PC. Often they'll do this by sending a specially crafted email message to someone at the network they're trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network. After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the smart card. Then they wait. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/
News URL
http://news.techworld.com/security/3258312/hackers-break-us-government-smart-card-security/
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- US Health Dept warns hospitals of hackers targeting IT help desks (source)