O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Getting Hacked is a Nasty Business. Events are in for a Rude Awakening.

776 visualizações

Publicada em

The latest ETB visual summary of the article, "Getting Hacked is a Nasty Business. Events are in for a Rude Awakening." You can read the full article at: http://www.eventtechbrief.com/page.cfm/action=library/libID=3/libEntryID=72/listID=1
Subscribe to the EventTechBrief.com newsletter at: http://www.eventtechbrief.com/page.cfm/Action=Form/FormID=1/t=m/goSection=3

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Getting Hacked is a Nasty Business. Events are in for a Rude Awakening.

  1. 1. Based on an EventTechBrief.com Article by Michelle Bruno Getting Hacked is a Nasty Business. Events are in for a Rude Awakening.
  2. 2. A conference was hacked. This time, hackers managed to obtain personal details from attendees of two conferences hosted by the Linux Australia User Group. Michael Robinson, program director, cyber forensics at Baltimore’s Stevenson University, took a look at media reports of the incident to describe what may have happened and provide some advice on how event organizers can do a better job of protecting their attendees from what could be inevitable. It happened again...
  3. 3. Beware the Innocent E-mail...
  4. 4. Organizers admit that hackers gained unauthorized access to one of their servers, but Robinson says, “It’s pretty unlikely that someone broke in from the Internet and hit that server.”   A more plausible explanation is that an end user connected to the network was duped into clicking on a link from the Internet or an email. In doing so, he inadvertently released malware that moved laterally across the network to grant a hacker access to the server that contained all of the attendee data.
  5. 5. An end user is anyone on a computer connected to the network including a conference planner, registration assistant, systems administrator, or accountant. “If their computers are compromised, it’s not that difficult to get access to the registration data,” Robinson explains.  The vulnerability to which Linux Australia succumbed was the fact that “it stored attendee data from multiple conferences on one central server, which means that when the server was compromised, it affected all of the attendees from all of its conferences for several years.”
  6. 6. Hackers are Paid Professionals...
  7. 7. Robinson surmises that the hackers of the Linux Australia User Group knew what they were doing. “The people who attend Linux Australia events are [for example] systems administrators that work for the Australian and New Zealand governments. They have root-level access to sensitive information on their computer systems and networks.” With something as simple as an attendee email address, hackers can launch phishing attacks on them in the same way they likely attacked the conference.
  8. 8. Taking a Server Offline Won't  Solve the Problem
  9. 9. The remedies for these types of attacks aren't clear- cut. Linux Australia reportedly decommissioned the infected server, strengthened security on the new one and installed a number of monitoring tools. In addition, “websites for the conferences will in the future be archived six months after a conference concludes and then kept on a separate server and deleted from [the event management software]," organizers say. That may not be enough according to Robinson.
  10. 10. “Typically when a system gets infected, the help desk will come along and take that one server offline. However, if the hacker leapfrogged through the network, taking a server offline doesn’t fix the problem. The server is taken offline, but the bad guy is still in the network. He can move laterally to the new server and compromise that one as well,” Robinson explains.
  11. 11. Attackers are onto Conferences as Targets What happened to the Linux Australia User Group is only the tip of the iceberg in terms of how conferences can be harmed by hackers, hacktivists or the disgruntled. Robinson lists a number of "bad" hacks of which organizers should be aware: Hackers with the right skills can download registrant information from a self-service registration kiosk onto a USB drive. Wireless jammers can interrupt on-site networks including audio-visual equipment.
  12. 12. Attackers are onto Conferences as Targets Pineapple routers (costing about $150) can intercept data transmissions from attendee devices. An IMSI-catcher can intercept cell phone data and “spy” on conference-goers. Fake websites can be easily built to intercept registrant information (including credit card numbers) Social hacktivists can wreak havoc on an event with denials of service attacks and other tactics.
  13. 13. There are some Simple Fixes...
  14. 14. Event organizers are not entirely defenseless. While some organizers will work with cyber security professionals to build in safeguards and monitoring systems, there are simple precautions all event hosts can take. Robinson advises that organizers first communicate to attendees the measures they have in place to protect their information and advise them NOT to use the same passwords for the conference that they use for other work or their personal accounts.
  15. 15. There are other measures that organizers can take such as instructing IT to isolate and encrypt the registrant database and training end users to avoid clicking on links of any kind unless they are absolutely sure of the source. “End users are the biggest threat to network security,” Robinson says. Also, security contractors and staff can learn how to spot and disarm jamming and routing devices on site.
  16. 16. But Wait. There's More.
  17. 17. Besides the obvious consequences —embarrassment, loss of attendee confidence, and a potential drop in future attendance—the Linux Australia User Group and others before them have had to endure a “baptism by fire,” Robinson says. “Imagine trying to meet your goals to ‘do more with less’ and then all of a sudden you get hit with something like this? Your reputation is damaged, you incur more costs, and your attendees could sue you. Your day is going to get a whole lot worse.” Michael Robinson is at mrobinson4614@stevenson.edu.
  18. 18. Read the full article and subscribe to the newsletter at www.EventTechBrief.com @EventTechBrief Images used under a Creative Commons License via Flickr users: Photosteve101; Al Ibrahim; James Lee; Hannaford;  OTA Photos; & Living in Monrovia