Physical security in the digital realm
Case study: Network clarity
Security experts spend a lot of time thinking about how to beef up defenses to deter attackers. That means implementing advanced firewalls to prevent and protect against SQL injection attacks, or upgrading cryptography to maintain safer communications.
IT pros, however, tend not to spend as much time pondering whether physical access to a computer system is locked down. And that is a bit of a shame, considering the experts, more than anyone, should know how easy it is for a crafty hacker to compromise a device once they have their hands on it.
“Whenever an attacker has physical access to a computer, safeguarding that system is much more difficult,” Ryan Linn, managing consultant at Trustwave, said. He pointed out that this is particularly true of money machines, such as ATMs and point-of-sale (POS) devices.
Last year was rife with these types of physical compromises. In October, attackers in Mexico were causing ATMs to spit out cash after they picked locks protecting CD-ROM drives and uploaded financial malware via compact disc.
In December, researchers exposed an operation in Europe in which criminals bored through ATM casings to reveal USB ports. They then concealed the holes after compromising the machines with financial malware uploaded via thumb drives.
Also in December, Brazilian authorities in São Paulo removed the front of a sham ATM and uncovered a real one behind it. The fake was rigged with a working monitor so it looked authentic, but the shell actually contained skimmers and other recording devices.
“Criminals tend to follow the money and ATMs are full of cash,” Linn said. But physical compromise of digital technologies is not limited to ATMs.
In October, a group of men in Florida entered a Nordstrom store, distracted the staff and proceeded to plant skimming devices and keyloggers on registers. And just days after ringing in the New Year, a crook posing as a worker at a Chinese buffet stole customer card information using a skimming device.
“The criminals are getting more sophisticated and these types of attacks highlight the change in approach,” Linn said.
Core digital defenses continue to be a prime focus because of how many effective attacks are carried out remotely, but serious crooks will always seek to exploit weaknesses – and physical security is one such weakness.