Physical security in the digital realm

Share this article:
Case study: Network clarity
Case study: Network clarity

Security experts spend a lot of time thinking about how to beef up defenses to deter attackers. That means implementing advanced firewalls to prevent and protect against SQL injection attacks, or upgrading cryptography to maintain safer communications.

IT pros, however, tend not to spend as much time pondering whether physical access to a computer system is locked down. And that is a bit of a shame, considering the experts, more than anyone, should know how easy it is for a crafty hacker to compromise a device once they have their hands on it.

“Whenever an attacker has physical access to a computer, safeguarding that system is much more difficult,” Ryan Linn, managing consultant at Trustwave, said. He pointed out that this is particularly true of money machines, such as ATMs and point-of-sale (POS) devices.

Last year was rife with these types of physical compromises. In October, attackers in Mexico were causing ATMs to spit out cash after they picked locks protecting CD-ROM drives and uploaded financial malware via compact disc. 

In December, researchers exposed an operation in Europe in which criminals bored through ATM casings to reveal USB ports. They then concealed the holes after compromising the machines with financial malware uploaded via thumb drives.

Also in December, Brazilian authorities in São Paulo removed the front of a sham ATM and uncovered a real one behind it. The fake was rigged with a working monitor so it looked authentic, but the shell actually contained skimmers and other recording devices. 

“Criminals tend to follow the money and ATMs are full of cash,” Linn said. But physical compromise of digital technologies is not limited to ATMs. 

In October, a group of men in Florida entered a Nordstrom store, distracted the staff and proceeded to plant skimming devices and keyloggers on registers. And just days after ringing in the New Year, a crook posing as a worker at a Chinese buffet stole customer card information using a skimming device.

“The criminals are getting more sophisticated and these types of attacks highlight the change in approach,” Linn said.

Core digital defenses continue to be a prime focus because of how many effective attacks are carried out remotely, but serious crooks will always seek to exploit weaknesses – and physical security is one such weakness.

Share this article:
close

Next Article in 2 Minutes On

Sign up to our newsletters

More in 2 Minutes On

Privacy: Who cares?

Privacy: Who cares?

Following the recent headline-making breaches at Target and Neiman Marcus, as well as the secrets exposed by Edward Snowden, the question is: Who cares?

The breach notification debate

The breach notification debate

After breaches of major retailers, the discussion regarding a potential federal breach notification law was brought back to the forefront among government leaders.

Analyzing, Identifying & Defining Data: The Next Steps in Security

Your organization's unstructured information is comprised of emails, documents, and other file types, and is saved to computers, mobile devices, the cloud, everywhere. So how do you go about securing your most important data, optimizing information sharing, and reducing data loss if you don't know ...