Often lost in the discussion of the National Security Agency (NSA) and Edward Snowden is the fact that the broad access and privileges he had is the same type of access and power that many employees in similar positions have at almost every business.
This begs the question: What if these same access powers were suddenly available on the black market to the highest bidder? What if outside hackers actually had your privileged/admin account information and could provide it to anyone of their choosing – giving them the power to traverse your network at will with the power of an IT admin?
Unfortunately, this isn’t a ‘what if’ dream-scenario concocted for a Black Hat presentation. It’s the current reality many businesses unknowingly face. In fact, the U.S. Attorney’s office in Boston indicted Andrew James Miller, a hacker who infiltrated numerous corporate networks through common means.
Once Miller was able to gain access to a single employee terminal, he installed keylogging software on the computer to steal admin passwords. From there, he was able to escalate the privileges of these accounts to steal more privileged/admin account passwords, providing him with root access to entire systems. Miller promptly tried selling these privileged/admin accounts on a known black market for hackers and was caught by the FBI. Miller was selling Snowden-like access to major companies for as little as $1,000 a pop.
The Miller case provides a microcosm of the security challenge all organizations face today and highlights why privileged accounts have emerged as the number one target of malicious hackers. If you look through the long list of recent cyberattacks and breaches, you’ll see the privileged connection form in each one. As the security research firm CyberSheath noted, the compromise of privileged accounts is a critical factor in 100 percent of advanced cyberattacks. This is why the Andrew Millers of the world are working from the outside to become an insider.