While the FBI tussles with Apple over breaking the encryption of an iPhone used by the San Bernardino terrorists, the nation’s premier law enforcement agency finds itself grappling with a security breach of its own.
Under arrest is a 16-year old hacker from England who recently managed to exploit a common security gap that enabled him to steal and publish the contact information of 20,000 FBI employees.
After several unsuccessful access attempts, the hacker simply called a help desk within the Department of Justice. Here’s how he explained it…
“So I called up, told them I was new and I didn’t understand how to get past [the portal]. They asked if I had a token code. I said no. They said, that’s fine – just use [this] one.”
The story illustrates how vulnerable businesses and government agencies can be, even when they have the most advanced security systems in place. Failure to address the basics – properly educating employees and periodically refreshing their knowledge of procedures – will go a long way to thwarting such social engineering attacks.
Special attention should be focused on help desk personnel. Understandably, they are motivated by the desire to assist colleagues in resolving problems, so they tend to trust every call as legitimate. Nevertheless, an authentication procedure must be in place and used with every call, even if the voice on the other side of the line sounds familiar.
DataLink can assist with security planning, implementation and education to be sure you are protecting your business. Contact us today at 410.729.0440 or sales@DataLinkTech.com.