Hackers stole secret Canadian government data
Newsbot @ Thu Jun 02, 2011 5:21 pm
Title: Hackers stole secret Canadian government data
Category: Tech
Posted By: Curtman
Date: 2011-06-02 14:35:52
Canadian
Curtman @ Thu Jun 02, 2011 5:21 pm
$1:
Hackers sent malicious emails to staff that appeared to be coming from senior managers. When staff opened the attachments, hackers found a path into the federal network, providing access to classified information.
This is what is called "social engineering". There is no virus scanner in the world that can protect you from it.
Bacardi4206 @ Thu Jun 02, 2011 7:27 pm
They stole our secret plans to teach beavers and deers to become vicious killers that targets the Taliban. Recently leaked footage of one of the test subjects that broke out and went on a crazed rampage from the stress of the secret training http://www.liveleak.com/view?i=76b_1306990786
DanSC @ Thu Jun 02, 2011 8:39 pm
Bacardi4206 Bacardi4206:
They stole our secret plans to teach beavers and deers to become vicious killers that targets the Taliban. Recently leaked footage of one of the test subjects that broke out and went on a crazed rampage from the stress of the secret training http://www.liveleak.com/view?i=76b_1306990786
It was probably Scott. He's a dick
DrCaleb @ Fri Jun 03, 2011 8:04 am
I always have to ask this; but why is this data internet accessible? The #1 way to keep it being stolen is not to present it as a target.
Morons.
Brenda @ Fri Jun 03, 2011 8:23 am
So THAT is what Raydans new job is all about...
BartSimpson @ Fri Jun 03, 2011 8:56 am
It's the IT paradox that the people with the most access tend to be the least security conscious. Maybe they'll learn not to open crap from the girls in Russia who saw their picture on the internet. 
Curtman @ Fri Jun 03, 2011 11:03 am
BartSimpson BartSimpson:
It's the IT paradox that the people with the most access tend to be the least security conscious. Maybe they'll learn not to open crap from the girls in Russia who saw their picture on the internet.
$1:
appeared to be coming from senior managers
jeff744 @ Fri Jun 03, 2011 11:08 am
DrCaleb DrCaleb:
I always have to ask this; but why is this data internet accessible? The #1 way to keep it being stolen is not to present it as a target.
Morons.
Morons.
Convenience. Now they don't have to go over to the elevator and press a button to get to their classified information.
Choban @ Fri Jun 03, 2011 11:42 am
jeff744 jeff744:
DrCaleb DrCaleb:
I always have to ask this; but why is this data internet accessible? The #1 way to keep it being stolen is not to present it as a target.
Morons.
Morons.
Convenience. Now they don't have to go over to the elevator and press a button to get to their classified information.
Can they not have an internal network with no outside access?
andyt @ Fri Jun 03, 2011 11:46 am
Choban Choban:
jeff744 jeff744:
DrCaleb DrCaleb:
I always have to ask this; but why is this data internet accessible? The #1 way to keep it being stolen is not to present it as a target.
Morons.
Morons.
Convenience. Now they don't have to go over to the elevator and press a button to get to their classified information.
Can they not have an internal network with no outside access?
Exactly what I've always wondered.
DrCaleb @ Fri Jun 03, 2011 11:56 am
Choban Choban:
jeff744 jeff744:
DrCaleb DrCaleb:
I always have to ask this; but why is this data internet accessible? The #1 way to keep it being stolen is not to present it as a target.
Morons.
Morons.
Convenience. Now they don't have to go over to the elevator and press a button to get to their classified information.
Can they not have an internal network with no outside access?
It's done all the time. One PC on a desk for classified access, another completely separate PC for internet access if their job requires it. Two completely separated networks to carry the data so the external facing one getting hacked cannot compromise the classified one.
BartSimpson @ Fri Jun 03, 2011 12:10 pm
The problem is that you've got people who have too much access because they have a title or some such and then they're not held accountable for security lapses.
In some of the security assessments I've done over the years I've found the best way to hack a system is to get the name of a senior executive and then call the helpdesk and ask for a username and password. I'd say 90% of the time I'm not challeneged to prove who I am and, on some occasions, I've even managed to get the helpdesk people to put their security certificates and VPN software out on an FTP site so I could download them.
Really, why go to all the bother of breaking in when, if you just ask, someone will open the door for you?