“IT Workers a Foreign Intelligence Target”: MI5
Well, well – lookie here. It seems as if MI5 is warning UK businesses that foreign intelligence services “are targeting IT workers at big businesses”.
I can’t say I’m surprised. And I’d be quite surprised if it wasn’t going on here, too.
In fact, on reading that article the name of a certain bastard who used to be an IT worker comes to mind, even though there’s no evidence that he was “in the employ of a foreign power”. I guess you can “color me ‘unconvinced’ ” about that.
The Financial Times article is IMO worth reading if you have the time.
Category: Military issues
The other folks they’re going after are corporate lawyers because law firms contain so much data on their clients. My dad is such a lawyer, and whenever somebody at the form gets back from a business trip in East Asia, their devices are swept.
In information security this has been well known for a while. And it’s more to do with getting a foothold technically than turning someone as in the days of olde (although that does happen, but much, much less frequently than having your laptop 0wned).
IT workers are targeted because we generally have more privileges since we’re the ones that administer all the stuff. Administrators generally have the rights to bypass any permissions settings as well. It’s a lot more powerful than being able to see the CEO’s email. You can see everyone’s emails. And you don’t even have to interact with them, face to face or even online. They can be targeted en masse with “watering hole” style attacks where favorite sites are hacked to drop a payload onto unsuspecting visitors. Attackers can get to IT by escalating from a foothold they have via a phishing attack (the RSA SecurID breach is a great example of this).
Keep in mind, we’re in this game too, it’s just our targets either don’t know or aren’t talking. Thanks to the sorry state of information security, this will be a gold mine for everyone for years to come.
One area I’m surprised they aren’t going after are utilities technical folks. We know how the system works, all the way from little distribution lines all the way up to bulk transmission.
Cyber security is also a big part of what we do, etc. Great. More shit I gotta watch.