Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

RSA: Verizon details data breaches from pirates to pwned water district

Tim Greene | March 4, 2016
Anecdotal Data Breach Digest is a prep manual for cyber combat.

The digest refers to the case of the hacked water district as Dark Shadow. The district called Verizon in for an assessment and were adamant they didn’t have a breach, but it soon became apparent some kind of breach was underway.

The Verizon team discovered unauthorized access on a Web server where customers could check water-meter readings and pay their bills. A breach of that server led to compromise of personally identifiable information on the server, and that compromise led to exploiting some weak configurations on other devices. Specifically it compromised the mainframe that controlled the valves and ducts that routed the water.

“They started basically joyriding on that,” Sartin says. They connected fresh water and sewage lines, which was caught by monitoring devices. They also leaked large quantities of chlorine into the water supply up to dangerous levels.

In the case of the pirates, dubbed The Roman Holiday, Verizon was called in to investigate a suspected breach at a container shipping company.

Pirates in certain parts of the world were raiding the company’s ships, and the crews would lock themselves in a safe area as per protocol and let the pirates do what they wanted and leave. “The pirates would come in and very quickly and surgically identify a certain container based upon bar code and/or serial number, cut into that container, take certain valuables in it…and then they would leave,” he says. In particular they were looking for jewelry.

A breach on a content management server located 1,000 miles away that contained manifest information about shipping routes and schedules and the content of each container. The data was sold to a gang that sold it to another gang till it wound up in the hands of the pirates. “I can’t speak in that case whether or not the pirates were actually captured,” he says.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.