Show White

3 Social Attacks Leave Snow White Dying

Once upon a time there was an inventor call Snow White. Every hour of the day she was working for her company. Her boss, Coal Black, gave her wage rise after wage rise in recognition of her excellent work. Then, one day, she had a brand new idea. It was better, faster and cheaper than anything that had gone before. She showed Coal Black. He looked at the idea and his face went red. There was an explosion as Coal Black shouted “How could you invent something better than me?” She left Coal Black’s office disappointed at this unexpected reaction. Unknown to her, Coal Black arranged for her to be made redundant.

At first Snow White couldn’t understand what had happened. She had a great idea. She told her boss. And the next day she was out on the street.

But her idea was still good.

It could still work.

She got together a team of experts and developed and enhanced idea. One day she was on the way to work and thought she saw her Coal Black loitering. That got her worried – perhaps he had realised just how great her concept was. So she enhanced the security systems. Month after month she improved the security systems but development began to slow. More and more time was spent overcoming the security and the company began to fail as the security strings tightened around the nascent company.

One day the CTO, White Hat, told Snow White said he had decided to leave. This was devastating. “Why?” asked Snow White. “Because our security is killing our company. No-one can break through our first level anyway so why do we need it all?” he said. Snow White realised her fear of Coal Black has cause her to tie the company in knots. She asked white Hat to loosen the controls and the company started to prosper.

A few months later the Snow White received a text message from her Senior Developer: “I’m sending you a USB stick via courier with a design for a top secret new product idea I’ve come up with.”  She remembered the reaction of Coal Black to her idea and was determined not to repeat the mistake so as soon as the letter arrived she tore it open and put the USB into her machine. There was a brief flash on the screen and Explorer opened as usual. There were a few files on the USB but nothing made any sense – she called the Developer but couldn’t reach him. It turned out he was on vacation and due back next week. That’s strange.

When the Developer arrived at work, Snow White was standing at his desk: “What is the new product idea? I couldn’t make sense of the files you sent on the USB.” “What idea? What USB?” he said. They went to White Hat to ask if he could explain it. As he heard the story the colour drained from his face.

White Hat explained that the original text message was faked to make it look like it was from the senior developer. Someone else had sent the message and the USB stick to Snow White. The flash on the screen was a keyboard emulation device in the USB installing a root kit. The root kit gave the intruder complete access to Snow Whites computer, all the files on it and the entire internal computer network. While Snow White did not understand the jargon she did understand the implications. It was a poisoned USB stick. And she had been the victim of a socially engineered attack.

In the following investigation it appeared that no damage was done although they did not know what information had leaked out of the company. Everyone was traumatised by the attack and learned not to put USB devices into their computers. They also learned that PDF documents are unsafe as well. Confident that they had survived the attack, they relaxed.

However all was not as it seemed. Coal Black loitered in the local coffee shop and recognised the VIP of Marketing. They got talking and after a few minutes Coal Black left.

Later that day Snow White got an urgent call to go to the computer room. She flew down stairs and through security door which was being held open for her. The door closed. Snow White saw the smoke and heard the alarm sound as the flame retardant gas hissed as it entered the room to smother the fire. She knew she had to leave – it was poison. But the door would not open. The lock had become closed. Snow White passed out.

Snow White came around to find White Hat doing artificial respiration on her. Everything was hazy but she realised they had been attacked again. Computer logs showed that the VIP of Marketing had gone into the computer room minutes before the fire had started. Was it him that had held the door open? Had the VIP of Marketing turned into a traitor?

He protested his innocence and another log was found that showed the VIP of Marketing had been sending email while the attack took place. How could he be in two places at once?

The police search the area and found some HIB access cards and torn up papers in a dumpster. They tested the HIB access cards and found one of them was a duplicate of the VIP of Marketing. The papers had hand written notes on them and when assembled were instructions on how to use a HIB card emulation device. Then the VIP of Marketing remembered the café conversation… while he had been chatting to the stranger the stranger had copied his security card. When he saw a picture of Coal Black he immediately recognised him and mobile phone meta-data confirmed that Coal Black was at the scene of the crime.

And all fairy tales end well and this one is no exception – White Hat became Snow White’s prince and they got married and lived happily ever after.

So these attacks… can they all be done?

Yes, every one of them is possible today.

What did Snow White learn? Specifically:

  • Never put a USB stick in your computer unless you can guarantee its providence.
  • Just because a text message says it’s from Snow White, doesn’t mean it is. The same is true of email messages but I think you already knew that!
  • HIB access cards can be read from about a meter way and emulated so they are only safe if carried in a metal pouch.
  • If you’re going to shred something so no-one else can reassemble it, use a cross shredder.

But the most important lesson is that the weak link in all of these cases was the human, not the technology. Coal Black exploited security lapses cause by the actions of humans rather than computer systems.

What did you learn?

Leave a Reply

Your email address will not be published. Required fields are marked *