The internet was awash yesterday with the story of a fraud attempt that would have netted a motley crew hundreds of millions of dollars. The use of USB port control software, a security feature that can be combined with drive encryption software from AlertBoot, would have prevented them from carrying out the scam, but idiocy works in a pinch.
The London branch of the Japanese bank Sumitomo Mitsui was specifically targeted by Belgian hackers, an English "lord," a sex shop owner, and a bank security supervisor. The security supervisor gave the hackers access to the bank's workstations. Keylogging software was installed via the USB port.
The idea was to come back later and gain access to the same terminals using the names and passwords recorded by the illicit software. Once in, the hackers would transfer money from the bank to foreign accounts. Why phish for customer logins when you can go straight to the bank, right?
However, the hackers got confused when making those international wires (they didn't fill out the SWIFT codes correctly, apparently), and weren't able to transfer the money. They attempted the same a couple of days later, and bungled it again. And then got caught.
Had they succeeded, triumph would have revolved around an innocuous little USB flash drive. Which brings us to the question, how does one secure a USB port?
Remember, USB ports are multifunctional sockets: they allow you to read and write to external storage devices and to use your mouse and keyboard, among other things (lights, soda can coolers, fans, seat-warmers, etc). If you were to physically block the port, you'd be losing a lot of usability and productivity that this port affords you.
The best way to secure and control the USB port in my opinion is via the use of port control software. There are software solutions out there that will allow you to block the use of the USB port, or even to block the use of specific items in general (think all storage drives or all mice).
Some more advanced programs, such as the one included with AlertBoot, allow you to be a little more granular. You're able to differentiate between storage drives, so a computer could read and write to company-approved USB sticks only. Try connecting another type of USB stick, and it won't work.
Plus, the use of blacklists and whitelists, and the ability to deploy port control policies remotely and transparently means IT staff can easily convert security theory into security reality. Follow it up with the powerful encryption audit reports that are integrated with AlertBoot, and you've got your bases covered.
Related Articles:http://news.bbc.co.uk/2/hi/uk_news/7909595.stmhttp://www.timesonline.co.uk/tol/news/uk/crime/article5848034.ecehttp://www.itv.com/News/Articles/Two-guilty-of-229m-fraud-attempt-825142125.htmlhttp://www.guardian.co.uk/uk/2009/mar/04/sumitomo-fraud-attempt
Pingback from USB Port Control Software: It May Be A Better Solution Than SWIFT Codes - AlertBoot Endpoint Security