You don't hear of many attacks on edge infrastructure. Viruses, worms and Trojans get all the press. Although attacks at the network edge are more difficult for hackers, they are also the weakest point for many organizations.
When now-notorious intelligence contractor Edward Snowden leaked volumes of classified NSA data to The Guardian and The Washington Post, the public learned of a $652 million campaign code-named GENIE. In essence, GENIE is a cyber-offensive against foreign networks, seeking to plant malware into PCs, firewalls, routers, and other IT infrastructure with the goal of putting those resources under remote, surreptitious U.S. control.
One take-away from this tale might be that it takes half of a billion dollars, or more, to systematically attempt to enslave hostile countries' systems. A more practical spin might be this: The NSA can spend millions to subvert enemy networks. Can competitors or even casual hackers spend far less to subvert yours?
According to John Pescatore, director of emerging security trends at the SANS Institute, edge network infrastructure, such as firewalls and routers, are more difficult to hack into than PCs and servers. Such edge devices are often overlooked by those who design automated, "off-the-shelf" exploits, setting these devices above the skill level of most "script kiddies." But the payoff for learning how to hack edge infrastructure can be worthwhile. Instead of getting to hack one system, "owning" a router can give a hacker access to every system on the LAN. The question for the hacker then becomes: What now?
"The problem for the isolated, individual attacker is not necessarily finding the vulnerabilities themselves -- they are shared in the hacking community," says independent IT security market analyst and ex-Gartner MVP, Victor Wheatman.
"Rather, the problem for a solo bad actor is in sifting through the data, filtering it for the valuable stuff. There is analytical software used by enterprises to analyze security and other events, and there are programs that the likes of the NSA uses to parse the data, looking for interesting patterns. I suspect wily hackers are able to rent such programs on powerful underground utility programs running on multiple computers in order to gain that access and to massage the information in order to extract the desired data."
The information extracted from infrastructure streams could be anything from customer credit card data to proprietary marketing plans. Hackers might even learn how to exploit the corporation's network in order to launch a subsequent denial of service (DoS) attack.
In reality, attacks on edge infrastructure are far less frequent than more conventional attacks, such as email worms and Windows spyware Trojans. But it is their relative obscurity that can make edge attacks so appealing to experienced hackers. Given that they are underpublicized, organizations may be less aware of their vulnerability.
"When I was a contractor working with a small software company whose only client was the NSA, we learned a few things about how they operate," says Roger Kay, former IDC vice president and founder of Endpoint Technologies Associates. "One of the principles was the McArthur Principle (after General Doug), which says, 'Hit 'em where they ain't.' This is perfectly in line with the idea of hacking in at the weak point."
ABOUT THE AUTHOR
William Van Winkle has been a full-time tech writer and author since 1998. He specializes in a wide range of coverage areas, including unified communications, virtualization, cloud computing, storage solutions and more. William lives in Hillsboro, Oregon with his wife and 2.4 kids, and -- when not scrambling to meet article deadlines -- he enjoys reading, travel, and writing fiction.
See here for all of William's Tom's IT Pro articles.