Читать книгу Cyber Mayday and the Day After - Daniel Lohrmann - Страница 13

“I don't want to know, and I don't care to know. If I don't know about it, it does not exist.” Shocking, but in fact, there are many business leaders who think this way.

The truth is that sometimes, some data takes only a minimal effort to discover, and when you realize the type of information that is available out there and accessible to anyone (including malicious actors), then you will have no choice but to care. As the chief growth officer at Privasec (a Sekuro company), a top-tier and agnostic cybersecurity firm, Shamane leads the security outreach strategy team, spearheading industry awareness initiatives while working closely with the CISOs (chief information security officers) in bridging their business gaps. She met Todd Carroll, a former 20-year FBI cyber intelligence leader, virtually, in a cyber security summit she organized, where he shared an intriguing story. Todd walked through one of the real-world findings that CybelAngel's data leak detection technology came across a few years ago.¹ CybelAngel detects exposed data, devices, and services outside the enterprise's perimeter, enabling remediation before the exposure is weaponized. In this instance, it detected several pieces of information that exposed a bigger issue involving several airports, their ecosystem, and exposure of their data.

The thing is, data is always being shared. The aviation industry, like other industries, works with third parties. The moment any organization shares information with a third party, it loses visibility or control over what is done with the data, despite their best efforts or intentions.

In this case, when CybelAngel performed a search and monitoring on keywords related to airport security, they detected nearly 10,000 servers that were publicly available, on which over 400 blueprints of airports worldwide were identified, sitting on unprotected third-party connected devices, or in misconfigured cloud storage.

Some of these blueprints were extremely detailed, including the location and angle of the security cameras, revealing which were motion activated or had facial recognition capabilities and even precise information on how to access and take control of them. In addition, these blueprints contained the location of the detention rooms that are hidden from the public, runways, and the position of the fuel lines from the tanks leading to the runway where fuel is pumped into the wings of the aircraft.

There were blank signed templates of security application access forms that, if compromised, would have allowed access into the airport facilities. There were also completed security badge application forms with official stamps and signatures, and over 300 files describing safety procedures and policies. Those procedures included instructions on how to bypass the whole security system, and how to deactivate it.

There were also identity details of air marshals and departure and arrival dates, as well as the list of weapons they are allowed to carry on planes. Such intricate information can easily serve as a blueprint for a terrorist attack.

The frightening part of all of this is that the data was found on third-party servers in many countries, including the United States, France, the UK, India, Spain, and others.

It was fortunate that the findings were reported to the impacted organizations in time and the FBI and Interpol worked on closing the thousands of open servers around the globe. Imagine the terrorism disaster that could have occurred had this information not been discovered due to a lack of interest and blind obliviousness.

As the world continues establishing even more interconnectivity, it becomes more critical than ever to position industry leaders to have better foresight before a crisis even happens.