County Coroner in Handcuffs - Gave out his password
Dynamic Security could have easily identified that the person logging in was not the coroner, since he or she was in the wrong place at the wrong time, or there were multiple logins.
Trust Isn’t Security
Frank Hayes February 12, 2007 (Computerworld) -- In
And who did the coroner allegedly give his password to? Newspaper reporters. Now there’s a trusting user.
Wait, it gets scarier. According to the grand jury, the reporters said Kirchner gave them the password because he didn’t want to be bothered with their phone calls asking for details about homicides, fatal accidents and suspicious deaths.
The reporters weren’t charged with illegally accessing the Web site, because they testified under immunity from prosecution. Kirchner has denied the charges against him.
But the grand jury report quotes e-mails and computer forensic evidence that paint an ugly portrait of the coroner (who apparently ignored security policies and gave away his password within weeks of taking office in 2004) and the reporters (who ignored “authorized personnel only” warnings and accessed confidential information hundreds of times over an 18-month period).
And where was IT all this time? Not noticing, mostly. Eventually, an IT staffer checked Web site logs and discovered that the site was accessed more than 50 times in two weeks from computers at a newspaper office. But that was only after one reporter mentioned in a news report that some information came from the Web site, and a reporter from a competing newspaper called the county to find out why he didn’t have access.
That’s when a supervisor realized there had been a security breach, a police investigation began, logs were checked, passwords were changed, and the grand jury went to work.
Until then, everyone apparently assumed that because users were trusted with the information on the emergency 911 Web site, they could be trusted to keep it secure. Now there’s a trusting IT department.
That trust was misplaced. And not just trust in the coroner. After the reporters’ intrusion was discovered, logs were scrutinized more carefully. In 2006, four emergency responders were prosecuted for giving out their passwords, and two other people were arrested for accessing the site.
According to the grand jury report, the results of those password leaks weren’t trivial. In one incident, a 911 caller reported suspicious drug activity in his neighborhood. His name was supposed to be kept confidential. Because of the password leaks, it wasn’t. “That caller’s name was made known on the streets, and the caller was severely beaten in retaliation,” the grand jury report said.
We want to trust our users. We have to trust them, mostly — we can’t afford to watch them every second. And most of them are worthy of that trust.
But some aren’t.
Trusting is nice. It’s sociable. It’s convenient.
Don’t do it.
We have the technology to control network access to confidential information. Beyond passwords, we can limit users’ access with IP address whitelists and blacklists. We can use VPNs. We can scan logs after the fact, looking for IP addresses that don’t belong. We can’t catch every breach, but we likely can discover some accounts that have been compromised — and some users who can’t be trusted.
Yes, that gets ugly and unpleasant. So does what comes after: the why, the how-bad and the what-to-do-now.
But the alternative is a lot uglier. The results could be lost business and exposed customer information.
Or — as they’re learning in
Labels: Cybercrime, IT Security, Medical, Passwords
0 Comments:
Post a Comment
<< Home