Close X
Log In
If you are not a member,
register now
Email
Password
Forgot Your Password?
New User? Register now
to gain member-only access to all of IT World Canada's premium content & community portals.
Log in for Full Access |
Log In
|
Subscribe Now!
Follow
IT World Canada
Knowledge Centres
Community
Publications
Events
Services
Media
Communications Infrastructure
•
Carriers and Cellular
•
Networking
•
Voice, Data, and IP
Security
•
Alerts, Patches and Fixes
•
Disaster Recovery
•
Hacking and Viruses
Enterprise Business Applications
•
Business Intelligence
•
Enterprise Resource Planning
•
Open Source and Linux
Enterprise Infrastructure
•
Data Centre
•
Servers and Mainframes
•
Virtualization
Government
•
Case Studies and Best Practices
•
Collaboration
•
Policy
Leadership
•
Budgeting / IT Alignment
•
Industry News
•
Issues for CIOs
Information Architecture
•
Data Warehousing
•
Databases
•
Messaging and Collaboration
Integrating IT
•
Development Environments
•
Middleware - Utilities
•
Project Management
Green IT
•
E-Waste and Recycling
•
Green thinking
IT Workplace
•
Careers and the Job Market
•
Consulting and Contracting
•
Human Resources Issues
•
Women in IT
Departmental and End User Computing
•
Future Technology
•
Help Desk and End-User Support
•
Mobile Applications
All IT World Blogs
Featured Blogs
•
All things Android
•
Career Corner
•
Enterprise Insights
•
Security
ComputerWorld Canada Blogs
•
Shane Schick's Computerworld
•
World Wide Webb
•
Blogosphere
•
Techbuzz
CIO Canada Blogs
•
CIO Canada
•
Candid CIO
NetworkWorld Canada Blogs
•
Network World
•
Industry Watch
Guest Blogs
•
Stuff IT Managers Like
•
CDN Varbose
•
Making IT Work
Wikis
•
IT job Descriptions
•
CWC In Conversation
Groups
•
Finance
CIO Canada
ComputerWorld Canada
Network World Canada
Computer Dealer News
Direction Informatique
IT Business.ca
Click Here to Subscribe Now!
ComputerWorld Canada Events
•
Computerworld Interactive
•
Computerworld IT Leadership Awards
•
Computerworld Technology Insights
Feature Events
•
Visability - Social Media
•
Technicity
Events for Government
•
GovSym Symposium
•
Lac Carling
Computer Dealer News Events
•
CDN Channel Elite Awards
•
CDN Top 100
•
Computer Golf
Events for CIOs
•
CIO Exchange
•
CIO Frankly Speaking Breakfasts
•
CIO Frankly Speaking @ Your Desk
More Information on
IT World Canada Events
IT World Canada Curated
Job and Career Resources
•
Canadian IT Jobs
•
IT Sales Jobs
•
Salary Calculator
•
Tech Learning Space
Knowledge Services
•
CDN ProFIT - Turnkey Marketing solutions
•
Visability
•
Knowledge Store
Subscribe Now- Register
Slide Shows
Videos
White Papers
Webinars
Hot Topics:
big data analytics
•
SAS
•
databases
•
videoconferencing
•
ERP
•
SAP
•
HP
•
DDoS Protection
•
Microsoft
•
DDOS attack
•
Search
SHARE
Home
>>
Security
Smart cards no match for online spies
By:
Robert MacMillan
On:
27 Jan 2011
For:
IDG News Service (San Francisco Bureau)
Hackers are using a 'smart card proxy' attack to get around smart cards, according to security consultancy Mandiant
The U.S. government has been stepping up its use of smart cards to help lock down its computer
networks
, but hackers have found ways around them.
Over the past 18 months, security consultancy
Mandiant
has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and
passwords
. In a report set to be released Thursday, Mandiant calls this technique a "smart card proxy."
The attack works in several steps. First, the criminals hack their way onto a PC. Often they'll do this by sending a specially crafted e-mail message to someone at the network they're trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network.
After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the
smart card
.
Then they wait.
When the victim inserts the smart card into the hacked PC, the criminals then try to log into the server or network that requires the smart card for
authentication
. When the server asks for a digital token from the smart card, the bad guys simply redirect that request to the hacked system, and return it with the token and the previously stolen password.
This is similar to the techniques criminals have been using for several years now to
get around the extra authentication technologies used in online banking
.
Mandiant is the kind of company that businesses and government agencies call to clean up the mess after they've been hacked. It has done investigations at about 120 organizations overt the past year and a half. Most of them get hacked via a targeted e-mail. But in many cases, they were actually hacked years earlier, but never managed to remove the malicious software from their network, according to the report.
Companies or government agencies that assume that they are secure just because they use smart cards to authenticate, could be in for a nasty surprise some day, said Rob Lee, a director with Mandiant. "Everything is circumventable in the end," he said.
Sign up for our
Newsletters
Tags:
security
Close X
Your Name:
Your E-mail:
Friend's Name:
Friend's E-mail:
Close X
|
Views:
1729 |
Rating:
(0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.
Close X
Page
1
Quick Access
Video Conferencing
Cloud Computing Resource Centre
CIO Canada's Brainstorm Centre
CIO Canada Debate
Robert MacMillan
is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.
Please enable JavaScript to view the
comments powered by Disqus.
blog comments powered by
Disqus
Related Videos
Building an Enterprise IT Security Training Program
Building an Enterprise IT Security Training Program
-
Over 50% of security breaches are a result of end-user error, oversight, and ignorance. IT security training is an effective method of reducing end-user related security breaches.
Cloud Computing: Extending the Network (3 of 3)
Cloud Computing: Extending the Network (3 of 3)
-
The end goals of private cloud computing are to; Enable efficient delivery of IT resources and services; Give the enterprise complete control over data; Enable choice in technologies and service providers
Cloud Computing: Getting to One Network (1 of 3)
Cloud Computing: Getting to One Network (1 of 3)
-
In this first video of the series, the team will take you through how to consolidate the different types of traffic onto a single, general-purpose, high-performance, highly available network that greatly simplifies the network infrastructure and redu
Cloud Computing: The Unified Compute Model (2 of 3)
Cloud Computing: The Unified Compute Model (2 of 3)
-
In this second video, the team will look at how to unite computing, networking, storage access, and virtualization into a single cohesive system. The Unified Compute model prepares you for cloud computing. This will be discussed in the next and fin
Professors warn of arms race in cyberspace
Professors warn of arms race in cyberspace
-
At a panel discussion organized by Osgoode Hall, professors Ronald Deibert and Stephane Leman-Langlois discussed the attacks on Google Inc. and the challenges of working in countries such as China.
more from the:
Video Library
Take Our Poll
Most Popular
Articles
Most Viewed
Most Emailed
Top Rated
Most Viewed
Most Emailed
Top Rated
Shaw wins Internet deal with city of Winnipeg
By: Howard Solomon (16 May 2012)
Shaw Communications has scored a big win in its campaign to extend its services to municipalities. The Calgary-based cableco won a bidding contest to ...
Open source Java moving to Linux, AIX on PowerPC
By: Paul Krill (11 May 2012)
SAN FRANCISCO -- Open source Java will be brought to the PowerPC architecture for Linux and IBM's AIX OS under a proposal floated lastweek that could ...
The cost of open data: A Canadian lawyer's analysis
By: Lou Milrad (14 May 2012)
We’ve started hearing a lot over the last year or so about “open data”, particularly in the municipal sector. It’s all ab ...
Rogers offers lure to M2M developers
By: Howard Solomon (11 May 2012)
Network operators are always looking for ways to expand the way organizations can use their networks beyond voice and data centre traffic. To encour ...
Canadian employee survey indicates dark view of cloud
By: Shane Schick (16 May 2012)
If Canadian enterprises are using cloud computing, their employees may be the last to know. A recent research bulletin from Toronto-based Pollara of ...
Cisco kills off Cius development
By: Paolo Del Nibletto (5/25/2012 11:56:00 AM)
In a surprise move, Cisco Systems Inc. has confirmed it will no longer invest in developing the Cius tablet device running Android.The Cius tablet was ...
Microsoft's new server and tool upgrades and CIOs
By: Juan Carlos Perez and Chris Kanaracus (5/25/2012 10:21:00 AM)
MIAMI -- CIOs and IT directors tracking the barrage of major upgrades for Windows and Office also need to stay tuned to the refresh cycle for Microsof ...
Microsoft clarifies tremendous Windows 8 claims
By: Gregg Keizer (5/25/2012 9:21:00 AM)
FRAMINGHAM, Mass. -- Reports earlier this week that Microsoft CEO Steve Ballmer predicted unprecedented sales of Windows 8 were wrong on multiple ...
How to make PHP apps scale
By: Andrew Oliver (5/25/2012 9:14:00 AM)
SAN FRANCISCO -- The power of PHP and an RDBMS is the ability to nail the major features of an application with cheaply paid developers in a reco ...
Funding rural broadband: Whatever it takes
By: Howard Solomon (5/25/2012 7:11:00 AM)
For rural communities looking to get ultra-fast broadband speeds increasingly seen in cities, there’s only one obstacle: Money. Getting it is ...
VIDEO: Why IT pros need 'soft skills'
By: Brian Bloom (23 May 2012)
Unemployment in the high-tech sector is low. But are IT pros getting the jobs they want? Stafflink CEO Tim Collins explains why having impressive ...
Open source Java moving to Linux, AIX on PowerPC
By: Paul Krill (11 May 2012)
SAN FRANCISCO -- Open source Java will be brought to the PowerPC architecture for Linux and IBM's AIX OS under a proposal floated lastweek that could ...
Why integrate Wi-Fi radios into small cellular cells
By: Ajay Kumar Gupta (15 May 2012)
FRAMINGHAM, Mass -- (Gupta is team lead at Wesley Clover Communications Solutions, which develops solutions from Canadian companies -- including Mitel ...
CEOs demand CIOs prepare for growth and mobility
By: Mark Chillingworth (15 May 2012)
CEOs have shifted their position and are releasing funds to CIOs that have innovations for mobile users and revenue generation ideas, finds the CIO Su ...
EMC mega-launch targets hybrid cloud, big data
By: Jeff Jedras (22 May 2012)
LAS VEGAS – With nearly 15,000 attendees making this its biggest user conference, IT infrastructure vendor EMC Corp. has made its largest ...
Related White Papers
Cisco SecureX Product Brochure
-
Cisco SecureX Architecture blends global threat intelligence and contextual awareness to address today's unique security challenges.
A Journey to Adaptive MDM
-
Adaptive master data management (MDM) solutions can increase revenue, reduce costs, enhance business agility and streamline compliance.
Proven strategies for uncovering cost savings with IBM DB2
-
This e-book, we’ll examine the ways that your enterprise database can help or hinder the bottom line. We’ll also show how IBM® DB2® can help you uncover cost savings while delivering performance, automation, productivity, green IT benefits and more. Finally, if you’re evaluating your IT expenses and looking for changes with the biggest possible system-wide impact, we’ll show you why moving to DB2 should be at the top of your list.
Deploying Simple, Cost-Effective Disaster Recovery with Dell and VMware
-
Minimize downtime, lower costs, and reduce risk: Those are the three goals your disaster recovery plan must meet. This white paper outlines the ways virtualization can address the challenges of traditional disaster recovery and help your enterprise meet the key goals of a viable disaster recovery plan.
Presbyterian HealthcareServices lays afoundation for innovation
-
Seeking to improve the way it captured, analyzed and documented its day-to-day processes, the new Presbyterian Rust Medical Center turned to IBM Blueworks Live tool. The hospital was quickly able to identify inefficiency-causing gaps in processes.
more:
White Papers
Close X