On Wednesday at the SC Congress Security Conference and Expo, the show's big closing number was an on-stage simulation in real time of a cyber attack, which I live-tweeted from @cwceditor. Here's How it played out, with Terry Cutler from Novell and Dale Tidd from Defilaide as the main characters.
Cyberwarfare demo at SC Congress in 10 minutes. Warmup music: Won't get fooled again.
Or is it the theme from CSI: Miami? I'm never sure.
A BlackBerry isn't great for tweeting when your eyes are bad and your thumbs are big. Apologies in advance for any typos.
Terry Cutler from Novell apparently about to go on.
Cutler: infiltrate any company with an infected LinkedIn request. Not sure I heard that right.
Cutler: nobody's robbing banks anymore.
Cutler: Lots of information for hackers from business cards
Cutler: crack a user.s log in, escalate to admin, install exploit, hide your tracks.
Cutler: hackers will harden a system against other hackers
Dale from Defilade: raise your hand if you've attacked a bank
Dale: wouldn't security posture improve if every IT pro, not just security, understood basic hacking techniques?
90 pc of IT pros have never conducted a hands-on attack.
Defilaide's cyberwarfare battlefield environment about to be demoed.
Using Core Impact on attack machine.
With poisoned LinkedIn request, downloads all the passwords in IE.
Sends e-mail from compromised account to CEO telling him to install patch.
Tip: don't click on LinkedIn messages from web mail; check the LinkedIn account
Now a pass the hash attack. Not what it sounds like.
Passes hashed log in to a server like a regular windows login to sql server.
Watching 19K cc numbers being downloaded. Fake, I'm hoping.