BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

CIA WikiLeaks Breach Reinforces Need for Integrated Privilege & Vulnerability Management

March 9, 2017

  • Blog
  • Archive
CIA Wikileaks Breach There is no computer system that is immune from a cyber security attack. Even if it is powered off, in an isolated room, air gapped, and monitored 365x24x7, the information contained within that system can be stolen. Such is the case with the most recently publicized breach against the CIA where the stolen data contained classified, mission critical information that outlines how the agency conducts cyber surveillance. Per NBC news, only 1% of the information stolen has been published by WikiLeaks online, but the contents are extremely damaging to say the least. This is the latest breach that highlights that no organization, person or government is safe from a cyber-attack, but there are steps we can take to mitigate those risks.

Background on the breach – key questions

While details emerge from the breach outlining clandestine techniques for collecting information, ranging from cell phones to televisions, the clear message to take away from this breach is that any connected device can be used for surveillance. While it is illegal for the CIA to use these techniques against United States citizens on sovereign soil, they can be used elsewhere at any time, and in virtually any place. The CIA was aware that this breach occurred at the end of 2016, but only now is the public becoming aware of the breach and the hacking techniques used for intelligence. Given the magnitude of the breach, citizens and organizations are asking some very basic questions:
  • How was this data stolen and by whom? Was it an insider or an external attack?
  • Were the techniques used by the CIA repeatable by hackers?
  • Can I protect myself from hackers that copy-cat the exploits?
  • Was this another case of a state sponsored attack?

For consumers – how vendors are responding

While this story plays out in the media, there are steps that vendors are taking to prevent continued data collection:
  • Per Apple, the clear majority of techniques against iOS (the operating system used in iPhones and iPads) have been patched in the latest version. Apple recommends making sure your devices are using the latest version.
  • For Samsung, the story is grim. They are investigating how SmartTV’s can be compromised, have no patches, and recommend disabling Internet access until this is resolved. They have even acknowledged that Samsung SmartTV’s that are turned off can still be leveraged.
  • It is unknown if other Smart TV manufacturers are affected, but recent allegations and settlement against Vizio suggest the problem is much wider spread.
  • For Android, the story is even more bleak. Due to the fragmentation of the Android market, it is unclear the threat per manufacturer and which carriers have distributed these patches to devices on their networks. Older devices (i.e. Android 4.x and lower) are the highest risk. Unfortunately, there is no clear recommendation for these devices.

Best practices for corporate and governments agencies

For corporate and other government infrastructures, the recommendations fall in line with well-established security best practices:
  • Monitor all privileged account activity and implement a password management solution. The CIA is trying to determine who had access to this volume of data and when. Even if it was an external attack, privileged access had to occur at some point to extract the information. There should be a record of this privileged activity by an insider or external actor. Businesses should consider monitoring all privileged activity to sensitive information and remove all administrator and/or root privileges when possible.
  • Apply the latest security patches to all operating systems and infrastructure. If an exploit was leveraged against mission critical systems in the CIA, and they were not compliant with the latest security patches, this represents an attack vector that could have been mitigated. If the hack used a zero-day vulnerability (a previously unknown exploit), then application control could have helped mitigate the threat. Regardless, privileges to the data would still need to be obtained; even from an exploit that elevates privileges.
Considering the magnitude of the breach, and the sensitivity of the information, it is clear that current security solutions failed at the CIA. For everyone else, education, secure processes and protecting sensitive information should be at the forefront of everyone’s mind. If you need help understanding how to protect privileged access or identifying missing security patches, BeyondTrust can help. To get started, try a free scanner for all of your Internet of Things devices – it will give you a report on patch status and whether or not there are old passwords that need to be changed.
Photograph of Morey J. Haber

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.