DarkVishnya: Did You Invite a Bank Robber to Lunch?

Thomas Phillips
Apr 10, 2019 · 2 min read
Image for post
Image for post

Robbing a bank is easy. You can do it in three easy steps: go inside the bank, find the money, leave with the money. And that’s exactly how DarkVishnya did it.

Two major facets of security are physical and information. Most people think of physical security as walls, doors, or windows. Those things make up the physical perimeter. However, like information security, the physical security inside is usually soft and vulnerable. If someone manages to get inside a big business, few people will question why they are there. As long as intruders look like they belong and do not act suspicious, people will ignore the intruders, assuming they are supposed to be there.

Anyone can be an intruder. It could be a stranger who wandered into a back door, or someone from a night cleaning crew, or even a regular employee who has gone into a room in which they don’t belong. What makes these intruders more dangerous is that miniaturized technology allows a physical intruder to surreptitiously install a bridge between the inside of a company’s network and the outside world.

Once a bridge has been installed, such as a device that connects the internal network to an outside network using something like a 3G data link, the IT infrastructure is left with a gaping hole to the outside world. Even worse, the external link bypasses the information security perimeter and cannot be monitored. That is how DarkVishnya worked. The bank employees trusted people inside the buildings, and the IT employees trusted computers inside the network.

A “no trust” security policy is always the best policy. If a person looks suspicious, investigate. If a device looks suspicious, investigate. And by all means, never trust the computers plugged into your network. Anyone of them could be that gaping hole to the outside world.

By Thomas Phillips, CTO at Ridgeback Network Defense, Inc.

Facebook — Ridgeback Secure

Twitter — @RidgebackSecure

LinkedIn — Ridgeback Network Defense

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store