DarkVishnya: Did You Invite a Bank Robber to Lunch?

Robbing a bank is easy. You can do it in three easy steps: go inside the bank, find the money, leave with the money. And that’s exactly how DarkVishnya did it.

Two major facets of security are physical and information. Most people think of physical security as walls, doors, or windows. Those things make up the physical perimeter. However, like information security, the physical security inside is usually soft and vulnerable. If someone manages to get inside a big business, few people will question why they are there. As long as intruders look like they belong and do not act suspicious, people will ignore the intruders, assuming they are supposed to be there.

Anyone can be an intruder. It could be a stranger who wandered into a back door, or someone from a night cleaning crew, or even a regular employee who has gone into a room in which they don’t belong. What makes these intruders more dangerous is that miniaturized technology allows a physical intruder to surreptitiously install a bridge between the inside of a company’s network and the outside world.

Once a bridge has been installed, such as a device that connects the internal network to an outside network using something like a 3G data link, the IT infrastructure is left with a gaping hole to the outside world. Even worse, the external link bypasses the information security perimeter and cannot be monitored. That is how DarkVishnya worked. The bank employees trusted people inside the buildings, and the IT employees trusted computers inside the network.

A “no trust” security policy is always the best policy. If a person looks suspicious, investigate. If a device looks suspicious, investigate. And by all means, never trust the computers plugged into your network. Anyone of them could be that gaping hole to the outside world.

By Thomas Phillips, CTO at Ridgeback Network Defense, Inc.


Facebook — Ridgeback Secure

Twitter — @RidgebackSecure

LinkedIn — Ridgeback Network Defense