There was a time when a hacker needed exceptional computer skills to breach a system. Only the most talented and experienced computer users could successfully bypass even the most minimal security provisions. Sadly, those days are gone. Recent investigations have revealed a disturbing trend: the availability of readily accessible hacking-made-easy tools has swelled the ranks of effective hackers. Now, an amateur with a grade-school computer education can often hack a poorly defended business network in minutes after downloading a free hacking template.
This alarming news should serve as a wake-up call for franchisees to increase their IT security vigilance. Novice hackers everywhere are now standing on the shoulders of computer geniuses, giving them the expertise to hack into systems and steal sensitive information that was previously beyond their reach.
A Disturbing Trend
Internet criminals already use a wide variety of hacker tools in their efforts to steal your sensitive information. On a recent compromise investigation, our forensic team found a particularly troubling hacker tool. After gaining access to the victim's network (through insecure remote access) the hacker installed a template that was downloaded from the Internet. This template contained preconfigured applications designed to "walk" the attacker through the steps of hacking the network. The template included features such as dropdown boxes that prompted the user to choose the desired technique to crack passwords, and the method to install a "backdoor" to enable the hacker to easily return to the compromised system at their pleasure. No longer do hackers need to write long strings of complicated code; rather, they simply make their selections as if ordering Chinese food from a menu.
Who uses hacking templates?
Because they lack the technical expertise to write their own hacking code, or scripts, novice hackers (called "Script Kiddies" or "Skiddies") rely on sophisticated templates that contain pre-made exploit code. Because of the rising availability of these packaged scripts, the number of hackers attempting to illicitly access your network is growing rapidly. Even though these hackers may be amateurs, their success rates are increasingly high, largely because small merchants and franchisees often lack the substantial perimeter defenses to keep them out.
Make certain your firewall is doing its job. In addition to filtering inbound system access, it also needs to protect your credit card processing environment from the rest of your network. If you or your employees visit Facebook, order uniforms, or do anything online unrelated to your payment application, your firewall must segment your payment application from all other devices that connect to the Internet. By segmenting (or quarantining) your payment-processing environment, you create a "safe zone" that limits the opportunity for hackers to get to your customer credit card information.
Firewalls can tell a story
Forensic investigations frequently reveal a consistent problem: a lack of logging. Most merchants are unaware that when they un-box their new firewall (or any Windows system) the device is not automatically set up to record activity logs. Firewall logs allow you to monitor attempts to access your network, and they can be an early-warning system that your network may be under attack. Unlike e-commerce environments where customers access merchant servers from infinite IP addresses, franchisees can configure the segment of their firewall that protects credit card information to communicate only with the payment processor. The Payment Card Industry Data Security Standards (PCI DSS) require merchants to maintain at least 90 days of firewall logs stored on their system, and 12 months of logs stored offline.
While firewall logging is essential, if logs are not regularly reviewed, you may miss the opportunity to stave off an attack before serious damage is done. Make a practice of reviewing firewall logs every day at work. Ask yourself, "Is this normal traffic or is someone trying to get in my system?" If you see anything suspicious, immediately contact your IT professional or security specialist. If the thought of reviewing activity logs is intimidating, instruct your IT consultant to perform the reviews and report the findings to you.
Another invaluable defense measure is to look for system files that have been changed from their original state. Hackers will frequently modify, corrupt system files, or name hacker malware after legitimate applications. There are many software programs that automatically analyze your system files and look for evidence of manipulation.
Without effective perimeter security, more businesses will be attacked and compromised by amateur hackers. It's no secret that business network security problems are mounting. If you are vigilant with your firewall, log reviews, and system file comparisons, you just may prevent your business from losing sensitive data.
Note: These recommendations do not constitute a comprehensive IT security regimen. They must be employed along with all security measures outlined in PCI DSS.
David Ellis is director of forensic investigations for SecurityMetrics, a leading provider of PCI data security solutions. Contact him at 801-724-9600 or visit www.securitymetrics.com.