I’ve talked before about the infamous Jeep hack, but there’s more to learn from it than just that cars are vulnerable. The way Charlie Miller and Chris Valasek hacked the Jeep has implications for any computer network.
What Miller and Valasek did was hack into the car’s entertainment system, which is connected to the Internet and, at that point at least, was accessible from the Internet. Once they were on that system, they jumped to other systems in the car, where they did various things, including exploiting vulnerabilities they found, changing firmware, and jumping around some more. They didn’t get everything they wanted at once–they jumped from system to system, getting part of what they wanted, or, if nothing else, getting better positioned to get part of what they wanted, eventually getting to the point where they could control things like the engine and the brakes.
Here’s what this has to do with corporate networks: Attackers probably aren’t going to come in through the firewall. They’re going to enter through a desktop computer, whether it’s through a weakness they find in a web browser or a plugin, the way the system renders fonts, e-mail, or a combination of the three. From there, they’re going to jump, slowly and patiently making their way to the servers, and once they find something they want, they’re going to jump around some more, finding a way to get that data out of your network and to where they can get to it.
I’ve described this scenario many times. Some people understand; some people dismiss it and say I’m being paranoid.
Miller and Valasek prove it’s not paranoia. That’s the way they work, and it doesn’t matter now whether the good guys learned it from the bad guys; what matters now is that the good guys and bad guys learn from each other and use most of the same strategy and tactics.
That’s why security professionals recommend putting workstations and servers on separate network segments with limited access to one another, and not letting workstations talk to other workstations at all.