Is Your Webserver a Double-agent?

Tuesday, 08 January 2013 / Published in Woo on Tech
Rogue Server

Over the past four months, many of the Western world’s largest banking institution websites have been under attack by a well-organized and funded cyber “brigade” that is allegedly part of the US-branded terrorist group “Izz ad-Din al-Qassam” – the military arm of Hamas. Aside from the publicly-stated political agenda motivating the attacks, little else was known about how the attacks were being carried out. Security analysts believed that rather than using large numbers of zombified consumer computers, this series of attacks were actually being powered by a smaller number of more-powerful webservers.

Security firm Incapsula confirmed this theory after recently discovering that a single UK webserver was behind a most recent attack on PNC, HSBC and Fifth Third banking websites. The server had been compromised with a simple backdoor program that allowed a remote operator to launch DDoS-style attacks using a simple, light-weight interface that may have been operating for months unbeknownst to the host or the server’s legitimate admin. Even though it was a single, relatively small server, it was capable of crippling websites of major financial institutions.

What this means for you:

The server in question wasn’t compromised using some sophisticated exploit, brute force attack or clever social engineering. According to Incapsula, the server was using an easily guessable admin password that resulted in an effortless and undetectable security breach. As consumer technology has become more accessible, so have server-class platforms that can be rented out by anyone with a credit card, and typically can be set up in minutes with only a rudimentary knowledge of server administration. This results in situations that look a lot like handing a powerful weapon to someone who has only been given very basic instructions on which end to hold and which end to point at the target. However, in the hands of a skilled hacker, a small “team” of compromised webservers is the equivalent of having a small special forces team operating behind enemy lines. Bottom line – if you have servers in your technology portfolio that aren’t being managed properly, your own technology might be waging an invisible war right under your nose.

Image courtesy of “renjith krishnan” / FreeDigitalPhotos.net