The Naked Security blog had a post today about an Anonymous hack of an FBI-UK law enforcement conference call. This is just frightening on so many levels and obviously has implications for enterprise users who also want to keep their business away from prying eyes or ears.
It appears Anonymous hackers got hold of an email with the call-in details; the kind we all get when we are invited to participate in a conference call. In this instance apparently the hackers used the information to join the call and record it, a pretty chilling thought.
The question is how you defend against something like that. Well, for one, perhaps you give each participant a unique ID, and if more than one person tries to use one, it raises a red flag. Most companies probably don’t consider this because we are just trying to make it as simple as possible to call in.
But if you’re discussing strategy, new products or law enforcement; you have to take extra precautions, and these people clearly didn’t even take rudimentary security seriously.
The problem is you have an illusion that you’re secure, that nobody’s watching, but Anonymous has shown that its hackers are extremely resourceful and clever when it comes to getting at information they want.
Lest you think this was a prank or Internet myth and it didn’t really happen, according to the Naked Security blog post, the FBI actually confirmed that their call was hacked.
And as an IT Pro, when you look at security, you have to begin to think in worst cases such as this one, rather than most cases (where nothing happens and you have your conference and you’re done). But at the same time you need to balance the needs of your business users with the security you require. You can’t make it so hard to have a conference call, that nobody wants to do it.
Most business users shouldn’t have to jump through the same security hoops as say a crucial meeting or one set up like this example of law enforcement officials. When you’re discussing hackers, you might want to take some extra precautions.
But that’s not to say that you can dismiss security concerns in all other instances, only that law enforcement or anyone discussing sensitive information of any kind, needs to think about how to be sure that conversation is secure before you get on the phone.
What Anonymous has shown with this stunt is that it has great reach, and everyone in IT needs to be thinking about how to make their systems more secure. Clearly what we are doing now isn’t working and it’s going to take a concerted effort by some of the greatest minds in technology to change that.