How do you know when your system is hacked?

Matt Tett

Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at blog at and can be found on twitter as @enextestlab.

One thing that I have been pondering recently is how a typical individual knows their system has been compromised.

With the daily bombardment of security alerts, patches, updates and general information regarding products, it is easy to simply tune out and go with security by obscurity—what could the bad guys want from me?

On top of the volume of update information to sort through is the marketing and scaremongering undertaken by those who stand to gain from selling you “protection”.

The other point to bear in mind is what does the term “typical individual” even mean? Technically no one is typical. Particularly with infinitely customisable technology and a plethora of platforms end-users have at their disposal. There are so many vectors for those with nefarious intent to gain a foothold on the system. In effect, there is no single system that can really be compromised.

Every piece of electronics with a processor that any of us interface with on a regular basis is a potential platform that could be compromised. And with more technologies connecting to the Internet, the greater risk they could be used for tasks of which the owner is unaware.

So beware grandma, that new programmable sewing machine that connects and downloads fancy embroidery patterns from the net may turn into a psychotic finger puncturing tattoo machine. Worse still, it could join up with a global bot-net of compromised sewing machines to take over the world. Needle-net? Add to that fear of being locked out of your internet connected smart-fridge so you cannot access your food, your smart-TV might lock on and only play re-runs of I Love Lucy, while your climate control may set itself to 50 in an attempt to aid global warming.

Yes folks, it’s the beginning of the end. Where is my A-board? “The end is nigh!”

Of course, with each of these scenarios it becomes obvious when the technology has been turned against our will. Therefore a simple flick of the power switch, call to the help-desk, and the problem is resolved.

No the compromises that we really need to concern ourselves with are the ones where the thieves steal in and out without detection. So while some burglars are great at picking locks or stealing your camera—at some stage, it will be noticed. Unfortunately data is not a “physical” property, and is readily copied. And, if the thief is skilled in their craft they will essentially break into the system as an authorised entity—with very little risk of being detected.

“So what”, you say. “I have no data of value!” But your identity alone is valuable to those who are in the business of stealing and re-selling (over and over) personal details, be it for marketing purposes or to criminal organisations that use it for far more sophisticated commercial crimes.

Alternatively, in this age of highly connected, always on, ubiquitous network access, criminal organisations create “bot-net” armies of compromised systems which they use to steal owners’ data/bandwidth and computing/memory resources to either shuffle data anonymously between systems or to use for threatening Distributed Denial of Service (DDoS) attacks against organisations (a new form of blackmail, or commercial/corporate espionage).

Take some time to consider the latest smart device in your kit, (phone, tablet, hybrid etc). What happens if that is compromised and everything is logged and sent off to the bad guys to sort through, every keystroke, every image, every site? Perhaps that device is taken into your workplace and connected to a system—Bluetooth, WiFi, USB and so on? This is one of the reasons the security team at your organisation is carrying on about Bring Your Own Device (BYOD) they have already lost the network perimeter, now they are losing the platforms.

So the focus comes down to protecting the information and in particular, information that takes the form of electronic data. Classification is a key requirement, sorting out what is, and isn’t, worth protecting. What level of protection needs to be afforded to it to keep it away from the bad guys? Ownership is also a critical step to ensure that those responsible take ownership of their electronic information data, as much as their physical information, locked away in vaults and filing cabinets.

This way when the compromises do occur they can be relatively contained. The secret is detection and knowing when something has occurred at a level that warrants investigation.

Effective control of the breach is also key—rather than an outright head in the sand attitude, “this isn’t happening”, or arrogance “we are impenetrable”. If you are setup to be “impenetrable” then you must have a very big secret that everyone will want to know, and be willing to spend big to keep it—or you just don’t know the value of what you are protecting and have over compensated.

So how do you know if your system(s) have been compromised? How about you assume they already have, and think about what tasks you are doing with them, from a personal and work perspective.

Think about the information you are handling or creating, and how you would classify it, who is responsible for it, and what they stand to lose if it was disclosed or made generally public. Some things are minimal while others will be off the scale. Help your security guys to gain awareness of the value of your information so that they can articulate that to their bean-counters in real-world terms.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Show Comments