The hacking of Evil Corp a dastardly deed

On Feb. 9th Synercomm presented their “Hacking of Evil Corp” event, which was a simulated live cyber attack from the attacker’s point of view.

ISSA, the world’s largest nonprofit information security organization, and Gustavo Hinojosa, a member, MATC graduate and current student, hosted the event. The two-hour interactive event was very informative, and gave spectators a realistic behind-the-scenes look at how attackers can compromise a system.

The demonstration lead by Jason Lang, senior information assurance consultant, at Synercomm was very thorough. Lindsey Becker, cohost of the event, and graduate of MATC with an associate degree in IT, went on to obtain a bachelor’s degree in business administration from Cardinal Stritch University. Becker said, “Social engineering threats are the biggest ways computer systems are compromised, especially if they get you to give up pertinent information. The best protection initially is a very strong password that has more than eight characters. Even then it only takes a competent hacker less than two minutes to compromise your system. I recommend the use of a password vault like KeePass, or use at least 14 characters.”

Lang describes his job and typical day as follows, “ If I am actively working on a project, the work might include something as simple as running a vulnerability scan and reporting on the results, but usually it involves penetration testing. This means I get to use tools and techniques to hack the client’s network, then report back the results on how it was accomplished. A typical day might involve creating and sending a phishing campaign, then using the resulting command and control sessions to see if we can steal data.” Lang said this is all authorized by the client ahead of time. He added, “if we don’t have an active project, we are always authoring new tools to try and make our work more efficient.”

  Most sales staff at companies are taught to make and keep the customers/clients happy to a fault. They are not taught how to defend the company against evil hack attacks. Hackers know this and choose to enter the company through stealth emails sent with innocent looking attachments to sales or service staffers. Once in, hackers can create all sorts of havoc, and they love it. They often do it just for sport, or just because they can. Hackers are getting more creative and are asking for rewards, some are holding company data hostage and demand ransom payments to return the data.

Recently, Hollywood Presbyterian Medical Center in California experienced an infiltration of their system, and their network was disabled using “ransomware.” Their administrators decided to pay roughly $17 thousand to get their data back. The best protection from having this experience is to back up your data frequently. Synercomm provides assurance, validation and risk analysis for all aspects of an information security program.

When asked about the current job market in IT security, Lang responded, “From what I know, there is a negative unemployment rate right now in information security worldwide, and it’s only expected to get worse with the retiring of the baby boomer generation. I recommend internship programs for those interested in getting into the field, because they will most likely be with an enterprise and help you get your feet wet with a large organization.”

Students are welcome to attend the ISSA meetings held the second Tuesday of the month at the New Berlin Ale House from 3 to 5 p.m. These meetings are good for networking, and may lead to job opportunities.