In March of this year, the RSA Conference was held in San Francisco. During that conference, security expert Ira Winkler belittled the hacking skills of the Syrian Electronic Army (SEA) and called them “the cockroaches of the Internet.”

Brian Krebs is now reporting that soon after Winkler’s comments were posted online, the SEA commandeered the RSA Conference website.

SEA-RSA

How did they do it? They determined that the RSA Conference website was hosted by a third party provider which used an analytics package called “Lucky Orange.” Lucky Orange communicates with a server hosted by codoro.com.  The SEA spearphished the employees of the codero.com by impersonating the CEO of the service.  Through the spearphishing ruse, a person in the hosting organization was tricked into compromising his credentials.  With the credentials in hand, the SEA changed the DNS records which permitted the SEA to deface the RSA Conference site.

In a cruel ironic twist, the CEO of Codero observed that the techniques used by the SEA were outlined in Winkler’s presentation.

Bad guys frequently gain their initial toe-hold using spearphishing.  Spearphishing is an easy and highly reliable way to compromise systems by deceiving people into making bad email decisions. In the Iconix system, employees use SP Guard to make better email processing decisions.  Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.