Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

French Mobile Phone Hack Due To Insider Fraud

Imperva : 30 September, 2010  (Technical Article)
Consequences of failing to protect critical data from being abused by insiders illustrated in mobile phone hack discovered in France involving illegal online sales of SIM card unlock codes
Reports are being released that French police have arrested a ring of mobile phone hackers involved in fraud worth millions of Euros. Nine people have been arrested, including employees of mobile phone companies.

The French fraudsters were buying codes to unlock victims' SIM cards for €3 from employees of mobile phone companies who had access to the companies' databases. They then sold the codes online for €30. Using these codes hackers could access any SIM card - even overseas SIMs - with their own mobile phones.

According to Amichai Shulman, CTO of data security specialist Imperva, "The employees did not hack into the database; it was an internal attack where they abused normal functionality and privileges granted to them. This was probably a case of over privileged users as these employees probably should not have been granted access to that data in the first place. In this scam, employees sold codes so that actual fraudsters could actually use these codes to make money. This gang has been operating for around 10 years. Not ironically, 10 years ago database security, access controls - all were very new concepts. The Telco companies would probably have put into place a very initial, raw access control policy back then and not updated in the past years when these companies turned into huge enterprises."

"I don't believe that many employees start working with an organisation with an initial intent to steal data; rather, they are usually approached by someone else who can use the data for nefarious purposes. So the real malicious person who is usually part of an organised criminal gang makes the big money, whilst the laymen takes the blame when caught and is poorly rewarded compared to the risk involved. It is down to the organisation to monitor and control access to sensitive data to prevent this type of insider fraud," continued Shulman.

Shulman commented, "A database activity monitoring system that looks at the rate at which data is taken out of the database would have detected this problem but it is not enough to have a simple monitoring solution because the access to the database is usually through an application so you need to be able to maintain end to end visibility through all the different tiers. The system should alert on any abnormal amount of data retrieved from the database and also apply geo-location analysis and alert on an illogical access to database by a user who should not be accessing the data so many times or retrieving a large number of details in a single session."

The reason you need end—to-end visibility is because users connect to a database via an application, the application accesses the database through a pool of connections using a single account. If you only monitor the traffic between application and database server you see a single account making all the access requests so you cannot distinguish between individual application users and cannot say whether this number of records accessed is ok, so you need to maintain end to end accountability.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo