|Main Archive Page > Month Archives > infosec-news archives|
By Robert McMillan
27 January 11
The US government has been stepping up its use of smart cards to help
lock down its computer networks, but hackers have found ways around
Over the past 18 months, security consultancy Mandiant has come across
several cases where determined attackers were able to get onto computers
or networks that required both smart cards and passwords. In a report
set to be released Thursday, Mandiant calls this technique a "smart card
The attack works in several steps. First, the criminals hack their way
onto a PC. Often they'll do this by sending a specially crafted email
message to someone at the network they're trying to break into. The
message will include an malicious attachment that, when opened, gives
the hacker a foothold in the network.
After identifying the computers that have card readers, the bad guys
install keystroke logging software on those computers to steal the
password that is typically used in concert with the smart card.
Then they wait.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.