| For less than a pound a security expert has got front-door access to a council's internal network. |
- Andrew Mason from security firm Random Storm bought some network hardware from auction site eBay for 99p.
- When he switched it on and plugged it in, the device automatically connected to the internal network of Kirklees Council in West Yorkshire.
- He expected that the device would need network settings to be input but, without prompting, it connected to the last place it was used.
- A connection such as this allows privileged access to networks. In the wrong hands, such as criminally-minded hackers, it would allow them to conduct reconnaissance and find out if the network had any vulnerability worth exploiting.
- A Kirklees council spokesperson said: "The council is deeply concerned with this report but is confident that multiple layers of security have prevented access to systems and data.
- Clients are told to remove data such as passwords and connection details from devices like the VPN server, which has no such mass storage.
- Robert Winter, chief engineer of data recovery at Kroll OnTrack, said that sensitive data that leaked out from a company could easily prove damaging in the wrong hands.
- "Every company should have a proper data disposal process," he said. "I don't think there's any reason why a company would not have that in place now."
| |
