Source Code is the New Hacker Currency

No doubt you’ve been paying attention to the data breaches pile up lately… but have you noticed a trend? 

If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you’ll notice one thing that shines like a neon sign.

“Source code” is the new hotness on the hacker market.  It’s quite interesting to see this evolution primarily because many of us are used to defending the ‘endpoints’… because that’s where the data is, right?  I think we may be seeing a shift here. 

“There are no borders”

For many years now, much like you I’ve been reading articles and hearing talks about how the enterprise attack surface is fractured and splintered – causing an ever-increasing opportunity for breach from the bad guys.

For the record, I don’t disagree… but there’s this subtle point that’s been quietly going largely un-noticed.  Attacking endpoints may get you at end-user data… but its in exploiting these endpoints as stepping-stones that will get you into the inner sanctum of an organization where the real good stuff is kept tightly locked up (or so we would hope). 

So the idea of a borderless enterprise is scary for multiple reasons: valuable data walks out with the various gadgets a user may have, and exploitation of those end-points will likely lead to a larger, much more serious compromise.

“Work Anywhere, Any Time”

Much to the painful grin of IT managers, management wants the ‘network’ to be everywhere.  Some companies go as far as to let employees bring their own devices and allow them to work from those devices. 

Pulling at the extensions in the network is the continually expanding need for people to be able to work remotely, effectively, and at any time.  Interestingly enough the extension of applications that have traditionally been installed as binaries on the corporate desktops to web-based applications accessible through a browser has caused serious issues for enterprises big and small. 

That mainframe application was quite good at user control, access provisioning, and so on – but once you turn it into just a database and abstract the access controls to the logic which runs the web application… all bets are off.

It’s All About the Source Code

Looking at these opposing forces, and factoring in recent high-profile breaches … it really does seem to be all about the source code.  Specifically it’s all about the secrets behind some of the more compelling software that runs security solutions on grand scales. 

RSA was attacked and source code was presumably stolen because millions of users world-wide use their tokens and access control mechanisms to gain access to corporate resources and highly guarded corporate secrets. 

Think about it… how much more sense does it make to concentrate your energy, as an organized attacker, to penetrate and pilfer a security vendor so you can then either find flaws in their source code OR use that source code to understand their systems better?  Answer: a lot.

The reason we’re seeing security companies as a big, bright, shining target recently is attackers finally had that “light bulb goes on” moment where someone realized that they were sick of hitting each target individually – and wanted a way to hit millions of high-valued corporate safes all at once, potentially.

Think about that.

Now think about where your source code, your organizational secrets, are stored.  They’re on desktops, laptops, servers, tablets. and if you’re really unlucky even on PasteBin.net (remember PasteBinFail?)… my point is that the source code that governs the security solutions is the next target.

So if you are a developer or consultant or in-house programmer and if you’ve got source code which stands between an attacker and a customer or a target – check your systems.  You may already be a statistic.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: