There's been a lot of useful information here at HP Discover in Barcelona, and we've been spending a lot of time focusing on security related topics. Today we attended a session presented by Andrzej Kawalec, CTO of Enterprise Security Services at HP, entitled, "How to Steal 60 million dollars in 60 seconds," and the information was quite interesting.
He started the presentation by discussing the Great Train Robbery of 1963 in which 16 men hijacked a train and made off with the equivalent of $75M. The attack was conducted by cutting all of the local phone lines and then rewiring the line signals, forcing the train to stop. The bandits then quickly unloaded as much money as they could and laid low at a farmhouse for awhile. Most were eventually caught.
Kawalec then went on to explain that while most people think of cyber crime as being something perpetrated completely online, that it's becoming much more common for there to be an intersection between online and physical attacks. As an example, police recently uncovered an attack on a port in Antwerp, Belgium where drug traffickers hired black hat hackers to break into the port and provide shipping manifests and such so that the drug folks could move the drugs without being detected.
Another interesting example that Kawalec presented was a recent attack where hackers broke into a credit processing system and modified the withdrawal limits on several debit cards. The data was then sent to team members across 20 countries, forged ATM cards were created, and the criminals went from ATM to ATM across numerous cities, emptying the machines of their money. When all was said and done, roughly $45M was stolen. This was quicker and easier than directly attacking a bank, although many of the criminals were still caught in this case.
He continued to hammer home the point that the bad guys are all working together while enterprises keep to themselves. When a company identifies a vulnerability or breach, they'll attempt to fix the hole, but will not bring those details to other organizations that may also be vulnerable, allowing the bad guys to continue their reign of terror. HP is attempting to help the good guys work together with a program called Threat Central. The idea is that if companies anonymously share their telemetry data in real-time on what attacks they're seeing in the wild, the bad guys will have a harder time getting into the systems. It harnesses the power of ArcSight and sounds like it will soon integrate with Vertica and Autonomy to see the "big picture" quicker. The program is in a private beta phase currently, but more details will be announced at the RSA conference in February.
Overall the session was quite entertaining and informative, and we're looking forward to seeing what results Threat Central will be able to achieve.