Reprinted from CSO
Security dangers aren't always so clandestine. One of the most serious threats to your firm's security could be sitting next to you... in the airport departure lounge.
By David Michaux
October 18, 2006 — CSO —
Engineers from my company, a global security consultancy, have found documents and e-mails on public access terminals in airport departure lounges that could bring some global companies to their knees.
What began as a mixture of curiosity and boredom led consultants from our Dubai-based network security outfit to uncover a plethora of secrets left by globe-trotting executives logging on in between flights. While such senior figures possess high-level knowledge of their companies' affairs, many aren't equipped with knowledge of IT security precautions to match.
The average executive lounge offered to business and first-class flyers is equipped with a number of PCs that allow visitors open access to the Web. Each PC is installed with a standard Windows package that includes Microsoft Explorer, Outlook Express and sometimes Office.
As weary executives pull up to terminals, a sense of familiarity encourages them to behave as they would at home or in the office, and send an e-mail the same way. Why not use Outlook, just as they would at their desk?
But this could be a costly mistake.
Outlook Express is probably not configured to allow e-mails to be sent from such machines, so the correspondence simply moves to the system's outbox, where it remains indefinitely after the user clicks send. And if the system is configured to send messages, the e-mail that goes out is automatically saved to the machine's sent items folder. In either case, the message is ready for anyone to access at their leisure.
While traveling to meet clients, our engineers have found everything from intimate missives to mistresses (perfect for blackmail) to desktop-saved documents outlining multimillion-dollar deals, complete with profit margins and lowest bid values.
They also stumbled on something more sinister. Many machines, they found, are infected by Trojans
I remember a discovery I personally made while waiting for a delayed flight. As I was playing solitaire, I noticed heavy network traffic on the lounge machine's taskbar even though I wasn't using any network applications. After some delving, I was amazed to find Back Orifice 2000 (BO2K) as the culprit. It had been invisibly collecting my keystrokes and sending a record of them to a Hotmail account every 15 minutes!
I reported my findings to the lounge receptionist, who responded by explaining she couldn't take responsibility for the security of the machines.
BO2K is a well-known Trojan capable of taking full control of the machine it has infected. The perpetrator is able to view the machine's webcam, listen in on its microphone and watch a streaming video of its display, all in real-time.
Another lounge security lapse my colleagues found
The danger is that the CEO types who travel on behalf of their companies and use these lounges are privy to unusually sensitive data. This makes computers there a veritable gold mine, whether it's executives downloading attachments from their Web mail and leaving them on the desktop, or even deleting them afterward but not emptying the recycle bin before they get up to catch their plane.
What's more, execs who do take precautions are likely to be let down by the lounge's security itself, especially if a hacker has turned its machine into listening posts.
As airport lounges increasingly offer passengers wireless Internet access, existing Trojan problems are being eliminated. But as so often happens in the world of IT security, this new era will usher in a whole new family of network malignancies.
Until then, I've got a plane to catch&
David Michaux is the CEO of Scanit, a home and corporate security systems company with operations in Belgium, Dubai and Iran.