Jason Jordaan: Hacking: no tools required
Corruption is so prevalent in countries like South Africa that criminals can easily access networks with no hacking tools needed, delegates heard at day two of the ITWeb IT Security Summit 2014.
Jason Jordaan, head of South Africa's cyber forensic laboratory special investigating unit, noted that while the standard security paradigm is "us on the inside behind a wall, and the bad guys on the outside", the reality is that the human element inside the organisation weakens the entire security infrastructure.
"Hacking the human is easy, because we are fallible," he said. Jordaan pointed out that corruption is pervasive in South African society, and that organised criminals use corruption as their basic model for operations.
Organised crime simply makes use of the human element, he said, noting that where social engineering fails, it is relatively simple to use corruption to gain access to enterprise networks and data. "No real hacking tools required, and corruption is a silent crime, so it's harder to detect."
"Everybody has his price," Jordaan said. "Whether that price is money, benefits, or even threats to a person's family, criminals can target key individuals and find their price quite easily."
Jordaan cited a case study of a recent breach of a critical state financial system, in which a systems administrator was paid R10 000 to install key-loggers to steal government user credentials and give criminals access to the financial system. Over R11 million was stolen in around three days. "This case is still in progress, but the upshot of it is - this guy sold his soul for R10 000."
Hacking the human is easy.Jason Jordaan
Mitigating the human element risk isn't easy, Jordaan told delegates; however, there are measures to reduce the risk. "You need to know your people well, and be alert to changes in their behaviour or lifestyle. You also need to keep them happy, and strive to instil a strong culture of ethics throughout the organisation."