Smart Card Authentication Cracked by Hackers

Saturday, January 29, 2011



Security consultants from Mandiant have identified techniques that have been employed to breach security on government systems that require the use of smart cards and passwords for authentication.

The security consultants have completed a report which which details several instances of unauthorized access to government networks using a method termed "smart card proxy".

The technique is similar to those used to bypass online banking authentication protocols, and has multiple steps:

  • The hackers typically use malware tainted emails aimed at individuals who have access to the target network to gain control of an agency PC.
  • After scanning the network to identify computers with card readers, they install keylogging software to steal passwords used for smart card access.
  • When the smart card is inserted into a compromised PC, the hackers use the opportunity to attempt to access the server. When the system requests a digital token, the attackers redirect the request to the compromised PC, which provides the token and password stolen with the keylogger.

Mandiant, which specializes in cleaning up the aftermath of a system hack, says that the majority of clients were breached by way of infected email attachments.

Other clients remained vulnerable to hacks that may have been years old, but that had never been fully cleansed from the network and then are exploited at a later date.

Mandiant suggests that companies and government agencies that use smart cards, or any other authentication system, not assume that good security means a network is impenetrable.

"Everything is circumventable in the end," says Mandiant's Rob Lee.


Possibly Related Articles:
Email Authentication malware Networks Headlines Smart Cards breach keylogger
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked