I caught up on Mr. Robot this weekend — in the show, hacker Elliot Alderson works with a Chinese hacker to hack the world’s largest corporation. While watching, I tried to understand how the recent agreement between President Obama and Chinese President Xi Jinping to prevent cyberattacks on each other will make a difference?
Mr. Robot, for those you have not seen it, is a hacker drama that follows Elliot Alderson, a security engineer who works for a cybersecurity firm. Elliot has all sorts of social problems — so he connects with people by hacking them and tries his best to do good by acting as a “cyber vigilante.” He believes that the rich are out to get the middle class, so he is involved with a team of hactivists known as “fsociety,” whose mission is to cancel all debts by taking down the largest corporation in the world — E Corp, a corporation he refers to a “Evil Corp”…and you can guess what that refers to in real life.
Working in cybersecurity myself, I can say that the producers have done a great job illustrating the nature of today’s attacks. Both Mandiant and Verizon have stated that compromised credentials are the number one reason for cyberattacks, and if those are not entertaining reads, then Mr. Robot is a riveting validation. Most of the hacks in the drama are simple passwords to end-user accounts to compromise a user — then the hacker installs malware that eventually finds a gap in the network to install malware on servers in the datacenter. Mr. Robot shows again that stealing credentials from IT staff is the easiest way into the organization’s data.
What can we learn from Mr. Robot?
So what can Mr. Robot teach us about the US-China pact? The drama is a great example of the frenemy model — hackers are working with other hackers, not trusting each other, not knowing what the others are up to, and nobody knows if they are pawns in the hacking game in which there are no “rules.” With WMD there were at least physical inspections that could be done. But hacking is an extreme form of terrorism that cannot be tracked. It’s a complicated relationship, showing that the cyberwar is far more complex than the cold war era, or the recent war on terrorism. Would we even be able to attribute a hack to China? Maybe not.
So is it a good deal for US corporations that the US and China are working together? It can’t harm in my opinion — the very point that both countries are talking is an important signal to the world. But will this agreement really ease the number of hacks from China? Maybe (though recent reports suggest China is still hacking US corporations). But if you review the threat landscape and the major causes of breaches, it’s clear that US corporations need to safeguard themselves regardless. All of the next generation firewalls and perimeter-based technologies are really not going to have any impact on stopping these guys. Why? Because the hackers are actually not breaking in that way — they are compromising credentials. Mr. Robot’s Elliot walks into the datacenter with credentials of an IT worker, he doesn’t break through their firewall. Identity is the next defense for cyberwar.
How to protect against identity-based attacks
By focusing on security for end-user and privileged accounts, we can prevent these types of attacks. For end-users, reduce the attack surface by implementing technologies like SSO and MFA to substantially remove authorized access and non-human logins that hackers will attempt. For privileged accounts in the datacenter, implement least privileged security to lock down what privileged users can do. Notice these are not more firewalls and other common security measures, instead this is the new layer of security – Identity.
To see what Bill Mann has to say about tools and best practices for identity management, listen to this podcast.