The Computer Emergency Response Team has been dealing with the steady drip of undisclosed vulnerabilities leaking from its information-sharing network. It’s a problem faced by most enterprises: controlling access to and distribution of confidential data is akin to patching old, leaky pipes–nearly impossible. The hacker “Hack4life” has pierced CERT’s information plumbing, gleaning five previously undisclosed vulnerabilities for which CERT was developing advisories. Shawn Hernan, CERT’s team leader for vulnerability handling, denies the organization was hacked and won’t discuss its strategy to plug the leak. However, he speculates that the source is one of the vendors it works with to patch vulnerabilities, through either a malicious insider or compromised network. CERT’s circumstances aren’t uncommon among enterprises. Hackers frequently use stolen data to extort hush money from companies, or to publicly embarrass their victims. Hack4life says his primary motivation is to embarrass CERT. The situation is similar to one faced by Ron Baklarz when he worked for a large northeast insurance company. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.