accessed through a 128k DSL line. Should take QUITE A WHILE to download all of that!
I agree that security is a major issue, but the size "quandary" keeps people from making too big of a dent. Even with a 1Mb link - how much data can you expect to download (before you get noticed)? Companies like Company 'F' have hundreds of terrabytes of data - you want to download it all - or spend time sifting through it?
The chance of stumbling upon critical data is not very high. Grabbing passwd files is interesting - you "own" their network - but you still face the daunting "size" problem.
The biggest problem is either having a PC stolen that had critical data on it (STUPID - should be on servers) OR some employee coming in with an external 1.5Tb USB drive . . .
Zone-H.org is reporting that the Slovak National Security Office was hacked hard by a group of crackers interested in demonstrating that the Slovak "NSO doesn’t know the meaning of the word Security". The crackers reportedly got access to "20 gigabytes of emails, internal documents, directives etc" along with administrative passwords of critical servers to the desktops to the Cisco Switches and Routers. The Slovak NSO used the username "nbusr" and the password "nbusr123" on all of their servers and appliances with administrative privileges which was easily guessed by the crackers in the first few attempts.
Though the Slovak NSO tried to downplay the incident by saying that the breach was limited in scope, Slovak television JOJ reporters communicated with hackers and confirmed that the breach was much broader. To prove their point, the crackers released the detailed configuration file for one of the NSO’s Cisco 2950 switches which means that the crackers effectively own the NSO network inside and out. In this case, the attackers were simply trying to make a point since they’re the ones that reported the breach but it could have just as easily gone unreported if these had been malicious hackers.
The lesson here is that hacking in to a Business, Organization, or Government network is relatively trivial and a lot more needs to be done to strengthen security. Most US based Government agencies received low or failing grades in recent years and a British man recently hacked hundreds of computer at the Pentagon, Army, Navy, and NASA from his bedroom in London. It further illustrates the need for strong authentication and cryptographic tokens and that passwords for the most part useless for good security. Cryptographic tokens such as USB dongles or Smartcards allow users to share the same physical token for all Servers and Appliances as well and are relatively easy to manage and are extremely difficult to hack.
