Thinking Like a Terrorist | eWeek

Thinking Like a Terrorist

Verfasst von
Stan Gibson
Stan Gibson
Oct 22, 2001
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

The latest strategies IT managers are considering to protect their infrastructures from possible attacks go well beyond computer hardware.

Since Sept. 11, the scenario building has led security-conscious users down three distinct paths: securing facilities, data and, especially, people.

With mirrored facilities and data backups offering protection from outright attacks on buildings, the focus has shifted to the sorts of assaults with which users are more familiar—viruses and denial-of-service attacks—as well as more subtle attacks, such as infiltrating a large company with data saboteurs.

Social hacking, as it is called, is far easier than most companies are willing to admit, said Christopher Leach, a partner with accounting company Grant Thornton LLP, in Chicago, which performs security audits for clients. In a test for one client, Leach pretended to be a worker returning from a coffee run. With both hands full, carrying two dozen doughnuts and coffee, he requested help opening a door leading to a secure floor and got it from an unsuspecting worker. “They didnt know me from Adam,” he said.

Another social hacking ruse is to call in pretending to be the spouse of a sick employee who has security clearance and request a password on behalf of the spouse. Leach tried this successfully at a different company. “Both companies had policies in place, but they werent paying attention,” he said.

“You have to make sure that everyone is checked in and checked out, including vendors and consultants,” said Paul Tinnirello, executive vice president for a leading information provider in the financial services industry and an eWeek columnist.

“Sixty to 70 percent of attack vulnerability resides in the people area,” said John McCarthy, director of critical infrastructure services at KPMG, in Washington. McCarthy also said that most social hacking breaches are a result of not following correct procedures. “It has to do with people putting passwords on sticky notes and putting passwords into e-mail traffic,” he said.

Although dealing with hack attacks and viruses has become commonplace, many companies are more alert to these threats in the wake of Sept. 11. “I asked my staff, How does someone get into this company electronically? I want to shut all the windows and doors,” Tinnirello said.

Some of the proposed solutions can be Draconian. “The most obvious thing to do is to shut down your e-mail system and use it only for internal use,” Tinnirello said. He also suggested that companies might consider shutting down Internet surfing by employees.

“Nimda scared the living daylights out of us. It was just a nuisance infection that had a salvo of four or five viruses in one,” said Tinnirello. “Destructive variants are a given.”

While experts remain vigilant for new virus strains, Leach recommends strictly adhering to the practices of keeping virus scanning software up-to-date and making sure backups are done.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.