AT&T Hacking Link To Terrorists Must Shake Up Security Professionals

AT&T

Reports that AT&T’s accounts system has been hacked – and the data used to make $2 million-worth of calls to premium rate numbers – should act as a wake-up call for IT security professionals everywhere.

The reason is that terrorists are reported to have funded the four men arrested in the Philippines in connection with the hack.

Although details of the database hack are still emerging, it seems that the hackers used the information harvested from AT&T’s servers to attack client telecoms computer systems, and so generate the revenue-producing calls.

What I find incredibly worrying is that a terrorist group is reported to have funded the hack. This is one of the first times that terrorists have been directly linked to hackers and it is of great concern – especially since their activities reportedly date back to 2009.

IT security professionals have known for some time that well-executed cybercrime can generate big money for those involved, but – to date at least – the cybercriminal gangs have been stereotypical East European criminals who spent their money on drugs and fast cars.

But here we appear to have direct evidence that terrorists are funding cybercriminal activities, presumably in order to generate illegal profits to plough back into their politically motivated crimes.

The bad news here is that these crimes often involve physical damage to property – and perhaps worse – people. Money, he adds, is a replaceable item, but people’s lives are a far more precious commodity.

And this is no tenuous link, as the New York Times report on the arrests says that the four men were working with a terrorist group that has been linked to Al Qaeda – and known to be responsible for the 2002 bombings in Bali.

Those terrible bombings killed more than 200 people. As the full details of this hack emerge, I suspect we shall find that the terrorist-financed hackers used relatively simple methodologies to gain unauthorised access to AT&T’s systems.

My first reaction is that they probably gained access to an account which allowed them access to some – or all – client credentials. I also suspect that simple privileged account management could have helped to prevent this crime from taking place.

Whilst it’s good to hear that AT&T has soaked up the reported $2 million financial losses, this sizeable sum could have found its way into criminal and possibly terrorist pockets. This is why this saga needs to act as a wake-up call to all security professionals on the need to raise the bar on cybersecurity.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Philip is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Philip has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. Philip has a B.A. from San Francisco State University.