TSA: Meh, security schmecurity!

by Lisa Simeone on August 15, 2012

Not only do we already know that while the TSA is busy sticking its hands down your pants, people are wandering up to the airport on jet skies, breaching airport security by climbing over fences, and hiding in airplane wheel wells, but now we find out that computer security may be compromised. 

For the technologically inclined out there, you might be interested to read this article titled, “Citadel Malware Used to Infiltrate Airport VPN.”

Okay, it didn’t sound good, but I still had to look up “VPN” (virtual private network for those of you who are barely technologically competent like me). Like so much in the digital age, unless you’re proficient at this stuff, it’s hard to know what’s truly safe and secure and anonymizing, and what isn’t.

Back to the article:

The Citadel Trojan is really starting to become kind of a pain in the neck. Not content to sit by and watch while its more well-known rivals Zeus and SpyEye get all the attention, the Citadel malware has begun showing up in some interesting places, with the latest example being the discovery of the Trojan being used to steal VPN credentials for internal users at a major airport.

The attack is a two-stage operation that is designed to defeat the strong authentication application that the airport had in place. Researchers at Trusteer discovered the attack and notified officials at the unnamed airport, who then disabled employee access through the VPN.

Airports are target-rich environments for attackers, thanks to their open wireless networks and the huge population of transient users who are all too eager to use them. Man-in-the-middle attacks on airports’ public networks are common, but this particular attack didn’t target the public network or users but instead went after the airport’s employees and their remote-access application. Getting access through any corporation’s VPN system is a huge win for an attacker, because once she comes in as an authenticated user, she enjoys all of the access ad privileges on the network that the victimized user does.

In this particular episode, the attackers used a couple of well-known techniques in order to circumvent the security measures the airport had in place and make off with the victims’ VPN credentials.

In other words, we’re talking employees here. The identities and passwords of employees.

But since the TSA is fixated on panty-explosives and booby-bombs — and treating us all as criminals — the agency will probably just ignore this pesky little security problem. After all, grabbing and groping and finding aha! a butter knife! happens in plain sight, so it “looks like” the TSA is “doing something.”

But real security and real intelligence don’t make a splash. And don’t warrant a Golly-Gee-Look-What-We-Found post by Blogger Bob. Real security and real intelligence happen behind the scenes, long before someone gets to an airport.

(Photo: Flickr Creative Commons/Kevin Marks)

Previous post:

Next post: