Were You Able to Hack Our Mainframe?

February 25, 2009

We just spent the last 15 minutes laying out for our client how we had hacked their Microsoft network infrastructure and had “domain admin” access. Then the IT Manager asked, “Were you able to hack our mainframe?” I almost fell to the floor. It took another five minutes to explain, gently as I could, that this question was almost entirely irrelevant.

Sometimes our clients get so focused on the trees that they fail to see the forest. In this case, the IT manager knew that the core customer database existed on the mainframe. He wanted to know if his mainframe was secure. But he failed to realize that access to his core data could be obtained from a multitude of paths. In this case, our “domain admin” access gave us unfettered access to any workstation in the network. Using this access it would be trivial to install key stroke loggers to get mainframe passwords, or even take remote control of systems running mainframe applications. And later in the week we did this. We compromised the data on the mainframe.

This post is a plea to all IT managers that read our blog posts. Please see your entire network of computer systems as a composite that needs consistently deployed, effective controls.

It is worth noting that we were unable to directly penetrate the mainframe that week. We found ports to be secured. We found patches installed. We were not contracted to perform application testing so we did not check for application security flaws. We did not try and circumvent malicious code controls. We did not try and gain physical access (though we know this would have been successful). But the strength of the mainframe controls was irrelevant once we had “domain admin” since we were able to access all the data we wanted on the mainframe through the network connections to workstations.

– TrustCC


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: