A multimillion-dollar Car Manufacturing company hacked through a THERMOSTAT
The Dangerous Anatomy of IoT Attack!
Let me tell you how Brain Page, a skilled hacker from san Fransisco breached into a multimillion-dollar car manufacturing company through a THERMOSTAT
He did that in just 6 steps!!
“They didn’t scan the whole network. The thermostat’s part of the network. It’s inside the firewall, it’s connected to Opticon's entire network. You can get the whole standard configuration and password online in 30 seconds..” said Brain during an interrogation with FBI.
You may want to ask;
How did he get through the company’s network?
Who sent him?
how much was he paid to steal this blueprint?
Well, before I answered that, let me tell you this…
Most of your IoT devices are totally flat networks, with no subnets or anything making it easy to hack
Now, let’s dive into the 6 six steps of how he stole a billion-dollar project blueprint of creating a driverless car and sold it for 75 Bitcoin.
ready? let go…
Step 1: Gathering Information
Brain scoured social media for the names of Opticon’s engineers and stumbled upon an old-school bowling league website. He used this information to target one of the engineers and gain access to Opticon’s network.
Precaution: Implement a strict social media policy for employees, and educate them on the dangers of sharing sensitive information online.
Step 2: Scan for Vulnerability
Brain discovered that the bowling league website was infected with an old exploit, an iframe injection attack, waiting for its next victim.
He used this vulnerability to deliver his malware to the engineer’s laptop.
Precaution: Regularly scan your network vulnerabilities and patch them immediately.
Step 3: Deliver Attack
Brain used the exploit on the bowling league website to deliver his malware to the engineer’s laptop.
Precaution: Use firewalls, and intrusion detection/prevention systems.
and other security tools to detect and block malicious traffic.
Step 4: Gain Access
Brain could gain access to Opticon’s network through the engineer’s laptop, as he connected to the company’s network.
Precaution: Use multi-factor authentication to secure all access points, including remote access.
Step 5: Maintain Access
Brain navigated through Opticon’s flat network, undetected, and found his way to the company’s most valuable assets — blueprints of the optical tracking cameras.
Precaution: Use network segmentation to limit the scope of a potential breach.
Step 6: Delete Evidence
Brain encrypted the files and deleted backups, to cover his tracks after his illegal actions.
Precaution: Regularly back up all important data and keep the backups in a secure, off-site location.
[Brain]: “When I found the blueprints, I realized I could make some money off these files. Well, then I burned everything down.”
Brain reportedly sold the blueprint to a rival company, they produced the car and got all the glory.
what should be done to Brain after his arrest?