FT hack explained by FT labs (repost from OWASP mailing list)

LoLth · 29-05-2013 6:54pm #1

Fabio Cerullo just sent this link out to the OWASP mailing list, I thought I'd re-post it here for those that would be interested but arent on the OWASP list.

http://labs.ft.com/2013/05/a-sobering-day/

its the story of how FT got hacked as told by a techie from FT labs. Very interesting reading.

Khannie · 02-06-2013 8:37pm

Sobering stuff alright.

03-06-2013 6:24pm

Developers might well think they’d be wise to all this – and I thought I was. I got the email, and clicked the link, but then I recognised the phishing page for what it was and reported it without filling in the form. It’s been suggested to me that I might have left the tab open and inadvertently logged in later when switching tabs without looking at the URL, and I guess that must be what happened in my case.

He knew it was a phishing page and he still fell for it.

Trojan · 06-06-2013 10:40am

This was very well written by the attackers, not at all what I'd expect from a phishing effort:

Coming from a legitimate internal email, I think that email would work in 99% of corporate environments.

Khannie · 06-06-2013 11:21am

Trojan wrote: »

Coming from a legitimate internal email, I think that email would work in 99% of corporate environments.

Agreed and once the cat is out of the bag (i.e. as the attacker, you know you're basically rumbled), you can send mails like that with impunity.

If you're smart, you'd have a mail like that written up and ready to roll, so as to save precious minutes during the cat and mouse game of get in / kicked out.

I'd say it helped to have the email accounts within google in this instance too. I'm sure they were very helpful in dealing with firewalling the attackers.

FT hack explained by FT labs (repost from OWASP mailing list)

Comments