BLACK HAT - Security issues lurk behind corporate intranets

Experts claim that many companies are unknowingly leaving the door open for outsiders to infiltrate and attack their corporate intranets using new hacking techniques such as

Companies looking to improve their overall security posture may want to look for vulnerabilities in a place where they never might have expected to be attacked -- their corporate intranets.

According to two leading security researchers presenting at the ongoing Black Hat 2007 security conference in Las Vegas on Wednesday, many companies are unintentionally leaving the door to their IT operations unlocked by failing to adequately protect their internal Web sites.

Based on advancements in security research that will allow hackers to use Web browsers and the flaws the programs carry to infiltrate and attack intranets with greater ease, including the use of newer hacking techniques such as CSRF (cross-site request forgery), businesses should begin actively reviewing and re-architecting the internal URLs to prevent major issues down the line, said researchers Jeremiah Grossman and Robert "RSnake" Hansen.

"This is a problem that is essentially as widespread as anything out there. Over the next eighteen months I believe that we'll see black hats catching up with the research community and beginning to adopt these tactics," said Grossman, who is the founder and CTO of vulnerability testing firm WhiteHat Security. "Basically with these types of attacks it's as if firewalls don't even exist."

Companies typically don't consider the fact that hackers could find a way to get into their intranets, the Web application testing expert said, but savvy attackers can find links to the sites by carrying out emerging attacks such as CRSF threats, which allow them to break into seemingly secure Internet sessions to secretly lift password and browser history data.

Hackers typically attempt to fool end-users into loading a Web page that contains a malicious request in common CSRF threats, much like traditional phishing attacks or cross-site scripting (XSS) techniques.

The attackers then try to misappropriate victims' identities and privileges to carry out activities such as changing their applications passwords to gain entrance to intranets or banking sites, or to log into e-commerce sites to make fraudulent purchases in their names. In some cases, the attacks are hidden on the vulnerable sites themselves.

Grossman said that CRSF threats and XSS attacks are most commonly being used together to swipe money from online bank accounts today. But based on his observations of corporate intranets, he maintains that the technique could spell trouble for internal company URLs in the near future.

Utilizing the approach, hackers can essentially access prior Web browser sessions and remain logged in to any sites that have been accessed by an end-user to carry out illicit activities, including sites that offer access to sensitive information or company data.

Another easy way to break into intranets is to use cross-site scripting attacks that mirror traffic from trusted Web sites, such as online banking applications, that won't likely get blocked from company networks, according to the experts.

In developing their intranets, it seems, many firms don't apply the same level of security testing that they use for their publicly available URLs, the researchers said.

"Companies think that only certain IP addresses may be able to access their sites. Bbut using these techniques the browser can go anywhere, which throws the defense of filtering IP addresses out the window," said Hansen, who operates the security consulting firm SecTheory. "Hackers can use the browser as a proxy to get access to intranet applications -- vulnerabilities in VPN systems for remote workers offer another attractive point-of-entry."

The experts said that to protect themselves, companies should begin defending their internal Web sites in the same manner they safeguard their external sites. Public-facing Web sites shouldn't be allowed to access the intranets on any level, which is another common means for hackers to find their way into the systems, they said.

"There will be tools made available that allow black hats to carry out this sort of threat easily within the next two years, which should inspire a lot more people to try them out," Grossman said.

"These types of browser vulnerabilities have always been there, and these attacks were always feasible. It's just that no one really knew about it; what the bad guys are doing with them today compared to several years from now is just the tip of the iceberg," he said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?