The Smart Card Alliance offers platitudes but don’t identify the culprits!
The Smart Card Alliance released their weak response to the recent Sykipot Tojan attack which hijacked the Department of Defense authentication smartcards. Unlike hypothetical attacks on smartcards (the Chinese Remainder Theorem Attack comes to mind with the use of a microwave oven and a calculator) this is a real threat to the security of one’s network and data but not so much to the smartcard itself.
The Sykipot Tojan is taking advantages of the flaws and lack of security in Adobe’s PDF documents (zero-day attack) and Microsoft’s Windows OS and anti-virus suppliers are not blocking infected attachments.
How are these attacks happening? The attacker sends a phishing or spear phishing email with a malware infected attachment to an unsuspecting person or employee. The employee opens the attachment and launches the attack. The malware is a keylogger that captures the PIN of the smartcard, reads the user’s certificates within Windows, and then allows the attacker to use this information to log into unauthorized accounts. Read More→