Never mind your enemies, how well is your IT protected from your friends? Two stories about the hacking of NASDAQ and the Japanese Parliament illustrate the danger of relying on others for IT security. There was nothing new or particularly innovative about the attack that compromised the network serving Japan’s lower house of parliament. In July, an elected official opened an email attachment carrying a downloader. (Feel free to insert your own joke about politicians’ intelligence here.) The infection then spread to computers used by three other officials, and the Trojan phoned home to a server based in China and downloaded other information-stealing malware. It also compromised the network’s server, where the ID codes and passwords of all the members of the Lower House and their secretaries are stored. The hacker likely used this information to access personal and professional confidential information. Considering we are just hearing about this now and the initial penetration was in July it is safe to assume the perpetrators got pretty much everything they might want. The only remedial action made public: Legislators have been advised to change their passwords. How about hitting them upside the head with sticks? (Read Forget new threats: It’s the old-school attacks that keep getting you) More troubling is the story of hackers who gained access to the NASDAQ computers and used them to get into the networks of a number of other companies. According to Reuters, “The case is an example of a ‘blended attack,’ where elite hackers infiltrate one target to facilitate access to another. In March hackers stole digital security keys from EMC Corp’s RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.” While none of NASDAQ’s trading platforms were compromised in the attack, hackers were able to access a Web-based software program called Directors Desk, used by corporate boards to share documents and communicate with executives. This allowed them to access confidential information for scores of directors and companies. As the case of the Japanese Parliament shows, there are few bigger threats to security than a user with a laptop. What is the most frustrating is that these cases are so easily avoided. Most of the time the users are just ignoring the basic computer safety training they’ve already been given. As they say in Texas, “You keep giving them books and giving them books and they keep chewing on the covers.” Without more information it is difficult to say what allowed the NASDAQ intrusion to take place. Was this a case of overly trusting someone else’s security systems? We don’t know and, given the nature of the information that was taken, we may never find out. While the primary responsibility for this breach lies with NASDAQ, it is likely that others made the mistake of placing too much trust in someone else’s security. There’s an old saying in journalism that politicians should be assumed guilty until proven. That same is true for any system that can gain access to your network. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe