Stunning story on how Netragard used social engineering to execute an irrecoverable infrastructure compromise against one of its healthcare customers.

nsa-customer-hacking-tools-seller-vupenWhat’s more interesting on this story is – probably Netragard is one of the “anti-hacking solution” provider of NSA.

Is it a coincidence? Who is Netragard?

Netragard is a security company that delivers anti-hacking services, including penetration testing, vulnerability assessments, web application security testing, and related functions.

Netragard is a Massachusetts firm that sold more than fifty exploits to private businesses and US government agencies in 2012 . Prices ranged from $20,000 to more than $250,000. The founder of Netragard, Adriel Desautels, revealed that some of the above exploits could be considered “weaponised.” That means that the exploits have been acquired by governments for offensive purposes or active defense.

Read more here – http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/

“During an engagement in 2012, Netragard used social engineering to execute an irrecoverable infrastructure compromise against one of its healthcare customers. This was done through a job opportunity that was posted on our customers website. Specifically, our customer was looking to hire a Web Application Developer that understood how to design secure applications. We built an irresistible resume and established fake references, which quickly landed us an on-site interview. When we arrived, we were picked up by our contact and taken to his office. While sitting there, we asked him for a glass of water and he promptly left us alone in his office for roughly 2 minutes. During that time, we used a USB device to infect his desktop computer with RADON (our pseudo-malware). When he returned we thanked him for the water and continued on with the interview. In the end, we were offered the job but turned it down (imagine if we accepted it).

Read more here – http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s