DEMO
Contact

A Hacker Enters a Data Center Through the Bathroom Using Publicly Available Plans!

Companies often think about the security of their computer systems, but cyberattacks can also take place in the real world. And yes, hackers can even come through the toilets!

Public Data Center Plans

But how did this hacker access these plans?

Andrew Tierney (@Cybergibbons) shared his approach on his Twitter account. Due to a lack of cybersecurity awareness by one or more employees, the plans were made public! After some analysis, he found a way to infiltrate the data center.

Here’s his story: “The Data Center had separate bathrooms for the offices and for the secure area where the IT infrastructure was hosted (see diagrams from the plans on the side). This space was accessible through a door from the disabled WC…” So, @Cybergibbons just had to enter the bathroom and access the “technical corridor” through these WCs and exit on the “secure” side. Andrew Tierney concludes: “The Data Center was supposed to be highly secure. At the entrance gate, for example, staff had to leave all their digital devices.

Yet, the secret passage through the toilets was easily accessible, and anyone could see the layout on the publicly available plan. Any hacker could have discovered this hidden access by studying the plan a little.

Any flaw, no matter how small, is potentially exploitable by cybercriminals.

In the era of the Cloud, the contributors to a construction project, your collaborators, produce and share highly sensitive and confidential data. It is essential to understand the importance of securing construction project data from the design phase.

Cybercriminals anticipate misuse around digital data and are becoming increasingly ingenious, as there is no longer a boundary between the physical and digital worlds. It is easy for a hacker to access a company’s network through various means and use it to steal data or bypass a site or building’s peripheral security. If a simple publicly available 2D plan can compromise the security of a Data Center, imagine the risk associated with digital models brimming with information! The data produced in BIM (Building Information Modeling) or CIM (City Information Modeling) processes can inform about systems, energy networks, security, etc. It is therefore essential to secure your project design processes. The reliability of your digital assets, as well as those of your clients and partners, depends on it.

Until now, cybercriminals have used social engineering*, especially phishing  or spear-phishing techniques. Their goal is to extort money or steal credentials from an inattentive employee. This case shows that today, it is also possible to set up infiltration operations to carry out malicious acts from freely accessible design data. 

The recent NIS 2 directive, which now requires more than 150 000 public and private companies to employ all necessary means to combat cyber-attacks, will increase the requirements on the security of shared data. 

How to anticipate this type of attack?

All contributors to a construction project must participate in the cybersecurity of their clients’ digital assets; otherwise, new attack strategies could then populate the “Cyberattacks” section!

ScredIn is here to assist you in protecting the digital data of your projects.

Our strengths are focused on three axes: reliability, security, and time-saving!

Reliability:

  • No human error: automation of encryption/decryption,
  • Regardless of the usage: data always in a secure zone

Security :

  • Data is always protected: in use, in storage, and in sharing
  • Compliant with interministerial instructions: IGI 1300 | II920 | II 901
  • Adheres to ANSSI directives
  • Sovereign technology

Time-Saving:

  • ½ hour saved on average per day (opening 10 documents)
  • Integration of cybersecurity within business processes (such as BIM).
Request a Demo
The Hacker’s Journey

“41% of large companies and intermediate-sized enterprises overestimate their cybersecurity maturity!”

Cybersécurité : Accompagnons les COMEX et les dirigeants
Read the article

NIS 2: 150,000 Entities Will Need to Strengthen Their Cybersecurity!

Read the article
“Enhance reliability, ensure security, and save time!”

Consult with Our Experts

Schedule Your Appointment
#PT4T #ScredIN #NIS2 #SIR2 #ProtectTodayForTomorrow #CyberSecurite

To learn more:

(*) Social Engineering. Definition by ANSSI: A manipulation aimed at obtaining goods or information by exploiting the trust, ignorance, or gullibility of third parties.

Note: For malicious individuals using these methods, the goal is to exploit the human factor, which can be considered in some cases as a weak link in the security of the information system.

To Receive Our Newsletter

Click here 
Sources : @Cybergibbons | lebigdata.fr

Any questions?

CONTACT US