A Technical Analysis of the Capital One Hack

A Technical Analysis of the Capital One Hack

  • August 3, 2019
Table of Contents

A Technical Analysis of the Capital One Hack

The recent disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information made the headlines this past week. This particular incident came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what may have transpired leading up to the loss of over 100 million credit card applications and 100 thousand social security numbers. At the root of the hack lies a common refrain: the misconfiguration of cloud infrastructure resources allowed an unauthorized user to elevate her privileges and compromise sensitive documents.

Similar incidents have made the news over the past 2–3 years, including the high-profile leak of nearly 200 million voter records, terabytes of classified documents from the pentagon, and half-a-billion Facebook profiles. According to the 12-page indictment (PDF), this compromise originated with the invocation of arbitrary user requests on a server ran by Capital One in its AWS account. The indictment does not detail the specific vulnerability that enabled these commands, but most signs point to it being a Server-Side Request Forgery (SSRF) attack.

An SSRF attack tricks a server into executing commands on behalf of a remote user, enabling the user to treat the server as a proxy for his or her requests and get access to non-public endpoints.

Source: cloudsploit.com

Tags :
Share :
comments powered by Disqus

Related Posts

Architecting for PCI DSS Segmentation and Scoping on AWS

Architecting for PCI DSS Segmentation and Scoping on AWS

AWS has published a whitepaper, Architecting for PCI DSS Scoping and Segmentation on AWS, to provide guidance on how to properly define the scope of your Payment Card Industry (PCI) Data Security Standard (DSS) workloads running on the AWS Cloud. The whitepaper looks at how to define segmentation boundaries between your in-scope and out-of-scope resources using cloud native AWS services. The whitepaper is intended for engineers and solution builders, but it also serves as a guide for Qualified Security Assessors (QSAs) and internal security assessors (ISAs) to better understand the different segmentation controls available within AWS products and services, along with associated scoping considerations.

Read More
VPC Traffic Mirroring – Capture & Inspect Network Traffic

VPC Traffic Mirroring – Capture & Inspect Network Traffic

Running a complex network is not an easy job. In addition to simply keeping it up and running, you need to keep an ever-watchful eye out for unusual traffic patterns or content that could signify a network intrusion, a compromised instance, or some other anomaly. VPC Traffic Mirroring Today we are launching VPC Traffic Mirroring.

Read More
A Detailed Overview of AWS API Gateway

A Detailed Overview of AWS API Gateway

Look inside the black box of AWS API Gateway to understand authorization, method requests and responses, integration requests and responses, VTL templates, and more. AWS API Gateway is an awesome service to use as an HTTP frontend. You can use it for building serverless applications, for integrating with legacy applications, or for proxying HTTP requests directly to other AWS services.

Read More