Glitch imperils swath of encrypted records

Data destruction easy, inventor warns

continued from page 1

Question of the Day

Should Congress make English the official language of the U.S.?

View results

Without careful monitoring and management, SSH users go on creating keys, often storing them in easily identifiable directories where hackers can find and use them to access secure computers.

For example, one major bank that Mr. Ylonen’s company audited had used SSH in more than 5,000 applications on as many as 100,000 servers.

He said the auditors found in “a fraction of the bank’s environment” more than 1 million unaccounted-for keys — 10 percent of which granted root access, or control of the server at the most basic level.

“The deeper we dig, the more we find,” Mr. Ylonen said of the audits that the company is undertaking of major users of SSH.

It is not just in the private sector where hackers could use the keys for illicit purposes.

SSH is “the de rigueur method” for encryption in classified computer systems used by the U.S. government, Mr. Fergus said.

“One of the biggest challenges the federal agencies face [in encryption] is key management,” he said.

Mr. Fergus noted that federal rules for classified computer networks cover the “issuance and assignment and storage of keys” but do not dictate what should be done with used keys.

“There’s nothing in the standards or the protocols,” he said.

‘Domino effect’

As a teenager in the 1990s, Sean M. Bodmer hacked government computers and was arrested by the FBI. Today, he is a top researcher at the computer security firm CounterTack, based in Waltham, Mass.

“It’s quite horrific what access you can get with an SSH key,” Mr. Bodmer told The Times.

Mr. Bodmer described how a hacker could use abandoned keys to move through a supposedly secure computer network by hopping from server to server.

“It’s a domino effect” security breach, he said.

Mr. Ylonen said that neither the government nor the private sector has come to realize the danger of having unaccounted-for keys fall into the wrong hands.

Story Continues →

View Entire Story

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...

Latest Stories

Latest Blog Entries

Comments
blog comments powered by Disqus
TWT Video Picks