It’s nearly Halloween here in the US and that means costumes and masquerade. Google tells us that “masquerade” is a noun meaning “a false show or pretense” or a verb meaning “pretend to be someone one is not”. These have the same sense as the cyber security definition from RFC 4949, “A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity.” The definition continues:
Usage: This type of threat action includes the following subtypes:
– “Spoof”: Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
– “Malicious logic”: In context of masquerade, any hardware, firmware, or software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
Years ago when I taught systems programming to undergraduates, they discovered it was easy to create a Trojan login program. The login screens were text-based in those long-ago days and the login prompt was:
Nope, it’s not hard to make a program display that. They’d then capture the username and ask for a password. Their program would then exit and the real login prompt would appear. Since the password wasn’t echoed back to the user, the user presumed he or she had mistyped the password and would re-enter it. Of course the malicious code had saved the credentials, allowing those students to masquerade (spoof) as other students or faculty. (In an effort to prevent similar attacks in Microsoft Windows, users are encouraged to press Ctrl+Alt+Del secure attention sequence at the login GINA window to ensure one gets a genuine one.)
Today there are many forms of Trojan horses and other malicious logic. I get email with them frequently, as I’m sure you do, too.
The security principle of preventing masquerade is authentication. Both individuals and computers are authenticated to each other – preferably using “strong authentication” techniques. We talk about this and how it’s done, in the Learning Tree’s System and Network Security Introduction course. It is easy to think of authenticating users, but we all authenticate hosts when our browser communicates over TLS to secure sites. We can do the same inside an organization to ensure that the payroll host hasn’t been replaced with a Trojan!
What are you doing for Halloween this year? What’s your favorite cyber security masquerade story? Share these with us in the comments below and enjoy the tricks and treats!
To your safe computing,