Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix solutions are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company’s internal network, swiping business documents in an apparent “password spraying” attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn’t shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
Resecurity understood that hackers from Iridium, an Iran-linked group, stole data in December 2018 and again on March 4th. They made off with at least 6TB of documents and as much as 10TB, and they seemed to be focused on project data for the aerospace industry, the FBI, NASA and Saudi Arabia’s state-owned oil company. The intruders may have been lurking for a long time, too. Resecurity’s Charles Yoo said that Iridium broke into Citrix’s network roughly 10 years ago and had been hiding since then.
The researchers said they’d told Citrix about the first attack on December 28th. It’s not clear if Citrix addressed the issue then, although it took a number of steps after the FBI got in touch on March 6th. The company said it launched a “forensic investigation” with the help of an unnamed security firm and took “actions” to lock down its network.
Citrix stressed there was “no indication” that the intruders compromised its products or services. However, that’s not the major concern here. As a government contractor that focuses on networking and the cloud, Citrix could hold sensitive data on other companies. It may be aware of their network layouts and security measures, for instance. Like the OPM hack, the consequences could reach well beyond the initial target.
The Swiss government is eager to ensure that its e-voting system is safe and secure for those casting their votes. To ensure that’s the case, they issued a press release looking for “Interested hackers from all over the world to attack the system.” This will be in the form of a public intrusion test or PIT session.
Public Intrusion Test
The public intrusion test (PIT) will run from February 25 until March 2 and offer cash rewards depending on what the hackers are able to do. There are a set of rules attached to this PIT, which set out the basics of the test, and the qualifying vulnerabilities.
The rewards for this test range from $100 to $30,000 based on CHF points (1 CHF point is roughly equivalent to 1 USD.)
There is set to be a mock e-voting session planned for the last day of testing on 24 March. However, hackers can attack the e-voting system before this date as well.
Anyone wanting to participate in the test has to register in advanceof the PIT session. This gives the participants legal permission to attack the system and also enables them to receive rewards.
Registration also binds participants to the rules of the PIT. This ensures that only the system is targeted, and protects the rest of the Swiss Post infrastructure.
Participants of the PIT session are restricted from attacking certain areas of the infrastructure. For example, hackers are not allowed to harm a voter’s device or attack any unrelated systems belonging to Swiss Post who created the e-voting system.
However, Swiss Post will be disabling some of the e-voting security defences to allow participants to concentrate on the inner core of the system.
The Swiss government is holding public penetration tests to build confidence in the system. A committee of politicians and computer experts started an initiative at the end of January to have e-voting banned in Switzerland for at least five years. They are hoping to get over 100,000 signatures in a petition over the coming months.