ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Active Directory and Corporate Identity Theft - How do you steal a domain user account?


Member

Posts: 16
Date: May 24, 2012
Active Directory and Corporate Identity Theft - How do you steal a domain user account?
Permalink  
 


Hi Guys,

We've been working on some hot ticket issues for our management, and one of them happens to be Corporate Identity Theft. Apparently, folks up the chain suddenly seem concerned about the theft of identities within the company, esp. from folks who are granted temp access.

We've been asked to prepare and submit a report on our preparedness level in regards to preventing, detecting and reacting to a potential corporate identity theft security incident.

Weren't sure where to start, so figured defining a corporate identity would be a good starting point.

It seems to us that for all practical purposes, a user's domain user account would be the user's corporate identity, since virtually everything is tied to the user's domain account.

Question is - how would someone go about stealing a user's corporate identity? I mean, how does someone steal a domain user account

We're trying to figure this out, because while we can proceed with the premise that the user's domain account represent's his/her identity, we're hitting a road block making an assessment of how secure these identities (er, domain user accounts) might be.

Your insights would be quite appreciated.

Thanks much.

Jeremy.



__________________
Driod Rules!
Ray


Member

Posts: 17
Date: Jun 24, 2012
RE: Active Directory and Corporate Identity Theft - How do you steal a domain user account?
Permalink  
 


Hi Jeremy,

Identity theft is a huge problem today, and while it is rampant on the personal front on the Internet, it is increasingly making its way into the corporate world, and is in fact, as you mention it, referred to as Corporate Identity Theft

To answer your question,  I suppose one can ask, as to how hackers try to steal someone's identity online, and I think you'll agree, that for the most part, they using website phishing to try and learn about your password.

The concept is similar in corporate environments, and there's only a small difference. Instead of trying to phish passwords, hackers who can get inside the perimeter can try to reset a user's password, and by doing so instantly logon as that user, thus in effect stealing that user's corporate identity, and thus successfully engaging in corporate identity theft.

So, the #1 way for hackers to steal corporate identities is to reset a uer's password and logon as the user. Since all accounts are stored in Active Directory, they only need to find out who can reset a user's password, then compromise one of those accounts/ the machines these admins logon to, and from there they can start and try to steal corporate identities.

This is a growing risk and concern for all organizations, and perhaps that is why your management may have requested the data they did. In order to fulfill that request, your best bet would be document the list of all IT personnel who have been delegated the ability to reset passwords in your Active Directory.

I hope this information helps you. We've just recently dealt with this very problem in our organization, and we've now empowered all employees to help them monitor who can reset their passwords at all times. 

>Ray.



__________________
One misconfigured 00299570-246d-11d0-a768-00aa006e0529 is all I need.


Member

Posts: 16
Date: Jun 29, 2012
RE: Active Directory and Corporate Identity Theft - How do you steal a domain user account?
Permalink  
 


Hi Ray,

That's very insightful - thanks for sharing! We never did think about this but you're so right that the easiest to steal a domain user account is to reset the account's password and instantly login as that account.

I'll certainly bring this up in our next weekly all-hands meeting. We too should make sure that we know who can reset whose passwords. We have a small team of IT admins, but we've outsourced some aspects of account management to a local consulting company.

By the way, you made one comment that is intriguing - 

we've now empowered all employees to help them monitor who can reset their passwords at all times. 

You're saying all your employees can monitor who can reset their passwords? If that's what you're saying, I'd love to know how you managed that!

Thanks,

Jeremy.



__________________
Driod Rules!
Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me