Skip to content
February 21, 2013 / Tal Klein

So NBC.com got hacked. So what?

Earlier today, Brian Kerbs tweeted about the NBC.com hack – at which point both Simon Crosby and I naturally headed to NBC.com to see what was what.

Upon visiting the site we received a LAVA alert that informed us that we were being attacked. This made us excited, not concerned. You see, with vSentry our browsing tasks were totally isolated in hardware-enforced micro-VM’s.

We got on the phone with Brian and our Chief Security Architect, Rahul Kashyap, and started dissecting the long tail of the attack.

nbc-lava

At this point there are countless of places that will tell you what the attack consisted of, so we won’t brag about how early and deeply we were able to analyze it.. What I’d like to note is that we were able to do this not in a lab, but using our day to day laptops – without ever fearing a compromise.

Imagine doing that; Browsing the web without fear of compromise. What a novel concept!

One of the coolest things about working at Bromium is that many of us spend our free time cruising the web looking for interesting malware, and then detonating it on our laptops with LAVA. When we find something really interesting, like the NBC.com hack, rather than an “oh no, I’ve been hacked”, you’ll hear a, “woohoo I got a good one!” and then the crew will gather around someone’s desk and examine the full lifespan of the attack; how many binaries it dropped, where the c&c servers are, what registry entries it manipulated, etc.

Just a fun fact about life as a Bromide.

2 Comments

Leave a Comment
  1. donjduncan / Feb 21 2013 2:17 pm

    Reblogged this on Enterprise Computing Speedbumps and commented:
    Always enjoy reading stuff like this and figuring out how something works. It makes technology fun!

  2. Jim / Feb 21 2013 4:24 pm

    I hope folks begin to understand the phrase “hardware enforced “.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 20,113 other followers

%d bloggers like this: