CISO Case Files: Narco Kingpins in the Supply Chain

El Chapo Prison Break:

Cybercrime is not a word typically associated with narco kingpins, but it’s a bad idea to underestimate an opponent. When famous drug lord Joaquin “El Chapo” Guzman escaped prison in 2015, he did so with such precision that theories have popped up to explain how. The escape route constructed for the narco kingpin was a feat of engineering. The plan involved a mile-long tunnel buried thirty feet underground with an access point climbing vertically into the one spot not under surveillance, El Chapo’s shower. The escape route used by the narco kingpin made the greatest use of blind spots while avoiding the interruption of electricity, water, and sewer lines. Such a feat would be impossible without precise knowledge of the prison. It begged the question of how El Chapo’s minions were able to complete this tunnel without triggering alerts or being discovered. While an easy explanation would be bribery or corruption, another possibility is that El Chapo’s associates sourced the blueprints online. How could prison blueprints be available online? As one similar incident we solved for a client will show, the answer is third-party data leaks.

Details from the Crime Scene:

Our client, a multinational building materials firm, was contracted to design and build a new maximum-security prison. Upon finishing their design, the blueprints were shared with vendors and partners in advance of breaking ground. With a complicated project such as prison, multiple documents covering structural designs, security measures, surveillance coverage, and more will be needed to be uploaded to a file server to be physically printed and distributed by a specialty partner. If these plans were made public, all security measures would need to be altered to prevent exploitation by criminals, costing millions in additional labor. If our client’s blueprints were stolen, future contracts could be negatively affected, leading to the loss of millions more in revenue and potentially hundreds of jobs lost.

CybelAngel Investigates:

CybelAngel protects our customers by detecting and resolving external threats before they harm your company. CybelAngel is continuously scanning across the internet for exposed assets, credentials, and sensitive datasets belonging to an organization or its supply chain. During such a scan of the connected storage devices perimeter specifically, CybelAngel discovered hundreds of copies of the blueprints to our client’s new prison. Our solution immediately detected potentially sensitive documents on the unsecured file server, processed them through our Machine Learning algorithms applying first a sensitivity screening and predicting a critical incident. Within minutes the CybelAngel Analyst Team confirmed the criticality of the documents and issued an alert to our customer. With an alert triggered, our Analyst Team began their investigation by identifying who was responsible for the leak and issuing an incident report — complete with context: who, what, where, and when. Located on an unsecured file server owned by a printing company specializing in producing and distributing blueprints, were hundreds of our client’s sensitive documents. The incident report provided important context and details about what was exposed, which helped our client to assess the company’s risk and immediately remediate the issue.

Arresting the Leaks:

CybelAngel detected the printer’s open file server only one day after our client transmitted the blueprints to their partner. Taking down the unsecured server prevented the blueprints from being accessed by cybercriminals looking to weaponize the blueprints or monetize them by selling them on the dark web. An audit of the printing service’s network revealed no other IP had connected to the unprotected server, except by CybelAngel’s tools. The printing vendor was contacted and undertook efforts to secure the file transfer servers for all of their clients, preventing any future abuse of others. Closing the data leak before the documents were discovered and exploited by hackers saved an estimated $1,000,000 in additional labor to redesign prison security measures. With their vendor secured, our clients could turn back towards their work confident of their data security.

Detective’s Notes:

A cornerstone of protection, physical or cyber, is awareness. You can’t protect against what you don’t know.  With enterprises sharing data with 583 third parties, and 62% of all Critical Level Incidents involving third parties, there is a clear and present danger. Give your company a fighting chance by increasing your awareness of exposed, vulnerable assets with CybelAngel’s free Data Exposure Dashboard.