CISO Case Files: Prison Break in the Printer


El Chapo Prison Break:

When famous drug lord Joaquin “El Chapo” Guzman escaped prison in 2015, it was the result of precise planning and months of work. Associates of El Chapo purchased a safe house near the prison, then engineered and dug a 1-mile long tunnel 30 feet under the prison. An access panel was installed directly under one of the only areas in the building not under surveillance, the shower in El Chapo’s prison cell. Such an engineering feat would be impossible without precise knowledge of the prison. It was as if El Chapo’s associates had the blueprints to his prison.   

Details from the Crime Scene:

Our client, a multinational building materials firm, was contracted to design and build a new maximum-security prison.  Upon finishing their design, the blueprints needed to be shared with vendors and partners in advance of breaking ground.  With a complicated project such as prison, multiple documents covering structural designs, security measures, surveillance coverage, and more, needed to be uploaded to a file server to be physically printed and distributed by a specialty partner. If these plans were made public, all of the security measures would need to be altered to prevent exploitation by criminals, costing millions in additional labor. Were the blueprints to be stolen, future contracts could be negatively affected leading to the loss of millions more in revenue and potentially hundreds of jobs lost.  

CybelAngel Investigates:

CybelAngel protects our customers by detecting and resolving external threats before they harm your company.  CybelAngel is continuously scanning across the internet for exposed assets, credentials, and sensitive datasets belonging to an organization or its supply chain.  It was during such a scan of the connected storage devices perimeter specifically, CybelAngel discovered hundreds of copies of the blueprints to our client’s new prison. Our solution immediately detected potentially sensitive documents on the unsecured file server, processed them through our Machine Learning algorithms applying first a sensitivity screening and predicting a critical incident. Within minutes the CybelAngel Analyst Team confirmed the criticality of the documents and issued an alert to our customer. With an alert triggered, our Analyst Team began their investigation by identifying who was responsible for the leak and issuing an incident report — complete with context: who, what, where, and when. Located on an unsecured file server,  owned by a printing company specializing in producing and distributing blueprints, where hundreds of our client’s sensitive documents.  The incident report provided important context and details about what was exposed, which helped our client to assess the company’s risk and immediately remediate the issue.   

Arresting the leaks: 

CybelAngel detected the printer’s open file server only one day after our client transmitted the blueprints to their partner. Taking down the unsecured server immediately prevented it from being accessed by cybercriminals looking to weaponize the blueprints or monetize them by selling them on the dark web. An audit of the printing service’s network revealed that no other IP had connected to the unprotected server, except by CybelAngel’s tools.  The printing vendor was contacted and undertook efforts to secure the file transfer servers for all of their clients preventing any future abuse of others. Closing the data leak before the documents were discovered and exploited by hackers saved an estimated $1,000,000 in additional labor to redesign prison security measures. With their vendor secured, our clients could turn back towards their work confident of their data security.   

Detective’s Notes: 

A cornerstone of protection, physical or cyber, is awareness. You can’t protect against what you don’t know.  With enterprises sharing data with 583 third parties, and 62% of all Critical Level Incidents involving third parties, there is a clear and present danger.  Give your company a fighting chance by increasing your awareness of exposed, vulnerable assets with CybelAngel’s free Data Exposure Dashboard.