Video – Anatomy of an IoT Attack

- [Male Reporter] The race is on to get a fully self-driving car to market.

- [Female Reporter] Autonomous Car Company, Opticon, promises a car--

- [Male Reporter] Cars that drive themselves, Opticon's new cars--

- [Automated Voice] Joining conference now.

- [Man] He's destroyed data and deleted the backups, we can recover most of it, but some of the research may be
gone for good. According to forensics, they may have had access to the blueprints.

- [Male Reporter] The FBI arrested a San Francisco man in connection with last month's Oticon hack.

- [Detective] Brian, can I get you anything? Coffee or a soda or something?

- No, no.

- So, walk me through it, step by step.

- Well, I took over the website to a bowling alley.

- Brian, this is not a joke.

- Okay, look, they have this research facility down in the peninsula, and they're working on optical tracking
cameras for driverless cars. So, just searching through social media I get the names of a whole bunch of
engineers who are working there. And as I'm looking them up, I come across this bowling league, where a bunch
of tech companies play every Wednesday. And this is an old school bowling alley with this really ancient website,
and it has all of the league info, company names, player names.

- Okay, so you hacked into a bowling alley website.

- Yeah.

- All right, explain how that works.

- [Brian] It's called an iframe injection attack, it's this old exploit that hits anyone that visits the website. So, a week
later, this guy from Opticon suddenly has my malware on his laptop. I couldn't believe it worked, it was like a joke.

- What does that get you?

- Well the next day, he goes to work, and he opens his laptop, and he connects to the network, and that's it, I'm in.

- Yeah but, that still doesn't get you inside. I mean they discovered it, they wiped the laptop, scanned the network,

- They didn't scan the whole network. The thermostat's part of the network. It's inside the firewall, it's connected to
Opticon's entire network. You can get the whole standard configuration and password online in 30 seconds, I got
it off the manufacturer's website. So, they scanned most of the network, they didn't scan the thermostat.

- Then what?

 2018 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 2 www.netacad.com
Video – Anatomy of an IoT Attack

- Then I just went exploring. It was a totally flat network, no subnets or anything. I could see everything: HR files,
legal documents, R&D. When I found the blueprints, I realized I could make some money off these files.

- What happened after you sent the files?

- Well, then I burned everything down. I wiped everything I could find, I encrypted drives, and deleted backups.

- [Woman] Is the network down?

- [Man] Hacked into the database.

- [Man] We're going to have to do a full restore from the backups.

- [Man] No, the backups are encrypted.

- [Man] This is deliberate, this is a major breach.

- [Man] Malware.

- [Man] We've got to call the FBI.

- I was just scared, I was trying to cover my tracks.

- And somebody paid you how much exactly?

- 75 Bitcoins.

- Nice, not enough to retire on, but still. All right, Brian Page, are you sure you don't know who paid you?

- [News Reporter] European automaker QCAR has beaten Opticon to market with their QX sedan, the world's first
self-driving car. Aupticon shares tumbled 11 percent.

 2018 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 2 www.netacad.com