SSH Key Misuse: Why Aren't We Protecting Our Machine Identities?
SSH Key Misuse and Beyond: Why Aren't We Protecting Our Machine Identities?
Chris Vickery, a cyber risk analyst for UpGuard, recently revealed that a cache of documents related to a National Geospatial-Intelligence Agency (NGA) military project were left unprotected on an Amazon cloud storage server. The files included highly sensitive SSH keys, as well as security credentials for a lead senior engineer at Booz Allen Hamilton, a major contractor in the federal space.
Distressingly, it's possible that these credentials provided malicious actors access to a highly-protected Pentagon system. Vickery was shocked by availability of these assets, writing: "Exposing a private key belonging to a Booz Allen IT engineer is potentially catastrophic for malicious intrusion possibilities."
Experts consider SSH keys to be more secure than usernames and passwords, so they're often used to manage privileged access to the world's most sensitive data and critical machines. Unfortunately, many organizations struggle with protecting SSH keys. For example, a Forrester report found that 47% of security professionals have already responded to a breach involving SSH keys over the previous two years.
This specific incident is part of a much a larger problem with SSH and TLS keys, as well as digital certificates, because they are used in the same way humans utilize user names and passwords. Machines use keys and certificates are used to authenticate each other so they can communicate securely. This concept is one of the least understood and most frequently overlooks aspects of security. Every year we spend $7 billion protecting user names and passwords but we spend almost nothing protecting digital certificates and cryptographic keys.
We've seen many incidents that involved unprotected machine credentials, especially in the federal space. Famously, a leaked NSA memo confirmed Edward Snowden used machine identities to remain undetected while he gained unauthorized system access and exfiltrated a massive amount of sensitive government data. The use of machine identities was crucial to Snowden’s success because it allowed him to evade detection by all of the NSA's sophisticated security technology.
On a global scale, nation state attackers have used unprotected machine identities to launch devastating campaigns on physical infrastructure by creating their own machine identities that make it possible to create backdoors. For example, Russian attackers used an unauthorized SSH key to launch a devastating attack on Ukraine’s power grid in December 2015. This same type of attack would almost certainly go undetected in US and Western European critical infrastructure because most organizations don’t have visibility into where their keys and certificates are and they don't know how they are being used.
We rely on keys and certificates to control access to our most sensitive infrastructure and to secure the flow of information to authorized machines. We also rely on them to prevent the flow of information to unauthorized machines. Without better visibility and greater control the security and reliability risks associated with machine identities will continue to grow, especially as machines take over more critical operational roles.
Ultimately, it's imperative for us to create policies and solutions that protect machine identities. The first step is simply recognizing that machines, including those housed in datacenters and the cloud, require robust and effective protection. We spend so much time, effort and expense securing the usernames and passwords utilized by humans, the machines that access our critical data require the same rigorous defense.
About the Author: Nick Hunter is Sr. Digital Trust Researcher for Venafi.