Foiling the Hackers BY DENNIS McCAFFERTY
AS A HIGH-PROFILE, WASHINGTON-BASED THINK TANK,
the Center for American Progress takes strong positions
on hot-button topics, such as health care reform, the
Middle East and the state of the economy. With John
Podesta, former chief of staff to former President Bill
Clinton as its president and CEO, CAP remains firmly
planted on the left side of the political equation.
Since the business of Washington is about taking
sides and then taking aim, it’s not surprising that CAP
Biden, former British Prime Minister
Tony Blair, and countless U.S. representatives and senators.
CAP’s IT enterprise manages all communications and data-sharing functions
needed to support this level of activity.
Consequently, there are always attempts
to penetrate its network—often by organizations that are based outside the
As many as 70,000 log-ins a day are
attempted by hacker bots trying to guess
the organization’s passwords. And then
there are the constant “spear phishing” attacks, in which
hackers compromise desktop and user resources by penetrating the network and pretending to conduct normal
user activity, while actually seeking to swipe any useful
information they can get.
“It’s quite common for one of our employees to get
e-mails that look as if they came from someone they’ve
been regularly corresponding with,” says Nick Levay,
manager of information security and operations for CAP.
“But they are actually from attackers, who then get inside
our network and infect employees’ [computers] with mal-ware. They also infect those with whom the employee is
in constant contact. Then they burrow into the network
and get whatever information they can. They’re patient,
and they’re good.”
In 2009, enterprise technology managers for the Center
for American Progress started fighting back. They sought
a new IT tool that would bring together the logs of all
activity on the enterprise so the information could be
more effectively mined.
Much of this data was spread throughout separate
locations, depending on whether it was based on a
Windows, Cisco, Unix, Linux or other system. That
meant the IT staffers couldn’t make enterprisewide inqui-
ries of log activity, which drastically slowed down the
process of investigating attacks.
BASELINE JULY/AUGUST 2010