“From the details you offered, issue may probably caused by your computer security defense system as it seems not recognized our rarely used driver & detected it as malicious or a virus,” Saicoo’s support team wrote in an email. In response to KrebsOnSecurity’s request for comment, Saicoo sent a somewhat less reassuring reply. He said Saicoo did not address his concern that the driver package on its website was bundled with malware. Mark said he contacted Saicoo about their website serving up malware, and received a response saying the company’s newest hardware did not require any additional drivers. “Seems like a potentially significant national security risk, considering that many end users might have elevated clearance levels who are using PIV cards for secure access,” Mark said. Amazon said in a written statement that it was investigating the reports. Ramnit is a well-known and older threat - first surfacing more than a decade ago - but it has evolved over the years and is still employed in more sophisticated data exfiltration attacks. Windows suggested consulting the vendor’s website for newer drivers. Mark said when he received the reader and plugged it into his Windows 10 PC, the operating system complained that the device’s hardware drivers weren’t functioning properly. It is the principal card used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The Common Access Card (CAC) is the standard identification for active duty uniformed service personnel, selected reserve, DoD civilian employees, and eligible contractor personnel. The USB-based device Mark settled on is the first result that currently comes up one when searches on for “PIV card reader.” The card reader Mark bought was sold by a company called Saicoo, whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. KrebsOnSecurity recently heard from a reader - we’ll call him “Mark” because he wasn’t authorized to speak to the press - who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees.
0 kommentar(er)
