Mr. Robot and SSH

I'm a big fan of the Mr. Robot series on USA Network. If you aren't familiar with the show, it's about a skilled hacker who suffers from Dissociative Identity Disorder. The show is extremely well written and the protagonist Rami Malek is fantastic. The writers of the show pride themselves in portraying realistic hacks and consult with outside hacking groups for authenticity.

In season 3, episode 5, Rami's character (Elliot) was fired and he was locked out of his office computer. He made up some excuse and asked to borrow his cubicle mates computer, and leveraging an SSH Key he obtained ROOT Level access to his Computer effectively bypassing the corporate lockout. From there he was able to capture information and delete files.  As security closed in to have him escorted out of the building, he repeated this process from different machines throughout the company, connecting to production servers and back-end systems. By the time they found him to escort him out of the building a majority of the damage was done. 

This similar scenario actually played out in real life by an ex-employee at Citi, only his actions caused real financial losses for the bank. Most businesses do not realize that SSH Keys = Identity = Access. Therefore, revoking AD credentials (which locks a user out of their computer) will not prevent that very same user from using an SSH Key to obtain access to whichever servers they have placed SSH keys prior. Moreover, by default SSH keys don't expire. A key created some 20 years ago still works today - placing your company at risk for this type of access attack. To help you determine your risk and exposure to nefarious attacks, SSH has created a "Risk Assessment" to scan systems and report back vulnerabilities, and our security experts can provide you with practical solution options emphasizing quick risk reductions for privileged access of both SSH and RDP.