I was referring to the larger organsisations out there as an example of how it is sometimes easier to go after the teams of engineers and gain access to the core of the project. For us small time developers it would be unusual to be targeted in such a manner. But then again if you have something that interferes with an established business and is valuable you could also become a target. Social Engineering is the most successful type of attack in this circumstance. It is far easier to target a human then to target a corporate network. Its not difficult to find individuals involved in large projects or teams. If the requirement is such they will be monitored. Where they go for lunch. What type of woman they like, the clubs they attend, where they live, what car they drive. This is a costly route to source but for some money is not an issue when it comes to business and threats that could harm that business.
Connection details and keys should always be secured. Use development areas to stage projects before deployment. Any confidential information should be stored safely. If it is so important you probably shouldn’t have it on your work box. Maybe an air gap set-up whereby you have a single machine offline with no wi-fi or network connectivity… Then transport the data by USB from one to another system. You could go so far as to become ridiculously paranoid about all this but for most of us it is a far off concern.
So many factors Antony. I really don’t want to scare monger as the rarity of these types of attack on the average Joe-Blogs stay at home coder are not really a threat…
Too much shared information on forums, Stack Overflow, Social Media… Great material to build the basis for an attack. More often then not its all too common to find quite critical details in this way. Think about Silk Road and how that all came crashing down (a simple email on a forum lead back to DPR). Similar situations often arise. The information is already out there in some circumstances. You just have to be persistent in locating it. In essence never share too much nor ask questions that can lead back to you and your assets or reveal too much of its inner workings, structure, and deployment.