Super-targeted spear phishing attacks March 27, 2008 8:34 PM Subscribe
The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media.
Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training.
Thanks to homunculus for encouraging me to post on this.
Thanks, gemmy - what a thorough overview you provided. posted by madamjujujive at 10:55 PM on March 27
I think it's somewhat sad that a malicious form of e-mail spamming has taken on the name of a relatively well-known hippie jam band. I actually kinda like Phish =(
I'm not sure that they'd be into using spears... posted by agress at 10:57 PM on March 27
Wow, great post. Thanks for putting this together, gemmy. posted by homunculus at 11:05 PM on March 27
Thanks gemmy. When I read the the cyber attack comments here I didn't really understand what was happening and MSM didn't enlighten me very much. Thanks for educating me. posted by adamvasco at 12:59 AM on March 28
Great post, thank you!
This kind of specifically-targeted attack (spear-phishing, I love it) is an extension and refinement of the social engineering attacks that *ahem* hackers have been using for literally decades. Attacks like this are substantially harder to mitigate against because they come not in a generic wave of v1agr4 but a coordinated, integrated campaign to seem 'real' to the recipient.
The levels of detail can seem absurd if you're not knee-deep in it, down to physically watching the movements of individuals in and out of the office so that everyday realities like Bob being on site in Tulsa can be worked into messages.
Just goes to show that the biggest problem in computer security is between the chair and the keyboard. posted by Skorgu at 4:58 AM on March 28
Holy cow. I finally got around to reading about this... jesus. These people are really good.
If you're a pro-resistance movement activist, you need to take some immediate steps to reduce your chance of compromise. Either don't ever open attachments, ever... or else you need to take serious steps to protect yourself. If you open attachments, ever, you're eventually gonna get taken by these guys. This is at a level of sophistication that I haven't seen before.
To protect yourself, it would be wisest to read your email and communicate with the outside world with a virtual machine running inside your main OS. It would be particularly good if you were to use Linux in your virtual machine. You can do this for free. The VMWare Server program is entirely free, and will allow you to create and host images.
By running an oddball OS like this, you make yourself much less vulnerable to common exploits. You can also improve your resilence even further by running the client in "non-persistent" mode; that is, changes that get made to the disk aren't saved permanently, and disappear when the virtual machine is shut down. This will only be convenient if you have an email provider that stores all your mail for you permanently, like GMail. If you download mail to your local disk, that won't work right with a non-persistent image.
You should be able to find a Ubuntu image that you can use, so you don't have to install the OS onto the virtual machine yourself. Overall difficulty level would be medium, but, geeze... with the sophistication of these assholes, you really want the extra layer of protection. posted by Malor at 6:59 AM on March 28
Knew someone in the field who could put together a pr0n site completely geared to the target. Man, nice to know what some of those high end servers were being used to do. Friend could also target anyone who used Ebay as well including search histories. Yes, you are indeed being watched; very closely. posted by jadepearl at 7:23 AM on March 28
Companies like Norton should send out occasional sting e-mails to its registered users as part of their anti-virus package. It would probably be even more useful than scanning the computer. posted by eye of newt at 8:32 AM on March 28
eye of newt: "Companies like Norton should send out occasional sting e-mails to its registered users as part of their anti-virus packagefinally get pwned by a black hat and compromise every 'protected' system out there. It would probably be even more useful than scanning the computer."
Paranoia [in computer security] is simply knowing the truth. posted by Skorgu at 9:36 AM on March 28
Subscribe
posted by madamjujujive at 10:55 PM on March 27