Comments on: Super-targeted spear phishing attacks

Super-targeted spear phishing attacks

gemmy — Thu, 27 Mar 2008 20:34:53 -0800

The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training.

Thanks to homunculus for encouraging me to post on this.

By: madamjujujive

madamjujujive — Thu, 27 Mar 2008 22:55:15 -0800

Thanks, gemmy - what a thorough overview you provided.

By: agress

agress — Thu, 27 Mar 2008 22:57:29 -0800

I think it's somewhat sad that a malicious form of e-mail spamming has taken on the name of a relatively well-known hippie jam band. I actually kinda like Phish =( I'm not sure that they'd be into using spears...

By: homunculus

homunculus — Thu, 27 Mar 2008 23:05:03 -0800

Wow, great post. Thanks for putting this together, gemmy.

By: adamvasco

adamvasco — Fri, 28 Mar 2008 00:59:16 -0800

Thanks gemmy. When I read the the cyber attack comments here I didn't really understand what was happening and MSM didn't enlighten me very much. Thanks for educating me.

By: Skorgu

Skorgu — Fri, 28 Mar 2008 04:58:36 -0800

Great post, thank you! This kind of specifically-targeted attack (spear-phishing, I love it) is an extension and refinement of the social engineering attacks that *ahem* hackers have been using for literally decades. Attacks like this are substantially harder to mitigate against because they come not in a generic wave of v1agr4 but a coordinated, integrated campaign to seem 'real' to the recipient. The levels of detail can seem absurd if you're not knee-deep in it, down to physically watching the movements of individuals in and out of the office so that everyday realities like Bob being on site in Tulsa can be worked into messages. Just goes to show that the biggest problem in computer security is between the chair and the keyboard.

By: Malor

Malor — Fri, 28 Mar 2008 06:59:39 -0800

Holy cow. I finally got around to reading about this... jesus. These people are really good. If you're a pro-resistance movement activist, you need to take some immediate steps to reduce your chance of compromise. Either don't ever open attachments, ever... or else you need to take serious steps to protect yourself. If you open attachments, ever, you're eventually gonna get taken by these guys. This is at a level of sophistication that I haven't seen before. To protect yourself, it would be wisest to read your email and communicate with the outside world with a virtual machine running inside your main OS. It would be particularly good if you were to use Linux in your virtual machine. You can do this for free. The VMWare Server program is entirely free, and will allow you to create and host images. By running an oddball OS like this, you make yourself much less vulnerable to common exploits. You can also improve your resilence even further by running the client in "non-persistent" mode; that is, changes that get made to the disk aren't saved permanently, and disappear when the virtual machine is shut down. This will only be convenient if you have an email provider that stores all your mail for you permanently, like GMail. If you download mail to your local disk, that won't work right with a non-persistent image. You should be able to find a Ubuntu image that you can use, so you don't have to install the OS onto the virtual machine yourself. Overall difficulty level would be medium, but, geeze... with the sophistication of these assholes, you really want the extra layer of protection.

By: jadepearl

jadepearl — Fri, 28 Mar 2008 07:23:52 -0800

Knew someone in the field who could put together a pr0n site completely geared to the target. Man, nice to know what some of those high end servers were being used to do. Friend could also target anyone who used Ebay as well including search histories. Yes, you are indeed being watched; very closely.

By: eye of newt

eye of newt — Fri, 28 Mar 2008 08:32:20 -0800

Companies like Norton should send out occasional sting e-mails to its registered users as part of their anti-virus package. It would probably be even more useful than scanning the computer.

By: Skorgu

Skorgu — Fri, 28 Mar 2008 09:36:53 -0800

eye of newt: "Companies like Norton should ~~send out occasional sting e-mails to its registered users as part of their anti-virus package~~ finally get pwned by a black hat and compromise every 'protected' system out there. It would probably be even more useful than scanning the computer." Paranoia [in computer security] is simply knowing the truth.