Super-targeted spear phishing attacks
March 27, 2008 8:34 PM   Subscribe

The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training.

Thanks to homunculus for encouraging me to post on this.
posted by gemmy (21 comments total) 11 users marked this as a favorite
Thanks, gemmy - what a thorough overview you provided.
posted by madamjujujive at 10:55 PM on March 27, 2008

I think it's somewhat sad that a malicious form of e-mail spamming has taken on the name of a relatively well-known hippie jam band. I actually kinda like Phish =(

I'm not sure that they'd be into using spears...
posted by agress at 10:57 PM on March 27, 2008

Wow, great post. Thanks for putting this together, gemmy.
posted by homunculus at 11:05 PM on March 27, 2008

Thanks gemmy. When I read the the cyber attack comments here I didn't really understand what was happening and MSM didn't enlighten me very much. Thanks for educating me.
posted by adamvasco at 12:59 AM on March 28, 2008

Great post, thank you!

This kind of specifically-targeted attack (spear-phishing, I love it) is an extension and refinement of the social engineering attacks that *ahem* hackers have been using for literally decades. Attacks like this are substantially harder to mitigate against because they come not in a generic wave of v1agr4 but a coordinated, integrated campaign to seem 'real' to the recipient.

The levels of detail can seem absurd if you're not knee-deep in it, down to physically watching the movements of individuals in and out of the office so that everyday realities like Bob being on site in Tulsa can be worked into messages.

Just goes to show that the biggest problem in computer security is between the chair and the keyboard.
posted by Skorgu at 4:58 AM on March 28, 2008

Holy cow. I finally got around to reading about this... jesus. These people are really good.

If you're a pro-resistance movement activist, you need to take some immediate steps to reduce your chance of compromise. Either don't ever open attachments, ever... or else you need to take serious steps to protect yourself. If you open attachments, ever, you're eventually gonna get taken by these guys. This is at a level of sophistication that I haven't seen before.

To protect yourself, it would be wisest to read your email and communicate with the outside world with a virtual machine running inside your main OS. It would be particularly good if you were to use Linux in your virtual machine. You can do this for free. The VMWare Server program is entirely free, and will allow you to create and host images.

By running an oddball OS like this, you make yourself much less vulnerable to common exploits. You can also improve your resilence even further by running the client in "non-persistent" mode; that is, changes that get made to the disk aren't saved permanently, and disappear when the virtual machine is shut down. This will only be convenient if you have an email provider that stores all your mail for you permanently, like GMail. If you download mail to your local disk, that won't work right with a non-persistent image.

You should be able to find a Ubuntu image that you can use, so you don't have to install the OS onto the virtual machine yourself. Overall difficulty level would be medium, but, geeze... with the sophistication of these assholes, you really want the extra layer of protection.
posted by Malor at 6:59 AM on March 28, 2008

Knew someone in the field who could put together a pr0n site completely geared to the target. Man, nice to know what some of those high end servers were being used to do. Friend could also target anyone who used Ebay as well including search histories. Yes, you are indeed being watched; very closely.
posted by jadepearl at 7:23 AM on March 28, 2008

Companies like Norton should send out occasional sting e-mails to its registered users as part of their anti-virus package. It would probably be even more useful than scanning the computer.
posted by eye of newt at 8:32 AM on March 28, 2008

eye of newt: "Companies like Norton should send out occasional sting e-mails to its registered users as part of their anti-virus package finally get pwned by a black hat and compromise every 'protected' system out there. It would probably be even more useful than scanning the computer."

Paranoia [in computer security] is simply knowing the truth.
posted by Skorgu at 9:36 AM on March 28, 2008

Here's a bit more about the attacks on Students for a Free Tibet.
posted by homunculus at 11:30 AM on March 28, 2008

Estonia prepares for repeat of cyberattacks on anniversary similar to those organised by Titan Rain.
posted by adamvasco at 1:20 AM on April 7, 2008

China movies cause chaos
posted by homunculus at 3:20 PM on April 20, 2008

posted by blacklite at 11:08 PM on April 22, 2008

More at Slashdot: FBI Concerned About Implications of Counterfeit Cisco Gear
posted by homunculus at 9:33 AM on April 23, 2008

« Older Dennis Potter   |   The Wakefield twins are back... and thinner? Newer »

This thread has been archived and is closed to new comments