Thursday, February 17, 2011

Executive Spear Phishing: Who Clicked On The Dirty Pictures?

Here's what happened:

Sources have confirmed, however, that the attackers successfully penetrated the computer systems at the federal government's two main economic nerve centres, the Finance Department and Treasury Board.

The hackers apparently managed to take control of computers in the offices of senior government executives as part of a scheme to steal the key passwords that unlock entire government data systems.


And this is what it is:

Organized crime is zeroing in on medium to large sized enterprises using a well honed attack that can penetrate most enterprises defenses. Called "spear phishing" it involves targeting one or two individuals within the enterprise and then sending them well crafted email with links or document attachments which then download malware into the enterprise. The number of attacks is rising dramatically.

[...]

The method of attack usually uses MS Office documents but can also involve links to fake websites that look real. One attack focussed on the new executive of a large enterprise for whom a press release had been written.


If so, you would think somebody ought to get fired.

5 comments:

A Eliz. said...

How about Wikileaks...love it

Robert G. Harvie, Q.C. said...

Not sure of your point A Eliz.

I'm guessing, based upon most "progressive" support of wiki leaks, that having access to private government information is a good thing, and that the employee who opens the door to the government data banks should be hailed as a "whistle blower".

Gene Rayburn said...

Actually RG Harvie as a "progressive" I find A Eliz's point incredibly confusing. Im going to repeat the response I made where she posted the same point.

Why on earth would you want it to be Wikileaks? There's a huge difference between posting leaked documents & actively compromising a govt computer system. The latter is a crime & if it was Wikileaks not only would that discredit them it would end them. Why would Wikileaks act maliciously and break into the system that holds our personal tax info? If your theory was true it would ensure some very serious charges for Julian Assange. No questionable charges brought up over a broken condom. Actively breaking into a government system is seriously more sinister than any type of whistleblower and should't be cheered on. From a pragmatic point of view I cannot see any logic or use from such a move.

Terrence said...

As far as I know, Wikileaks hasn't broken into, or asked anyone to break into, a government computer system.

Try as it might, the U.S. government has been unable to link Julian Assange to Private Manning. It's own investigators have admitted as much.

Gene Rayburn said...

"As far as I know, Wikileaks hasn't broken into, or asked anyone to break into, a government computer system."

They won't. Asking or implying to your readers/users/followers to wilfully break into a private government network is illegal and could result in a cornucopia of charges dependent on the country. Real charges too, not the ones trumped up in Sweden.

Looking at their About page, I suspect that A Eliz should take a peak at it too.

"We provide an innovative, secure and anonymous way for sources to leak information to our journalists (our electronic drop box). "

Leak; that word makes a big difference. So much that it is the key part of their name and brand. What good would doing a B&E do to their cause? Throwing a bit of crypto anarchism into the mix isnt going to be anything but detrimental to any organization such as Wikileaks. That's why Im taking offense to such a stupid and comment spammed point. Ive read it on several blogs and gotten the impression of someone cheering on a bus crash.