Are you dumb enough to fall for a phishing scheme? Well a bunch of diplomats, soldiers, senior officials, journalists and dissidents apparently are that dumb.
You may have followed some of the ongoing battle between the Chinese government and Google. It started with battles over censorship and then an incident of Google accusing China of stealing proprietary code. Code theft was alleged at more than 20 western companies. These incidents were weakly but indignantly denied by the Chinese and led to Google withdrawing from China.
Google China Hackers Stole Source Code - Researcher
Reuters, Mar 1 2010
The latest incident involves an attack against the private email [Gmail] accounts of hundreds of senior officials, military types and journalists from America and Asian countries, chiefly South Korea. The result is the ability of the “hackers” to read past and present emails of victims for the purpose of spying and control of dissidents.
What surprised me is this article from the Economist which says that the latest incident was simple “phishing” rather than super sophisticated hacking. The victims were stupid. And of course their stupidity exposes information about innocents that may be on the victim’s machines.
A Chinese Cyber-Attack On A Jumpy America
Economist, Jun 2nd 2011
Most people know that you don’t give out sensitive information – account numbers, social security numbers, passwords, etc – to anyone on the web. It’s hard to be sympathetic of those that do. Lately we read that some people will give such data in an email because a co-worker or corporate department head asked them to do so in an email. Utterly stupid; and again, it’s hard to be sympathetic. This is why companies have to build so many defenses to protect themselves from their own employees.
In the latest China incident, apparently people who should know better were sent emails from official looking sources such as the State Department. The email asked for review and comment on a document and when victims clicked on the attachment, they got an official looking Gmail login screen. Those that logged in gave up their passwords and their email files. How stupid can a person be?
No comments:
Post a Comment