Commentary
Google Friends Surveilled For Cyber Attack
Cardinal Richelieu, chief minister of France's King Louis XIII, is generally credited with saying, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.Cardinal Richelieu, chief minister of France's King Louis XIII, is generally credited with saying, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.The cyber attack from China that hit Google and at least 33 other companies began with a targeted phishing, or spear-phishing attack. Attacks of this sort typically consist of a forged e-mail message that appears to have come from a friend. The recipient opens it and clicks on the malicious link or opens the malicious attachment because he or she trusts the purported sender.
More Internet Insights
White Papers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
- How Google+, Facebook Impact Corporate Strategy: Social Media and IT at a Crossroads
- Strategy: Enterprise Social Network Buyer's Guide
Webcasts
- Maximize ROI with Database Consolidation onto Private Clouds
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
According to a report published in the Financial Times on Monday, personal friends of employees at Google, Adobe, and other companies targeted in the attacks were "spied on" in order to make forged e-mail messages more plausible to the recipients at these companies.
This of course is how convincing spear-phishing attacks are crafted. An attacker isn't going to get convince anyone that he's a friend if he sends a message titled "thanks for celine dion tickets" and the recipient happens to loathe Celine Dion.
Such cybercrime missteps can be avoided though, thanks to vast quantity of information that people post to their Web sites and social networking pages.
And it's not just indiscreet college kids posting information that can hang them, so to speak. Far too many Internet users, in the business world and elsewhere, have revealed far too much online.
Consider the other breaking security story on Monday: At least three U.S oil companies were hit by targeted attacks from China. The Christian Science Monitor quotes an unidentified oil company source as saying, "We've seen real, targeted attacks on our C-level [most senior] executives."
Where, I wonder, might cybercriminals be getting the information they need to launch these attacks?
As Richelieu might say, give me six search results describing the most honest of men and I'll find something in them to "pwn" him.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
Featured Resource
Download this whitepaper and find out how to easily manage web content by categorizing it into a discrete number of categories.
Learn More
