Topics: Google

Google Friends Surveilled For Cyber Attack

Posted by Thomas Claburn, Jan 26, 2010 06:44 PM

Cardinal Richelieu, chief minister of France's King Louis XIII, is generally credited with saying, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.

The cyber attack from China that hit Google and at least 33 other companies began with a targeted phishing, or spear-phishing attack. Attacks of this sort typically consist of a forged e-mail message that appears to have come from a friend. The recipient opens it and clicks on the malicious link or opens the malicious attachment because he or she trusts the purported sender.

According to a report published in the Financial Times on Monday, personal friends of employees at Google, Adobe, and other companies targeted in the attacks were "spied on" in order to make forged e-mail messages more plausible to the recipients at these companies.

This of course is how convincing spear-phishing attacks are crafted. An attacker isn't going to get convince anyone that he's a friend if he sends a message titled "thanks for celine dion tickets" and the recipient happens to loathe Celine Dion.

Such cybercrime missteps can be avoided though, thanks to vast quantity of information that people post to their Web sites and social networking pages.

And it's not just indiscreet college kids posting information that can hang them, so to speak. Far too many Internet users, in the business world and elsewhere, have revealed far too much online.

Consider the other breaking security story on Monday: At least three U.S oil companies were hit by targeted attacks from China. The Christian Science Monitor quotes an unidentified oil company source as saying, "We've seen real, targeted attacks on our C-level [most senior] executives."

Where, I wonder, might cybercriminals be getting the information they need to launch these attacks?

As Richelieu might say, give me six search results describing the most honest of men and I'll find something in them to "pwn" him.

« Oracle Cramdown Vs. SAP Kumbaya? | Main | Microsoft Virtually Confirms Zune Phone »

This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.

Sign Up For The Grok on Google Newsletter

Every Thursday, Tom Claburn and his fellow analysts offer all the news, insight, analysis, and strategic thinking you need to understand the company and complex phenomenon known as Google.

Sign up for our free, weekly newsletter today!

Newsletter Archives

:: THE LATEST GOOGLE NEWS ::

SEE MORE GOOGLE NEWS

Blog Categories
Healthcare Cloud Computing Enterprise 2.0 Digital Life Grok On Google Over The Air Outsourcing Global CIO Startup City Information Management Content Management Green Computing Full Nelson Unified Communications	Hardware Government IT Analytics Tech Stocks Interop Security Microsoft Apple Unvarnished Open Source Wolfe's Den David Berlind's Tech Radar Virtualization Storage Backup and Business Continuity
Blog Homepage