Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.The cyber attack from China that hit Google and at least 33 other companies began with a targeted phishing, or spear-phishing attack. Attacks of this sort typically consist of a forged e-mail message that appears to have come from a friend. The recipient opens it and clicks on the malicious link or opens the malicious attachment because he or she trusts the purported sender.
According to a report published in the Financial Times on Monday, personal friends of employees at Google, Adobe, and other companies targeted in the attacks were "spied on" in order to make forged e-mail messages more plausible to the recipients at these companies.
This of course is how convincing spear-phishing attacks are crafted. An attacker isn't going to get convince anyone that he's a friend if he sends a message titled "thanks for celine dion tickets" and the recipient happens to loathe Celine Dion.
Such cybercrime missteps can be avoided though, thanks to vast quantity of information that people post to their Web sites and social networking pages.
And it's not just indiscreet college kids posting information that can hang them, so to speak. Far too many Internet users, in the business world and elsewhere, have revealed far too much online.
Consider the other breaking security story on Monday: At least three U.S oil companies were hit by targeted attacks from China. The Christian Science Monitor quotes an unidentified oil company source as saying, "We've seen real, targeted attacks on our C-level [most senior] executives."
Where, I wonder, might cybercriminals be getting the information they need to launch these attacks?
As Richelieu might say, give me six search results describing the most honest of men and I'll find something in them to "pwn" him.