http://blog.wired.com/27bstroke6/2008/04/air-force-cyber.html By Kim Zetter Threat Level Wired.com April 15, 2008 Businessweek published an interesting story last week about cyber espionage involving a spear-phishing attack [1] that targeted a Booz Allen Hamilton executive. The e-mail contained an attachment embedded with a key-stroke logger and appeared to come from a trusted source in the Pentagon. The attacker "knew enough about the 'sender' and 'recipient' to craft a message unlikely to arouse suspicion." Spear phishing of course involves a targeted attack against a specific individual or individuals. To be effective, it requires the attacker know something about the target of the attack -- the target's work title, the nature of his duties, etc. This makes it all the more perplexing why the Air Force Cyber Command center, which has been charged with the task of combatting the nation's cyber enemies [2], published the photo above, which, according to one critic, provides a good deal of information to anyone who might want to target some of the Air Force command personnel and systems in an attack like the one that targeted Booz Allen and many others. The photo was published in the World Tribune last week, accompanying a story about the command center [3] and also appeared on the Air Force's own web site [4] last July. Even Wired.com used it to illustrate a story about the Cyber Command center [5] two months ago. But Rob Rosenberger, formerly of the VMyths web site, counts the ways [6] in which this picture was a bad idea. I'm curious to know if any other readers think this picture was a mistake. [1] http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm [2] http://blog.wired.com/27bstroke6/2008/02/air-force-launc.html [3] http://www.worldtribune.com/worldtribune/WTARC/2008/ea_china0041_04_10.asp [4] http://integrator.hanscom.af.mil/2007/July/07192007/CyberCommand.jpg [5] http://www.wired.com/politics/security/news/2008/02/cyber_command [6] http://securitycritics.org/column/1/1/2008/2/3/ -==- Let identityLoveSock take your personal information into their wanting hands. http://www.identity-love-sock.com/ Because victims have money too.
This archive was generated by hypermail 2.1.3 : Tue Apr 15 2008 - 23:46:25 PDT