Google Friends Surveilled For Cyber Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
1/26/2010
06:44 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Friends Surveilled For Cyber Attack

Cardinal Richelieu, chief minister of France's King Louis XIII, is generally credited with saying, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.

Cardinal Richelieu, chief minister of France's King Louis XIII, is generally credited with saying, "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

Richelieu's claim attests to the ease with which information can be misused. It's a lesson that Internet users might want to revisit in this age of online insecurity.The cyber attack from China that hit Google and at least 33 other companies began with a targeted phishing, or spear-phishing attack. Attacks of this sort typically consist of a forged e-mail message that appears to have come from a friend. The recipient opens it and clicks on the malicious link or opens the malicious attachment because he or she trusts the purported sender.

According to a report published in the Financial Times on Monday, personal friends of employees at Google, Adobe, and other companies targeted in the attacks were "spied on" in order to make forged e-mail messages more plausible to the recipients at these companies.

This of course is how convincing spear-phishing attacks are crafted. An attacker isn't going to get convince anyone that he's a friend if he sends a message titled "thanks for celine dion tickets" and the recipient happens to loathe Celine Dion.

Such cybercrime missteps can be avoided though, thanks to vast quantity of information that people post to their Web sites and social networking pages.

And it's not just indiscreet college kids posting information that can hang them, so to speak. Far too many Internet users, in the business world and elsewhere, have revealed far too much online.

Consider the other breaking security story on Monday: At least three U.S oil companies were hit by targeted attacks from China. The Christian Science Monitor quotes an unidentified oil company source as saying, "We've seen real, targeted attacks on our C-level [most senior] executives."

Where, I wonder, might cybercriminals be getting the information they need to launch these attacks?

As Richelieu might say, give me six search results describing the most honest of men and I'll find something in them to "pwn" him.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll