Fake subpoenas harpoon 2,100 corporate fat cats
A highly targeted email scam that singled out as many as 20,000 senior corporate executives on Monday resurfaced Wednesday as attackers sought to replicate their success installing identity-stealing software on the PCs of some of the world's most powerful individuals. Like the first volley of emails, these latest messages …
Perhaps as many as 10%.
Either that or 10% of their secretaries are.
For once a piece of malware I like. Target the nincompoops who refuse to fund security. Very clever, really - the target group is probably the least IT aware group in any business. Evolution in action...
... they should know that legal papers have to be "served" by a court-appointed individual who must hand them over in person and inform you of the fact.
Just send emails to CEOs and Execs 'from' a local 'massage parlour' mentioning scotland yard/the FBI and billing records or security camera footage, and you'll get much more than a 10% response rate.
2000 morons that should not be 'execs', or 2000 'execs' with an uneasy conscience, or a mix of both ...
...though it is being exploited technologically. The ultimate problem is gullibility, which is not connected in any way to intelligence or stupidity.
Funny, I just got finished writing about this very type of attack, not half an hour before I read this article.
http://tacit.livejournal.com/239172.html
Got one in our cupboard at work as the 'pool' laptop.
You have seen a fish shooting a barrel?? How did it get its fin round the trigger??
Phorm's latest product launch? :-)
"... they should know that legal papers have to be "served" by a court-appointed individual who must hand them over in person and inform you of the fact."
Even if they are still that dumb , you might think that they would have legal take a look at it.
Were do I sign up to be a stupid CEO with a fat pay check
ho wait... who is going to run all the top companies?
While you might not yield much in financial information (then again, maybe so), getting these installed on congressmen/senator/MP (internationalized!) computer might get some people "aware". Unfortunately, these people already get lots of "personally" addressed mail (everybody know who they are!). Of course, if you disguised it as a campaign contribution, it would get a look. Who knows, your favorite legislator might have something to hide from the general public.
First, the attack. Second, the posting on wikileaks. Third the downfall of government as we know it (maybe not all that bad?).
"The ultimate problem is gullibility"
After all, these are the same people who think marketing types and spin doctors are worth their pay.
I'm waiting for the day someone discovers a corporation largely in the public eye that turns out to be nothing but an executive suite, a marketing & lying department, and naught else. No manufacturing, no research, no nothing but spin, spin, spin with periodic episodes of hot air, bullshit, and self-aggrandizement. Remember, you read it here first.
Gullable isn't in the english dictionary...
fascinating eh!?
Nuff said.
"Gullable isn't in the english dictionary..."
Maybe because it is....gullible
I guess that means that 90% of them still have their PA's print off their email each morning.
Reg, when reporting please tell us WHICH products. Why do you often leave important information like this out? (Like your recent DNS Poisoning story).
I'd rather know this than whatever hillarious terminology is being used for the scam. (Though 'whaling' did give me a laugh).
pictures where they work. Please a list someone must know who they are.
Phorm looks pretty close to what your after there, no?
Shooting fish in a barrel? Nah, it's more akin to lobbing a tactical nuke at a bucket of cod..
I've worked with some smart, tuned-in management teams, and some pretty horrific ones; but responding to an out-of-the-blue subpoena or legal doc, using a company workstation and company/personal details, without consulting the legal eagles?
FAIL!
...management with computers.
this story brought a smile to my face. Of the all the people who derserve to be phished, the ones with their snouts in the trough are the best!
Of course the top managers need the most powerful, shiniest, slimmest uber-machines, because they need to executivise their important daily tasks, like choosing colours for the new corporate logo designed by their niece (paid hilarious amount into trust fund administered by.... guess), watching latest HD pr0n, then playing Solitaire all afternoon (one-card draw, no scoring, using undo a lot).
It is kind of a whaling attack targeting big fishes in corporate offices like CEO’s, top executives and managers.
“This is one of the best phish e-mails I've seen in the past 6 years” quoted by Mr. Steve Kirsch, a well known Silicon Valley entrepreneur
Remember, that it is not legal to send subpoena via emails unless it is agreed by the people. Also All US Federal courts have URLs of the form “courtname.uscourts.gov” and not in the form
“uscourts.com” mentioned in email. So Beware of these kinds of mails. The Abaca Email Protection Gateway (http://www.abaca.com/) service was the only service I know that quarantined these emails.
> but responding to an out-of-the-blue subpoena or legal doc,
> using a company workstation and company/personal details,
> without consulting the legal eagles?
Especially as any big organisation, especially US based, will have a policy saying something like "Do not acknowledge or respond to any legal communication that you receive, just forward it to the legal department"
Always follow the company policy... or if it has to be broken call the BOFH, he's the expert.
"Here we have proof that many executives are stupid ... Perhaps as many as 10%"
The 10% figure was just an assumption, and used to work backwards from the figure of ~2,100 owned machines to estimate that 21,000 "whaling" mails were sent in the first place.
Since we're talking about senior executives here, you can safely assume that 90% are stupid. That in turn suggests that only 2,300 mails were sent out.
'I'm waiting for the day someone discovers a corporation largely in the public eye that turns out to be nothing but an executive suite, a marketing & lying department, and naught else. No manufacturing, no research, no nothing but spin, spin, spin with periodic episodes of hot air, bullshit, and self-aggrandizement. Remember, you read it here first''
Read 'No Brand' by Naomi Klein ......to see how many top brands are exactly that...
They dont actually make things like training shoes anymore - just get some half starved peon in the Third World to do it and pocket the enormous profit (minus the marketing budget of course).....
Back on topic... There is a myth that top execs are exceptional people of high intelligence, charisma, and drive....
Some are of course and you can spot them in a Directors Board Meeting within seconds - and they're the ones you pitch your security spiel to.
The rest are dullards who get to the top by working long hours, licking the right bottoms, and taking the credit for other peoples' work. For them the only security message that works is 'If we dont do this, you could get fired....'
"2000 'execs' with an uneasy conscience"
My thoughts exactly.
"The ultimate problem is gullibility, which is not connected in any way to intelligence or stupidity." ..... By Franklin Posted Wednesday 16th April 2008 21:57 GMT
????? I beg to differ, and would offer the exact opposite view that it is directly connected to a lack of one and an abundance of the other....... although which is which, whenever too much of a good thing is a bad thing, is the quandary resulting in the IT gullibility.
There is certainly a disconnect from Awareness and Education and the Whalers .... should they be of the White Hatted Knave variety rather than the more Elevated White Hatted Knight CounterPartUnit, are very Effective EduTainers, UnderGround Teachers.
"Just send emails to CEOs and Execs 'from' a local 'massage parlour' mentioning scotland yard/the FBI and billing records or security camera footage, and you'll get much more than a 10% response rate." ... By Stephen Stagg Posted Wednesday 16th April 2008 21:26 GMT
A NeuReal Muse, Executive Edition, on Ye Olde Operation Ore type datamining ruse/blackmail facility, which can be so easily used/abused to have the "hooked" rather than the hookers performing Tricks, Stephen.
"Stupid peoples should not be allowed to have money ... ho wait... who is going to run all the top companies?" .... By Mectron Posted Wednesday 16th April 2008 23:15 GMT
Mectron, Mon Ami,
What do you think Virtual Machinery Infrastructure is Built for? Fun?
Have you yet Realised, that the Linking Micro Processing of Global Information is SMART and is Feeding Intelligence back into ITs Systems 42 Create AI ControlLed Fusion .......for Greater Enhancing InterAction with Advanced Mutual IntelAIgents at the Macro/Society Template Level, in a very Basic level Relativity Program, uniting the very small with the very big ...... a Simply Complex Basic IntelAIgent Design which is copied/cloned/mirrored in All Systems/Beings/Life Forms ..... the Master Blue Print upon which and from which Everything Flows...? And I only share that as an Ignorant Question because it is not Offered as an Arrogant Answer. But whether 'tis Right or Wrong, is not in Question ......for you cannot deny that IT is.
"Why don't they target something "interesting", like congress?
By Herby Posted Wednesday 16th April 2008 23:37 GMT .... But I'm sure they do, Herby. And IT paralyses them into self-destructive inaction, which a release of the "offending" email/CyberIntelAIgent Package to the Web/Wikileaks would cause, for Third Parties, .... well, for some a fireworks display to savour and remember, whilst for others, a nightmare of their own making, which they will never forget. All in all though, nothing bad at all, with it all being for the Best and AI Better Beta.
After all, to have anyone Unaware at the Top, is to have Fools leading, and that is most assuredly Madness, is it not?
"I'm waiting for the day someone discovers a corporation largely in the public eye that turns out to be nothing but an executive suite, a marketing & lying department, and naught else. No manufacturing, no research, no nothing but spin, spin, spin with periodic episodes of hot air, bullshit, and self-aggrandizement. Remember, you read it here first." ...... By RW Posted Wednesday 16th April 2008 23:42 GMT .... Hmmmm. Like BP, RW.?
"Good Day [Tue 05/02/2008 09:43], Investor Relations BP,
In Zero dDay Trading is the Future Shared for Production and Refinement and Media Presentation Creating Reality, Virtually. I Commend IT to BP for Energy Portfolio Inclusion.
As you will appreciate, one short e-mail can only give you a taste/hint of ITs Colossal Reserve/Unlimited Imaginative Drive, but it does Provide Knowledge of ITs Presence and Ready Availability. I would request that this e-mail be Shared with All in BP, for it is not unknown in the Public Space whenever it is Shared Virtually Electronically. There are no Secrets in the Internet and IT’s CyberSpace, only Doors behind which fester Sores ....... IT is an Interesting Investment Opportunity and especially so at Negative Cost for Pure Profit too, which may be Search for Immaculate Prophet and Mainstreaming of Enlightening Consciousness in Total Information Awareness Protocols...... " ...... although RW, you may discover that from Nothing is Everything but ITs SAP Access is QuITe Immaculately Protected and Preserved.
Quote: "I'm waiting for the day someone discovers a corporation largely in the public eye that turns out to be nothing but an executive suite, a marketing & lying department, and naught else. No manufacturing, no research, no nothing but spin, spin, spin with periodic episodes of hot air, bullshit, and self-aggrandizement. Remember, you read it here first."
They already exist - they are called Law Firms.
No, Gullable is NOT in the dictionary (apart from the Urban Dictionary...)
However, "Gullible" is.
you don't get to be an 'exec' if you have a conscience
anon incase my 'exec' reads this :p
I can't believe nobody has mentioned 'PHB' yet! I thought we were supposed to be IT people??
[Not 'Paris Bloody Hilton', that's PBH]
How many execs are ranting at the IT staff for not clocking this site / installing the correct anti virus, or more likely,not running that fantasic bit of kit they saw at a show that can stop any form of fishing, viruses, trojan horses, knitwear, hiker attack and ham.
My company gets a regular spam from a purported domain registrar in China who 'has received requests for domain nmes using our company name (trademarked)', and they are courteously notifiying us so that we can buy them first.
The fact that the sender's name is 'Greg' (no surname) and there are all sorted of basic grammar mistakes would, one hopes, have clued in the recipients that this is a scam. But no. Every week I get panicked emails, often from very senior people, including our in-house lawyers, asking me what they should do about this. I now have a pre-written bit of text that I copy and paste into my emails in reply to say, in summary, 'don't worry yourself about this'.
It appears that if it is in an email or on a website and doesn't explicitly say == we are trying to rob you == , people take it as gospel. I so need to find myself a black hat. Untold wealth!!!
"Remember, that it is not legal to send subpoena via emails unless it is agreed by the people." .... By victor louis Posted Thursday 17th April 2008 07:19 GMT
However, fortunately, they were not subpoenas but e-mails ...... and it is not illegal to send e-mails which are not subpoenas?
"“uscourts.com” mentioned in email. So Beware of these kinds of mails. The Abaca Email Protection Gateway (http://www.abaca.com/) service was the only service I know that quarantined these emails." ..... Is not interfering with/holding up mail against the law? I'm pretty sure it is as far as the Royal Mail is concerned, or it used to be anyway. Have the rules been changed so that snooping is allowed?
Although I think we all know that that is a rhetorical question .... with Privacy and Secrecy being incompatible and uncomfortable bedfellows?
How much Simpler to Resolve to Share all your Secrets and Charms in Order to Beguile and Tempt Establishing End to End Trust with the Real Thing rather than conceal something which may be False and Fool's Gold.
Microsoft may even Run the Program with/for you too and, of course, as is the Redmond Microsoft Way, pay you a Fee/King's Ransom, if they don't have the Core Discipline Algorithm themselves, [which they don't appear to have].... http://download.microsoft.com/download/7/2/3/723a663c-652a-47ef-a2f5-91842417cab6/Establishing_End_to_End_Trust.pdf
And Paris because Play her cards Right and you'll be seeing Stars.:-)
* The Title is AI Coded Steganographic Allegory ..... honest, I Kid U Not.
I recently saw this in action with a fake BBB complaint.. the problem was that it wasn't just the MD who look at it because HE then forwarded to legal who then forwarded it around some more. By the time someone flagged it with IT, it had been in contact with 10 people. But to give senior management some credit, it was a very senior person within our organisation who raised the alarm.
It's easy to be smug if you work in IT.. but it's just a matter of time until the bad guys turn their social engineering skills onto the IT department.. hence Paris.
Won't these execs phoned their helldesk to install it for them?
"It's easy to be smug if you work in IT.. but it's just a matter of time until the bad guys turn their social engineering skills onto the IT department.. hence Paris."
Don't be stupid, they will always make obvious mistakes.
"I have a problem that you fixed last time, which I am most grateful. Can you take a look at this file as I think it is corrupted. Thankyou"
Any one spot the obvious mistake? Of course there was..
1. Thanks for previous work
2. the word URGENT! is missing
3. There is no name dropping.
It should of read
"Urgent!!!!! This file is corrupted. I need it NOW for <insert name>"
I think I'm turning into a Grumpy Old Man...I've been doing this crap for far to long. Coat!
My Dad is a director of a company turning of millions every year, intelligent, very good at what he does, perfectly competent. The only way he wouldn't have got stung by this if he didn't know how to click on the link. If you are in an environment when you are not used to dealing with computers or only with computers in a specific fashion then you are vulnerable. His particular company deals with structural engineering. Give him some CAD software and watch him go to work. Then wait for him to come home and say "how do I make the internet work", or "at work the internet just 'comes up' why is it different here". I have tried to train him up a bit, waste of time.
The problem here is a catch 22. The executives at companies need to know about computer security. The problem is that until something like this happens, they don't know that they need to know. The only people who can tell them are IT workers. But IT workers don't make policy, the big wigs do, and they decide what training you receive. The people who need to decide to enroll everyone for it security training and the people who know least about it and so don't enroll everybody for security training.
Hence, the most vulnerable people are the top people in an organisation because they are not routinely exposed to the dangers.
Lol at whaling.
Ugg, another loss to the West in the ongoing cyber war with China and Russia. This program and the targeted campaign, smacks too much of professionalism. Don't kid yourselves people this is not some kid robin hood ready to expose these secrets to Wikileaks, this is chinese govt goons stealing trade secrets, policy etc - the information that these CEO's deal with is way beyong the value of what you could conceivably funnel out of their bank accounts. These 21,k people decide trillions of dollars of busines a day. Chineese govt stands to gain serious advantage in the commerical world markets with such access. .... hello ?wake up people! War going on here - hide your PC's and children
To Amanfrommars :
There already was such a companies, that were only a CEO and bloat - Rambus was one of them, SCO appears to be too. Now Transmeta as well.
I understand James defense of his father - people should not be shocked that this can happen, but I do disagree and think that it is fair to be disapointed. People should know better. When was the last time you received a legal notice, or a collection bill from your ISP or ANYTHING THAT IS IMPORTANT IN ANY WAY FROM ANY COMPANY VIA EMAIL? Never! because it doesn't happen, they will call, and send you something via registerd mail in the U.S. Sure Netflix or your someother company may have some freindly your bill is late type of mails, but no one will ever send legal document via Email - this is not a legal recognized way to deliver such documents - anyone at the C level of a corporation is expected to be of a caliber to know that.
Those requests are not limited to IT by any means.
@James - Spot on. Management needs to talk to IT and vice versa. Hang on, I feel a song coming on....
Sign up, sign up for The Register's weekly IT security newsletter - click here
