Click here to receive your FREE subscription to Campus Technology
News
Hoax Subpoena E-Mails Shine Light on 'Spearphishing'
4/25/2008
Last week, hundreds of executives at some of America's most well-known companies received e-mails that they probably didn't want to get--even if those messages weren't a hoax.
It was revealed Wednesday that as many as 2,000 top managers at high-profile corporations nationwide received e-mail messages early in the week that looked like an official subpoena from the Uited States District Court in San Diego, CA.
Though this hoax could have been worse, it still brings attention to the growth of a certain modus operandi among many of the world's most sophisticated hackers: targeted attacks under the guise of a friendly overture.
"As phishing attacks go, this one has been comparatively small. By some estimates, the Monday wave tricked about 2,000 people and the second attack on Wednesday scammed another 100," said Andrew Storms, director of IT security operations at San Francisco, Calif.-based nCircle Network Security. "Though, despite the small numbers here, this attack does highlight the new trend of 'spearphishing.' Spearphishing is the term used to denote a highly targeted and incredibly customized version of the daily-seen phishing attack."
Since the incident, the real federal court for the Central District of California has posted an advisory on its Web site alerting users of the nature of the attacks and admonishing them to report such incidents. Even the IT security think tank SANS Institute got in on the act with notes on its homepage urging users who receive subpoenas via e-mail to take them immediately to the company's in-house counsel, private lawyers or federal law enforcement.
Security patches that guard against such attacks have also been relatively prevalent in recent Patch Tuesday releases, more evidence that phishing is a concern that isn't going away.
It All Started with Spam
Security experts say that at its roots, phishing is merely an appendage of an
age-old confidence scheme where curious, interested or greedy parties are reeled
in (hence the term "phishing") and their privileged information
stolen.
Like many others, Don Leatham of Scottsdale, Ariz.-based Lumension Security traces the method back to the days of AOL, when dialing up to get on the Internet sounded like fingernails scratching a chalkboard and the pages loaded slowly.
"The history can go way, way back," said Leatham, who is Lumension's director of solutions and strategy. "The electronic, network version of this con is typically traced back to the early '90s when access to online services like AOL, Genie and CompuServe were fairly expensive."
However, today's attacks are more targeted and less random. They're less like fishing and more like hunting with a spear through the water--the water being the network, in this case. Thus, spearphishing attacks are tailored e-mails that include some level of personalized data from a trusted Web address that has been hacked and configured to invite specific individuals.
Recommended Reading
- California Community Colleges Partner with Waterfall Mobile on Statewide Emergency Notification Coverage
The Foundation for California Community Colleges (FCCC) has awarded a statewide emergency alert notification contract to Waterfall Mobile. The contract establishes Waterfall's AlertU as an approved technology through the official non-profit foundation for the California Community College (CCC) system office. Through this partnership, individual colleges may directly implement emergency communication services, eliminating lengthy technology evaluation and RFP processes.
- King's College and ASU Add e2Campus for Improved Emergency Notifications
King's College and Arizona State University have switched to Omnilert's e2Campus for emergency notification. Omnilert also has introduced a new program called the ENS Conversion Service that allows schools to bulk upload data from their previous emergency notification system into e2Campus at no charge.
- Saint Joseph Builds Out Wireless Network in Multi-year Upgrade
Saint Joseph's University has begun deploying a Meru Networks wireless local area network across its Philadelphia campus as part of a multi-year effort to bring wireless coverage to every building on campus.
- Vista Ramp Up Is Happening Now, Study Says
Organizations may have been slow to adopt Microsoft Windows Vista, but expect that to change by late 2008 to 2009, according to a Forrester Research report by Benjamin Gray et al., published last week.
- Talisma Launches New Version of CRM with Built-in Application Management
Talisma Corp. announced version 8.0 of its constituent relationship management (CRM) application for higher education. The new release includes application management, a revamped user interface, two-way text messaging, personalized Web portals, and an ADA-compliant Web client, among other enhancements.
- Bringing Composers into Classrooms Through Skype
Two Pennsylvania teaching colleagues with an interest in music and technology are bringing remote experts into classrooms at almost no cost, using Skype's free videoconferencing technology.
