Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Subpoenas Sent To CEOs For Social Engineering

Posted by kdawson on from the whale-fishing dept.

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"

112 comments

  1. Subpoena by *email* ?? by nurb432 · · Score: 5, Insightful

    If you fall for that you deserve to get taken.

    --
    ---- Booth was a patriot ----
    1. Re:Subpoena by *email* ?? by gnick · · Score: 3, Interesting

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:Subpoena by *email* ?? by WaltBusterkeys · · Score: 4, Informative

      Stranger things have happened, especially in cases where the events took place online. Normally you're right that service has to be done in person or by US mail.

      BUT, if the only known way to contact a defendant or witness is by email (if, for example, their real names or addresses are unknown), then a court can authorize that as an alternative form of service. It's up to the court to decide if email would give sufficient notice and other means are impractical.

      Here, of course, there's no reason to think that sending certified mail or a process server wouldn't work -- a corporate CEO isn't hard to find and service on a company can almost always be done through the state's secretary of state.

      But, that doesn't mean that electronic subpoenas are never possible, as you suggest.

    3. Re:Subpoena by *email* ?? by FireXtol · · Score: 1

      I'd say after you allow an executable to run... well... is like not encrypting your WRG/WAP. =)

      --
      Enlightenment is the elimination of that which is unnecessary.
    4. Re:Subpoena by *email* ?? by Deadstick · · Score: 1
      Eef thee good Lor' didn' want'em sheared, he would'na made 'em sheep...

      --Eli Wallach, The Magnificent Seven

      rj

    5. Re:Subpoena by *email* ?? by GoodbyeBlueSky1 · · Score: 2, Funny

      This sounds like baloney. Can you back this up with a link?

      --
      why? forty-two.
    6. Re:Subpoena by *email* ?? by WaltBusterkeys · · Score: 5, Informative
      Sure, here's an example of service by email:

      Plaintiffs Tishman and Wilkinson filed a lawsuit against defendant Pine, but had difficulty serving Pine with the summons. The plaintiffs tried the conventional methods of service under New York law, such as personal delivery. They even tried the "nailing and mailing" method by affixing a copy of the summons to the door of Pine's residence, then sending a copy in the mail.

      Tishman and Wilkinson had information, however, that led them to believe Pine was out of the country. . . They petitioned the court for permission to serve Pine by e-mail, pursuant to N.Y. C.P.L.R. Â308(5), which allows service by such manner as the court directs, when the more conventional methods are "impracticable."

      The court allowed service of the summons to an e-mail address Pine had used in a classified ad listing his house for sale. The court held that given the uncertainty about the success of the attempted "nailing and mailing" effort, and the fact that the Pine's attorneys wouldn't give a clear answer as to where Pine was living, alternative service by e-mail was appropriate.


      Most states have similar laws that allow service by any practical means if conventional methods fail.
    7. Re:Subpoena by *email* ?? by GoodbyeBlueSky1 · · Score: 1

      Well then. Thanks for the info!

      --
      why? forty-two.
    8. Re:Subpoena by *email* ?? by davidphogan74 · · Score: 2, Informative

      I received one from the a California state organization about 3 years ago due to a lack of other ways to locate me and give me a written notice. The written notice had no external links whatsoever, and simply asked me to contact them regarding the matter and included a PDF of the subpoena itself, along with corroborating evidence that would relate to it.

      A few phone calls and cross-checks with other resources later, it turned out to be valid.

    9. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 4, Insightful

      Actually my experience in Corperate IT, most C*O executives are dumb enough to open such items.

      Cripes most virus infections at corperations come from these dimrods.

    10. Re:Subpoena by *email* ?? by nomadic · · Score: 3, Insightful

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

      If you're an experienced executive you should at least realize that you need to be served with a subpoena, and e-mail isn't a valid method of service (yet). Oh well, business majors aren't known for their intellectual sharpness...

    11. Re:Subpoena by *email* ?? by SHaFT7 · · Score: 1

      I've had a similar problem with emails coming from *@irs.gov i almost fell for one, as i was having tax issues with the previous owner of my business. now some of my clients are getting the emails, and luckily it didn't actually contain a virus, but they completely fell for it.

    12. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 0

      So if someone sues me after I've traveled into a black hole, the court is authorized to send someone after me?

    13. Re:Subpoena by *email* ?? by pjt33 · · Score: 1

      Ah, but times have changed..

    14. Re:Subpoena by *email* ?? by nurb432 · · Score: 1

      And with no proof of receipt i know id ignore it, and assume its spam. ( if it even got thru my filters ). No registered letter or delivery by sheriff, no show by me.

      That court was ignorant if they actually allowed email to be considered.

      --
      ---- Booth was a patriot ----
    15. Re:Subpoena by *email* ?? by dziman · · Score: 0

      Proper training to identify possible risks (this is a human thing) are likely key to minimizing a compromise. AV software and HIPS are great and all, you can blow your entire budget on them. There is no substitute for educated and intelligent employees (and CEOs).

      Less focus on the security of the OS, network, etc, more investment in employee training to identify risks, confirm validity, etc are tools that change less over time.

    16. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 1, Informative
      I received one of these e-mails. It was well targeted in that it got my information correct. However, other than that, it had every hallmark of spam. Links coming from the ".com" version of a ".gov" domain, e-mail from a source that wasn't what it purported to be, and the subject matter (a supeona) coming via e-mail instead of by Sheriff or Lawyer. It was also not caught by our spam filters.

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware. Us "Muckity-Mucks" are targeted by more malware, spam, telemarketing than any of you "little people" (tongue in cheek). Our names are on public registers and documents and those get picked up all the time. I get dozens of solicitation calls each week, piles of "official" scam letters in the mail, and hundreds of e-mail messages. This is to say nothing of the "important" faxes we receive. We are used to dealing with this junk.
    17. Re:Subpoena by *email* ?? by KURAAKU+Deibiddo · · Score: 1

      This actually was the original premise of The Black Hole, but then sanity prevailed and they realized this would only appeal to very geeky lawyers and process-servers.

      Dr. Hans Reinhardt was actually supposed to be the leading process-server of his time, undaunted by the prospect of being crushed by a black hole in the pursuit of his quarry... ;)

    18. Re:Subpoena by *email* ?? by Coppit · · Score: 1

      Well, I wonder if Pine uses Pine, Alpine, or Mutt?

    19. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 0

      I get dozens of solicitation calls each week, piles of "official" scam letters in the mail, and hundreds of e-mail messages. This is to say nothing of the "important" faxes we receive. We are used to dealing with this junk. Proper muckity-mucks should have their secretaries take care of that. If you're wasting your time with that crap instead of having somebody else do it, you're doing a real disservice to your company. If you're somewhere small enough that the top brass do not require secretaries to filter the incoming communications, you probably do not fit in the muckity-muck category.
    20. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 0

      Yeah, I wouldn't try that if I were you.

      Contempt of court is a painful lesson. If the court finds that the email made it to you and you blithely ignored it, you're in contempt.

    21. Re:Subpoena by *email* ?? by dbc001 · · Score: 1

      My boss got the email and brought it to me. She correctly identified it as SPAM, but wanted me to check it out in case she was wrong. I noticed that the URL was casd-uscourts.com, so I googled the domain and found nothing. I realized that a subpoena would probably come through the mail, but then it occurred to me that maybe these people are such imbeciles that they contracted with some commercial company to handle this thing (not unlike letting a company handle your redlight cameras).

      The link didn't work on Mac/Safari or Mac/Firefox, so we went to a PC and brought up Firefox - still nothing. I finally figured out that it was bad news when we opened it up in IE and it wanted to install an ActiveX control.

      Anyway, I fell for it though - and although I didn't install the malware, it was pretty convincing. And there are plenty of government officials who are stupid enough to do things like this.

    22. Re:Subpoena by *email* ?? by msromike · · Score: 1

      If I'm bigger than you, then you deserve to give me your money.

  2. You already have real problems. by Cajun+Hell · · Score: 5, Insightful

    So, first and foremost, don't click on such links.

    If clicking a link poses even the slightest risk, you need to replace your software ASAP.

    Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

    --
    "Believe me!" -- Donald Trump
    1. Re:You already have real problems. by Anonymous Coward · · Score: 4, Informative

      CEOs should know better anyway. Start of process is with your registered agent, not your email address.

    2. Re:You already have real problems. by cynicsreport · · Score: 5, Funny

      So, first and foremost, don't click on such links.
      This is always good advice. For more information on how to avoid anonymous links, check out this website.
      --
      - Demosthenes
      cynicsreport.com
    3. Re:You already have real problems. by Lobster+Quadrille · · Score: 5, Funny

      I clicked it. It just says 'server not found'.

      If you're going to make a joke on slashdot, you gotta at least register the domain and build a website, or nobody will take you seriously.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    4. Re:You already have real problems. by Nushio · · Score: 1

      Uhm, your link is broken :-(

      --
      Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
    5. Re:You already have real problems. by borgasm · · Score: 1

      This would have been a perfect opportunity for a goatse link. Please plan accordingly next time.

    6. Re:You already have real problems. by Anonymous Coward · · Score: 0

      See how many tards clicked on a link they don't know where it had came from?
      And they are not CEOs, but Might-Uber-H4x0r-Linuz geniuses...

    7. Re:You already have real problems. by Anonymous Coward · · Score: 0

      Because the virus has already hijacked your browser and caused it to display a fake 'server not found' page. This one's sneaky, stealthy, and very hard to eradicate. If you clicked that link, I suggest you reformat your hard drive. It's the only way to be sure you've gotten rid of it.

    8. Re:You already have real problems. by Anonymous Coward · · Score: 0

      or a rick roll.

    9. Re:You already have real problems. by Urza9814 · · Score: 2, Funny

      c'mon man! If you're gonna make a link, make it to a real website! As a Linux user, I enjoy visiting malware sites :)

    10. Re:You already have real problems. by Lobster+Quadrille · · Score: 1

      Well, shit.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    11. Re:You already have real problems. by Lobster+Quadrille · · Score: 3, Funny

      Good thing I used my CEO's computer to view it.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    12. Re:You already have real problems. by GreyWolf3000 · · Score: 2, Funny

      He did. It's just that the link got slashdotted.

      --
      Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
    13. Re:You already have real problems. by Anonymous Coward · · Score: 0

      Yeah, I agree. You can find out more about proper trolling techniques here.

    14. Re:You already have real problems. by Lobster+Quadrille · · Score: 1

      Dammit. Twice in one week.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    15. Re:You already have real problems. by Fast+Thick+Pants · · Score: 1

      If clicking a link poses even the slightest risk, you need to replace your software ASAP.

      What would you suggest replacing it with? Arbitrary-execution bugs have cropped up in every major browser (yes, even lynx) from time to time, and often the bad guys know about them first. Ditto with common browser plugins. Hopefully your browser is not running with root privileges, but probably it has full access to your personal files -- and besides, privilege escalation bugs are also constantly being discovered.

      Short of using a temporary installation image (or live CD) on a separate network, I can't think of what sort of setup I could, with clear conscience, recommend to someone who wanted the freedom to click on targeted malware links.

      Welcome to the grim paranoid realities of net security -- every link, every email, every IM, every packet heading into your network does indeed pose the slightest risk, because it will eventually be processed by one or more pieces of buggy software. There's a lot you can do to manage these risks, but pretending that they only exist in "bad" software is just putting your head in the sand.

    16. Re:You already have real problems. by nomadic · · Score: 1

      CEOs should know better anyway. Start of process is with your registered agent, not your email address.

      If it's a subpoena sent to them in their personal capacity it goes straight to them (or their attorney if he/she has accepted service on their behalf).

    17. Re:You already have real problems. by kylehase · · Score: 1

      Some C_Os don't know a lot about technology but have privileged access to secured resources so they're a valid concern for breaches. http://www.wired.com/techbiz/media/news/2003/08/60052

      --
      You want fun, go home and buy a monkey!
    18. Re:You already have real problems. by CBravo · · Score: 0, Redundant

      Hey man, I clicked the link and now my machine is infected. Thanks a lot bro!!!

      --
      nosig today
    19. Re:You already have real problems. by matt+me · · Score: 2, Funny

      If you're going to make a joke on slashdot, you gotta at least register the domain and build a website, or nobody will take you seriously. I have not registered the domain and built a page there. The page appears identical to the firefox error page.
    20. Re:You already have real problems. by jimicus · · Score: 1

      If clicking a link poses even the slightest risk, you need to replace your software ASAP.

      Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

      Let me play devil's advocate for a moment.

      Knowing (as discussed elsewhere) that email, while unusual, is in some circumstances a perfectly acceptable way to serve a subpoena, no responsible CEO is going to ignore the email unless pretty damn convinced that it's fake.

      A user agent saying "Where do you want to save this?" won't help. All that will happen is they'll save it somewhere then run it from there.

      The only solution is for the OS to actively prevent the end-user from executing code from random locations - in Unix, you'd mount their home directory and maybe /tmp with the noexec option.

      Even then, the IT department is still going to have some work to do. You'll need to convince the CEO that the subpoena is fake without actually opening it.
    21. Re:You already have real problems. by Anonymous Coward · · Score: 0

      "If clicking a link poses even the slightest risk, you need to replace your software ASAP."

      For example, with MacOSX

    22. Re:You already have real problems. by Anonymous Coward · · Score: 0

      ALL software has "risk" for such things, whether it be an exploit through flash, java, or buffer overflow via the web browser it self, choose your poison; no applications are immune, or Operating Systems while on this topic. After all, it is just code written by humans, and we can/will make mistakes. If the site is targeting software running on your machine and that malicious site can get code to overwrite data in memory with harmful code and it executes, game over. The user doesn't need to install or download anything, it is all done "with a click of a link."

      I believe the appropriate way to mitigate this would be user awareness and education for such social engineering attacks.

      I hate to say it, and I must admit I am laughing a little, but I have a slight feeling you'd be one of the few that would CLICK the link via the whole "my software is immune" mentality. :)

      Good day.

  3. Someone had to say it... by Lunix+Nutcase · · Score: 1

    I for one welcome our new CEO scamming overlords.

    1. Re:Someone had to say it... by Anonymous Coward · · Score: 0

      I am a CEO, you insensitive clod! ... and think of the children!

  4. Risk/Benifit - and insider trading by Gat0r30y · · Score: 1

    I sure hope no CEO was dumb enough to fall for this. But it certainly is a new and interesting direction for Social Engineering - very targeted, but if even one falls for it the whole companies financials/business strategies, basically a tremendous amount of high value information all in one fell swoop.

    --
    Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
  5. Hmmm.... by Otter · · Score: 2, Insightful
    If you're the CEO of a major corporation (or the admin who reads and prioritizes his email for him), you're crazy to be clicking on something like that even if it were guaranteed to be real. That's what you have a legion of lawyers for.

    Clever scheme, though.

    --
    What I'm listening to now on Pandora...
    1. Re:Hmmm.... by Anonymous Coward · · Score: 1, Funny

      I've been using bill@microsoft.com as my email address for websites for years.
      I hope he appreciates the extra business i'm sending his way.

    2. Re:Hmmm.... by Architect_sasyr · · Score: 1

      (or the admin who reads and prioritizes his email for him) As a fellow B.O.F.H. I have to say that is the best damned justification I've ever seen for reading my CEO's email!
      --
      Me failed English...
      FreeBSD over Linux. If my comments seem odd, this may explain...
    3. Re:Hmmm.... by iNaya · · Score: 3, Informative

      Pity his email is actually billg@microsoft.com

      --
      The Unicode standard is over 20 years old. Why does Slashdot not support it?
  6. Boss got this yesterday by ResQuad · · Score: 5, Interesting

    My boss received one of these yesterday. Luckily he is one of the smarter people in this world and FW'd me the email (being the suspicious person he is). Personally I thought it was rather clever.

    Also - I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words? Cause these subpoenas looked fairly good - but there were misspellings. Can't they just run the emails through Word or Open Office before they send them out?

    --
    snowulf.com
    1. Re:Boss got this yesterday by Anonymous Coward · · Score: 4, Funny

      Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words?
      We're really not supposed to talk about the hacker code in public, where n00bs might see.
    2. Re:Boss got this yesterday by tattood · · Score: 4, Funny

      The first rule of hacker code is - you don't talk about hacker code.

      --
      WTB [sig], PST!!!
    3. Re:Boss got this yesterday by Lobster+Quadrille · · Score: 1

      No, but I'm going to write one now.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    4. Re:Boss got this yesterday by LordP · · Score: 1

      I got a spam email the other day that actually had no spelling errors in it. I didn't check the grammar, because it was TL;DR, but it looked ok.

      Click if you want to have a read.

      --
      Nothing is so smiple that it can't be screwed up.
    5. Re:Boss got this yesterday by XHIIHIIHX · · Score: 2, Informative

      I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell Yes there is. By mispelling [sic pun] a few words, you can confuse anti-spam filters that are looking for duplicate mass mailed documents or for specific words. Typical spamming programs will allow you to insert random chars (replace 1, l or ! for I) or will substitute some automatically.
    6. Re:Boss got this yesterday by pclminion · · Score: 2, Interesting

      Yes there is. By mispelling [sic pun] a few words, you can confuse anti-spam filters that are looking for duplicate mass mailed documents or for specific words. Typical spamming programs will allow you to insert random chars (replace 1, l or ! for I) or will substitute some automatically.

      That might help it get past the spam filter, but it certainly doesn't help it get past the "Me" filter. *I* will recognize the email as a phish based on a SINGLE misspelling. The problem isn't getting past the filters, the problem is convincing the user that the email is legitimate, and misspellings only hurt that cause.

    7. Re:Boss got this yesterday by jberryman · · Score: 1

      Unfortunately for the truly 1337, ed has no spellchecker.

    8. Re:Boss got this yesterday by XHIIHIIHX · · Score: 2, Informative

      Which doesn't matter if it doesn't get to the user in the first place.

    9. Re:Boss got this yesterday by Eevee1 · · Score: 0

      It also works for MySpace posts. And some!ime$ $/. p0Ztz.

    10. Re:Boss got this yesterday by madfancier · · Score: 1
      You just broke it.

      P.S. I could never get my head around this recursion.

    11. Re:Boss got this yesterday by Anonymous Coward · · Score: 0

      It's a bozo filter. It's easier for them to scam people if they know everyone who responds is a moron.

    12. Re:Boss got this yesterday by GuyverDH · · Score: 1

      Unfortunately, for the truly unfortunate, neither does edlin.

      --
      Who is general failure, and why is he reading my hard drive?
    13. Re:Boss got this yesterday by bill_mcgonigle · · Score: 1

      Cause these subpoenas looked fairly good - but there were misspellings.

      But in this case it was targeted to only one user per company. Perhaps something big like Postini or pyzor could have caught it eventually.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    14. Re:Boss got this yesterday by spazdor · · Score: 1

      Have you ever met an average Internet user?

      It's not as big a problem as you'd think. ;)

      --
      DRM: Terminator crops for your mind!
    15. Re:Boss got this yesterday by Bryansix · · Score: 1

      Yes and "Stupid People" is a redundant phrase.

  7. To be on the safe side ... by cpricejones · · Score: 2, Funny

    maybe they should post the email list so that all the CEOs out there know if that particular subpoena they received was real or not. So many subpoena emails to go through ...

  8. I have been saying this... by zappepcs · · Score: 2, Interesting

    Every time that I comment on a story about viruses and malware and security, I mention the fact that what is normally mentioned by antivirus vendors is junk used to scare up business.

    The real danger lies elsewhere. Stories like this and the cyber-war story about the US and China are the ones that you need to follow and think about.

    The chances that your company is already compromised by the NSA or some other country's spy agency/military is reasonably high, no matter what you do.

    Okay, so you make cheeseburger boxes for several chain restaurants, who would want data from your system?

    It looks a lot like the butterfly effect http://en.wikipedia.org/wiki/Butterfly_effect in the fact that one small chance encounter or small piece of information can greatly affect the outcome of a particular chain of events. Your company makes cheeseburger boxes for a company whose CEO, in turn, is a friend of or associate of some political figure. This information is gleened from your system via email, and phishing email is used to get that political figure to open an email which is a dupe of a previous email sent, but contains an active-x payload... this in turn leads to more serious and useful information down the road... and viola! you have enough for a hack on the RNC mail server...

    Something like that, just work out your own end goal and play 6 steps to Kevin Bacon to find out how to get there. Much is public information and can be used to nail the last link you need for planting the right spyware in the right place, unnoticed, undetected, unfettered. No need for millions of bots, just one well placed piece of code.

    Best part is that it is enabled/started by the high-ranking user, one that is never spied on, so the malware is safely sitting there doing it's thing without interruption.

    That is how spying works, a little bit at a time, patiently looking for a chink in the armor.

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:I have been saying this... by realthing02 · · Score: 1

      I'm not sure I agree with this. Wouldn't it just be easier to send out mass emails to the target company, and just wait for the one stupid individual to click the link? Then you've got your malware or whathaveyou, and you're on your way. I can see your point if we're talking about some ridiculously secure intranet that you want access to, but not something targeting seemingly random CEO's. But I do not have a lot of experience in this area, so maybe you know more than I'm getting from the post.

    2. Re:I have been saying this... by bagboy · · Score: 1

      I've got the cheeseburger box folks' bot telling the bun folks' bot to tell the burger folks' bot to inform the ketchup folks' bot to relay to the mayo folks' bot to hold the mayo. Now my lunch is hot-off-the-grill and ready for me.

    3. Re:I have been saying this... by Digi-John · · Score: 4, Informative

      The real danger lies elsewhere. Stories like this and the cyber-war story about the US and China are the ones that you need to follow and think about.

      It looks a lot like the butterfly effect http://en.wikipedia.org/wiki/Butterfly_effect in the fact that one small chance encounter or small piece of information can greatly affect the outcome of a particular chain of events. Your company makes cheeseburger boxes for a company whose CEO, in turn, is a friend of or associate of some political figure. This information is gleened from your system via email, and phishing email is used to get that political figure to open an email which is a dupe of a previous email sent, but contains an active-x payload... this in turn leads to more serious and useful information down the road... and viola! you have enough for a hack on the RNC mail server...

      That is how spying works, a little bit at a time, patiently looking for a chink in the armor.

      Reminds me of the information security training I had to take before starting my job here at a national lab. First, we watched a video in which an ex-KGB boss who now provides security consulting worldwide says, "Do not think that because you are low-ranking or do not work with classified information, that you are not a potential target for espionage" and goes on to tell us how almost certainly at least a few of the people we work with have been or will be targeted for espionage or potential defection. Then we were told how several pieces of non-classified information can be put together to create classified information, even unintentionally.

      Even if you don't work for the government, you have to be really careful if you want your data to be secure.

      --
      Klingon programs don't timeshare, they battle for supremacy.
    4. Re:I have been saying this... by Lobster+Quadrille · · Score: 1

      You're on the right track.

      When I'm doing a pentest, I often look into websites that known users of my victim site frequent, to get more info about possible passwords, social engineering fodder, or other info. It rarely gives huge returns, but you can usually get something this way, and that's often all you need.

      And even if your company's servers dont' have the information I'm looking for, I could always use it as a proxy while attacking the real target, to send the blame your way while I'm working for your competitor.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    5. Re:I have been saying this... by Technician · · Score: 1

      Every time that I comment on a story about viruses and malware and security, I mention the fact that what is normally mentioned by antivirus vendors is junk used to scare up business.


      You missed the obvious.. The Acrobat.exe.. It's another Microsoft Windows Virus.

      --
      The truth shall set you free!
  9. CEOs read email? by Anonymous Coward · · Score: 1, Informative

    Most I know, the secretaries read it, print it and then file the copies.

    1. Re:CEOs read email? by RiotingPacifist · · Score: 1

      Most I know, the secretaries read it, print it and then file the copies. Its when they start trying to click the links, that you worry who's running your company!
      --
      IranAir Flight 655 never forget!
    2. Re:CEOs read email? by Culture20 · · Score: 1

      But that means the Secretaries are the ones that click the link. Considering that the Secretaries often have gobs of useful calendar information (and access to the CEO email), this is a _bad_ thing.

  10. An email subpeona? by Cracked+Pottery · · Score: 1

    That is new to me. Must be a dyslexic server process. Anybody in a position of responsibility who falls for any kind of phishing ought to look into getting a chauffeurs license, or if they are artistically inclined they can go to barber school.

  11. I like to look by contrapunctus · · Score: 1

    Even if I know this was bogus, I would still click on it because I would be curious about the scam and for the entertainment value.
    Would I fail the test then?

    1. Re:I like to look by flyingfsck · · Score: 1

      I always click everything with wild abandon. That is what web browsers are for. If you can't click on everything and anything, then something is broken and needs fixing.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    2. Re:I like to look by Lobster+Quadrille · · Score: 1

      I do it too, but in a vm, not running the likely target OS (though for a targeted attack, this won't make a difference, I suppose), and with noscript.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    3. Re:I like to look by justinlee37 · · Score: 1

      Yeah, my free copy of Avast! antivirus (home edition for non-commercial use) notifies me when I click on something malicious, and gives me a chance to opt out of downloading it. Additionally, Spybot Search & Destroy's "TeaTimer" prompts me before any application attempts to edit the registry (which shady websites love to do). On top of all that, Firefox is my default browser, and most ActiveX controls are disabled or prompt-to-download by default (as they should be).

      No, I am not a shill.

    4. Re:I like to look by Heembo · · Score: 1

      This is an executable, and AVG does not include coverage right now. FF will not save you, either.

      Translation: PWND

      http://www.virustotal.com/analisis/13bfb6913f9c328c7b657fce4ba4c731

      --
      Horns are really just a broken halo.
    5. Re:I like to look by justinlee37 · · Score: 1

      Assuming someone could trick me into running a malicious executable. It's usually pretty obvious -- like those "porn videos" on yahoo vid. search that link you to a site that's all like, "error! you must download this blah thing to see nekkid ladies!"

      Being able to distinguish an executable from a family vacation photo or tax spreadsheet is what separates the users from the lusers.

    6. Re:I like to look by Your+Pal+Dave · · Score: 1

      Even then, you need to be careful. I got one of the "April Fools" storm worm spams, and I decided to see what it would do in a vm on my linux box. I started up a bunch of sysinternals tools, ran the downloaded exe, watched it for a while, and then nuked the vm.

      Unfortunately, I forgot to shut off networking to the vm, and the next day I got an email nastygram from my ISP saying that my port 25 had been blocked due to spamming...

    7. Re:I like to look by Anonymous Coward · · Score: 0

      clicky

  12. Etch a Sketch by EEPROMS · · Score: 5, Funny

    We just gave our CEO a new laptop, that reminds me I better tell him he needs to shake it to reset.

    1. Re:Etch a Sketch by DJNephilim · · Score: 1

      You work at the White House?

      /sarcasm

      --
      Enemy of the Sun
    2. Re:Etch a Sketch by Captain+DaFt · · Score: 1

      Actually, our president uses the latest in tablet/stylus technology.
      http://www.crobike.de/en/store/product.php?whm=22214&kat=FunStressRelievers&will=Crayons&country=Worldwide

      --
      The U.S. really needs an English to Wisdom dictionary.
  13. Highly targeted? by Itninja · · Score: 1

    More like widely broadcast. Everybody has been getting these (who's spam filter isn't catching them). It's been on Snopes since this morning (not linking to Snopes in protest of their scriptastic ad pushing).

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  14. "emails that look like subpoenas " by rickb928 · · Score: 1

    I'm not that dumb. sheesh.

    Looks like I gotta change my job site profile. 'CEO' isn't that hard a job to fake, apprently. At least I won't be as easily phished as the current spawn.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
  15. How will he click it? by prockcore · · Score: 2, Funny

    How will the CEO click the link on the printout his secretary made for him?

  16. Agreed by Anonymous Coward · · Score: 1, Interesting

    Our CEO got one of these yesterday too. Luckily, his executive administrator has more brains than he, and forwarded it to our legal dept., questioning it. Our legal dept contacted the IT dept, and I told them that it was totally bogus.
     
    The admin actually was quoted as saying "Since when are they sending subpoenas by email?".

  17. I was hit by it... by npal · · Score: 5, Informative

    I saw it on my Treo and it looked very real - at first. There were four issues: It was a Federal subpoena but it mentioned a "city prosecutor" down towards the end. This started some suspicion.
    Then I noticed that it was a grand jury for a civil trial. So I'm wondering, do they use grand jury's for civil trials? It was in California, so I thought maybe they somehow did. Then, I could see that they wanted a credit card to get the information. Big red flag, but it used pricing by the page - so I thought only the government could dream up something like this and maybe it was legit. Finally, the domain name for the link to the credit card page looked okay, but it was phony.

    All and all, I'll bet a number of people fell for it because the targeting was so good.

  18. Amazing by elloGov · · Score: 1

    Oh the talent in this world!

  19. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  20. Subpeona = SPAM by zienth · · Score: 1

    I have my spam filter set up to send all subpoenas directly to my junkmail folder. I find it saves me a lot of time and hassle.

    Zienth

  21. Re: The Hacker Code -- REVEALED by chooks · · Score: 1

    1. Don't talk about the hacker code.
    2. Don't talk about the hacker code.
    3. ????????
    4. PROFIT.

    --
    -- The Genesis project? What's that?
  22. easily done by locokamil · · Score: 2, Insightful

    I don't know about other industries, but in the financial industry (as far as I know) employees are required to have an address of format [name1.name2]@[company domain].

    Makes for easy spamming...

    1. Re:easily done by Anonymous Coward · · Score: 0

      I am not sure what you mean by financial industry, but the bank I use doesn't use that format.

  23. I would be more concerned that... by Guppy06 · · Score: 1

    CEO's of major corporations are so easily duped. Are the stockholders really getting their money's worth, what with all the golden parachutes on top of this?

  24. CEOs read their own mail?! by GumphMaster · · Score: 1

    CEOs read their own mail?!

    Never would have believed if I hadn't read it here :)

    --
    Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
  25. That's nothing by PCM2 · · Score: 4, Funny

    You think that's targeted? The other day I received an e-mail from a pharmaceutical company offering to discuss options for enlarging my very small penis. They asked me if I was tired of being unable to satisfy women, and whether I had tried the other pills without results. I mean, seriously ... how can spammers find out stuff like this?? I'm switching to Firefox.

    --
    Breakfast served all day!
    1. Re:That's nothing by Hoi+Polloi · · Score: 1

      Sure your partner, or an ex, isn't a spammer?

      You might want to ask what all those checks written out for Russian banks are about.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
  26. The CEO is always the dumbest guy in the building by Anonymous Coward · · Score: 0

    This is a very good choice of target. The higher up they are in the organization, the less they know about anything. Eat the rich!

  27. Typical by Fnord666 · · Score: 1

    I fail to see the news in this. Spammers and malware distributors have always targeted the technologically ignorant.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  28. CEO's don't read e-mail by TheRealCodeRed · · Score: 1

    I don't see the problem. 1) CEO's don't read e-mail. 2) Even if they did read it they would forward it to there lawyer. 3) CEO's are way to smart to fall for that. :)

  29. I got a good phish last week by peter303 · · Score: 1

    This phish had spoofed a major credit card's email address and had a 1-800 number to respond. I was looking for javascript or cgi returns to another source, but didnt see it. I called the real 800 from that company just to doubled-check my account because the spoof was so good. I only checked up on one phish before, the first one I got about ten years, because it was a new thing then.

    These guys are spending big dollars to set up a 1-800 number. I guess they get it all back in one or two victims.

  30. Count Your Blessings by bill_mcgonigle · · Score: 1

    Cause these subpoenas looked fairly good - but there were misspellings.

    Imagine if the smart guys started working on these things...

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)