Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoofed White House Card Dupes Many Gov't Employees, Steals Data

Posted by timothy on from the you-may-have-already-won dept.

tsu doh nimh writes "A run-of-the-mill malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters, writes krebsonsecurity.com. The story looks at several victims who fell for the attack, and suggests it may be related to a series of similar document-harvesting runs throughout 2010. Government security vendor NetWitness notes that these types of incidents are blurring the lines between online financial fraud and espionage attacks."

20 of 173 comments (clear)

  1. Merry Christmas by Dexter+Herbivore · · Score: 5, Funny

    Honourable employees of venerable government of USA. Please click on link to receive free gift from People's Republic of... ummm... errr... Canada!

    1. Re:Merry Christmas by Toe,+The · · Score: 2

      To retrieve card just click on this totally legitimate official White House e-mail address: elvis.com.au/(something)

      Yeah, that address actually appears in the card, according to TFA.

      Like... seriously?

  2. Re:pack.exe as Perl/ZeuS Trojan? by betterunixthanunix · · Score: 4, Informative

    Most GNU/Linux systems (and I assume but cannot really say for sure about Mac OS X) will not just execute an arbitrary file that you download. Generally you have to at least set execute permissions on the file to get it to run, or feed it to its interpreter on its own (if it is a script). Additionally, for a secure desktop, one would generally set "noexec" on the home directories partition, so that users cannot just execute random code.

    Really though, this is all superficial by comparison with multilevel security systems, which for someone with top secret clearance seems like an obvious measure. MLS policies should forbid a program that you download from some random website from even opening a file that is "Top Secret," let alone sending a copy to some other system. A lot of research went into such systems, which are designed around the assumption that the threats are internal (e.g. a malicious program that is already running on the system) and that the goal is to prevent leaks (as opposed to the more common goal of restricting unauthorized access).

    --
    Palm trees and 8
  3. Re:pack.exe as Perl/ZeuS Trojan? by TaoPhoenix · · Score: 2

    Why is the quality of malware better than the quality of some commercial SFW ware?

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  4. Read the victim list by Anonymous Coward · · Score: 5, Insightful

    It's not so much the crime than the type of victims:

    -An employee at the National Science Foundation’s Office of Cyber Infrastructure.
    -An intelligence analyst in Massachusetts State Police
    -An unidentified employee at the Financial Action Task Force, [in a government body whose purpose is to fight] money laundering and terrorist financing.
    -An official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies.

    Me, I'm an idiot with no influence, but the people who set policies and can put people in jail should know better.

  5. Re:SSDD by Haedrian · · Score: 2

    Error: Could not find string variable 'hit'

  6. Belarus by Max_W · · Score: 2, Insightful

    This type of activity is illegal in Belarus too. The streets there do have names and houses are numbered. True, it is not in English.

    Still if it was some kid, a call from the Interpol to Belarus police, and the employees probably could have they files back. Sometimes learning foreign languages at school could be very useful.

    1. Re:Belarus by Max_W · · Score: 3, Informative

      In the article it is written that files were sent to a server in Belarus. My point is that it is not like they were sent to the Mars.

      And if there were a good working relationship between criminal police in D.C. and in Minsk, this could be easily solved or even prevented.

  7. So you mean by VincenzoRomano · · Score: 2

    That GOV documents like ehm ... cables can LEAK out without the intervantion of an insider?
    Interesting ... indeed.

    --
    Maybe Computers will never be as intelligent as Humans.
    For sure they won't ever become so stupid. [VR-1988]
  8. Re:Really? by Alumoi · · Score: 2

    Trained people do NOT get those jobs.

  9. Re:SSDD by somersault · · Score: 2

    Ah thanks. I always read that as "Solid State Disk Drive". I wondered why it was a mission name in MW2.

    --
    which is totally what she said
  10. Re:SSDD by Bigbutt · · Score: 2

    And I read it as Single Sided Double Density.

    [John]

    --
    Shit better not happen!
  11. Re:pack.exe as Perl/ZeuS Trojan? by betterunixthanunix · · Score: 2

    It's not hard at all to install FireFox in userspace

    It can be, if you mounted the home directories partition with "noexec".

    --
    Palm trees and 8
  12. Why Windows is to blame. by whoever57 · · Score: 2

    Don't blame Windows. This was a case of government employees being duped by an email Christmas Card. They may as well have "checked out this screensaver!" or pictures of "Anna Kornikova"

    Apologists like you are why we have lousy computer security as a nation.

    You blame the users, elsewhere people blame the sysadmins for not locking down the systems. Which is it? Neither, because the root problem is that Windows is designed to be used in a non-locked down mode.

    How many people actually run Windows as non-admin users? It's a pain. Why is it that sysadmins don't lock down Windows machines? If this were not the norm, one could blame a few sysadmins for not doing their job properly, but it reflects how most Windows systems are used. Why is this? The answer lies in how people expect to run Windows -- from developers through to users -- they all expect the systems to be open.

    So, while in theory Windows systems should be locked down, and users should not click on such things, in practice they are not locked down and people click on dangerous links because that is the way Windows is designed.

    Car analogy: if a car manufacturer built cars with ineffective brakes, would you blame drivers for not braking early enough?

    Where Windows is today is that the driver can make an adjustment that would make the brakes work properly, but if that were done, the car would be limited to 50mph. No-one chooses that option.

    --
    The real "Libtards" are the Libertarians!
    1. Re:Why Windows is to blame. by c6gunner · · Score: 2

      How many people actually run Windows as non-admin users?

      In an enterprise environment? The majority. On government systems? EVERYONE.

      This e-card had nothing to do with admin rights, so claiming that "the root problem is that Windows is designed to be used in a non-locked down mode" is silly, at best.

      Or, to put it in simpler words: "Apologists like you are why we have lousy computer security as a nation."

    2. Re:Why Windows is to blame. by whoever57 · · Score: 2

      In an enterprise environment? The majority. On government systems? EVERYONE.

      So, what you are saying is that it is impossible to lock down Windows so that it is secure?

      --
      The real "Libtards" are the Libertarians!
  13. What do they earn? by Anonymous Coward · · Score: 2, Interesting

    I'd love to see a salary list of all the morons that fell for this. I'm sure most make pretty solid money, yet are too stupid or gullible to see these obvious scams for what they are. Fucking pathetic. God bless america!

  14. Re:pack.exe as Perl/ZeuS Trojan? by Frosty+Piss · · Score: 2

    MLS policies should forbid a program that you download from some random website from even opening a file that is "Top Secret," let alone sending a copy to some other system.

    I seriously question the idea that Classified was downloaded from any Government / Military computers by this malware, SIPRNET and NIPRNET are two distinct networks. No one is opening greeting card email on SIPRNET. It simply isn't happening.

    There is a difference between For Official Use Only (FOUO), which can be on any gov computer, and actual classified material.

    Now, *Contractors*, who knows...

    If these "hackers" were serious, they would have sent out Lady GaGa cd's to random gubment employees...

    --
    If you want news from today, you have to come back tomorrow.
  15. Re:Really? by spamking · · Score: 2

    Training has little to do with it. You need the personality traits of common sense and healthy suspicion, which no amount of training will imbue you with. At best, you can be a parrot, but won't be able to apply those traits to new and unknown situations, which is what was required here.

    Bull. Training has alot to do with it. Sure some people won't "get it" and continue to do stupid stuff while on a PC at work, but to blatantly write off training is stupid. Tons of Federal employees grew up without PCs and were "trained" to use them at work. Many of these folks actually pay attention to training and react accordingly to various situations.

    However, there are those folks who will NEVER get it and continue to open up every email attachment they get regardless of who it comes from and if they're expecting it or not.

  16. Re:Hey, whatd'ya know... by c6gunner · · Score: 2

    No, not at all. This just shows that there are idiots everywhere. Anyone who's ever worked in IT has had to deal with a coworker or boss who is so incompetent that they'd probably screw up a fry-chef job at McDonalds. I'm not exactly shocked that a few of them clicked a spoofed e-mail.