Slashdot Mirror
Syrian Social Hack Co-Opts Fighter's Computers
hij (552932) writes "The BBC is reporting that Syrian government forces used a social hack to gain access to opposing forces computers. By acting like women sympathetic to their cause they were able to send images laced with malware to the fighters. From the article: "Fake 'femme fatales' have been used to steal battle plans and other data from Syrian opposition groups, a report suggests. The virtual women had been used in text chat on Skype to engage potential victims, security company FireEye said. And data had been stolen via booby-trapped images of the women to whom the victims had believed they had been chatting."
Gives a new meaning to the name.
It's always a woman's fault.
Faster! Faster! Faster would be better!
Honey Dicked
that burka thingie should have been a clue.
A random stranger sends you an executable file and tells you it's their picture. Go ahead, click on it.
Yeah, seems legit. Come on.
Anyone who falls for such transparent hacking attempts deserves what they get.
Might just be harking back to the original meaning.....
Opposition forces complain sympathetic women never look like their photos.
-- Thou hast strayed far from the path of the Avatar.
"I'll lift my burka slightly if you'll click on this exe file"
"Okay, sexy girl. But I should warn you that afterwards there is a good chance I'm going to stone you to death for being a whore."
SJW's don't eliminate discrimination. They just expropriate it for themselves.
It's a trap!
Not computers, but Windows computers, please! And any foreign forces that are using computers and software made by the enemy, and expect there are no backdoors, are retards. This is so simple a kid should understand it. Probably they choose more carefully their pants and their haircut than their computers and their choice of operating system.
Lots of people do. it's called Dancing Pigs (or rabbits) and is probably the biggest security hole in computing today.
We like to complain about Apple's walled garden and such, but such a security model isn't governed from Jobs' ass - it came from deep understanding that humans are vulnerable, and most malware attacks take advantage of that vector. From sending seniors "hey, I'm your nephew, send me $100" scams to "I'm trapped in London, wire me $2000 for a plane ticket" sent to friends.
It doesn't take much to go beyond that - just get the person's trust and you can accomplish a lot. It's a lot more like spear phishing than anything - the user trusts the source and the guard goes down. Hell, I'm sure if you did a survey, most parents would click on an attachment if it appeared to be sent from their children, especially if said child works in IT. Perhaps even your parents will think "well, if he sent it, it must be something I need to do".
I hear they do a similar in the USA's, but they use a picture on an AR-15
One of my E-mail accounts (relegated to being the spam/swill account with filters to scoop up anything from the sources I might use) that has been around since the 1990s still gets plenty of those, either "foo.jpg.exe or "foo.jpg .exe" with plenty of spaces between the two.
Part of why this happens is the Dancing Bunnies hole. The receiver really wanted to see what the sender wanted to send, so ignored common sense.
I've had this happen, when I thought the other person decided to have an auto-extracting document. Since it wasn't confidential, I uploaded the executable to virustotal, found that others had uploaded the same thing, it was a known Trojan. End of story. Had I still been unsure, I'd have put it in a virtual machine that is isolated from any physical network as a sandboxed user with zero privs. This, I do sometimes if I need to download some program from a download mirror, one notorious for wrapping the installer with their own scumware, so I can pull out the actual program installer out of the archive. The scumware happily installs and seizes control of the VM, but I then can use the extracted original files on a clean VM after I roll back to a known good snapshot.
The best defense we have against malware is virtualization. Infecting a machine is relatively easy. Jumping out and nailing the hypervisor or the bare metal... not so much.
According to the second link (PDF warning) it was "picture.pif" which was just a renamed self-extracting RAR containing both a photo and a RAT payload.
Now how many people - nerds included - could tell you what a .pif is off the top of their head? Admit it, plenty of you (myself included) would have to look it up because it's probably not something we encounter every day. The real difference between someone who falls for it and someone who won't is that the latter will think "If I don't recognize it I'm not touching it with a 10 foot pole" and the former goes "PIF sort of resembles PICture, maybe it's a PIcture File? Screw it, I want to see if she's a hottie." So yeah, sadly this kind of bait (with sex) and switch stuff still works and probably won't stop working until our species is extinct.
The porn will get 'em every time. An exploit that is very difficult to patch without employing a most unpalatable procedure.
“He’s not deformed, he’s just drunk!”
Doesn't even need to be that sophisticated. I was dealing with one of these "Fake women" once who I was stringing along because I knew it was a scam and so it was kind of fun to toy with the scammer.
It was simple, I uploaded a random picture to a webserver I controlled and told "her" to check it out and when I saw her reply without any logs on my server, I asked a question that would require looking at the photo to answer.... bingo.
I waited a few more minutes of chat while I looked up the IP registration info and shocked "her" by revealing I knew "she" was in Nigeria. Oh that was funny.
Soon after the game changed, and now he wanted to recruit me to remail packages. Strung him along for many weeks, it was kind of a fun hobby for a while.
"I opened my eyes, and everything went dark again"
The people that fall for it are the ones that have their windows set to the default of hiding file extensions. So what they see is "picture.jpg" If they don't notice the picture icon next to it that would be the same as a .exe, then they fall for it.
Really not that innovative for an attack. I'm surprised people still fall for it - but I guess timing is everything with it.
Syrian forces vs ISIS - now who should we root for? Maybe enable both sides to get enough porn, so that they're forced to keep fighting the old way - w/ Kalashnikovs and SAM missiles.
Yes, I used to have to edit some of those. Well, real ones, not the trojans of course, those I just destroyed and had to clean up the mess the users were responsible for.
I don't have the patience for that, but it is funny.
Anyone who falls for such transparent hacking attempts deserves what they get.
Well, considering that these are people who are willing to risk their lives to fight against the government, possibly having been recruited by social engineering, they might not be the sort of people who give a crap about risk. Or to put it another way, having a lot of balls may make them more susceptible to booby traps (now featuring real boobies!).
Also, forgive me if I don't cheer for either side, when one side is the oppressive dictators favoring an unpopular secular/Shi'ite religious view, and the other side is the rebels favoring a more oppressive Sunni religious regime.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Program Information File. Used by Windows 3.x to control the DOS VM for running DOS programs in Windows. I believe they were also used by Windows 9x, but were much obscured by the UI.
Don't blame the user for clicking through a warning message. We get the same warning message with every executable we run, so we tend to ignore it. The problem is the permission model. It's all-or-nothing, instead of principle of least access.
What does Apple's wall garden have to do with clicking on email attachment.
When attacking an organisation, you can rely on luck. Send your dancing pigs to a hundred people. 99 will see it as a scam. One will open it - and that one is all you need to get in. Even if it's just one of the cleaning staff, it's an opening you can use to search for exploitable vulnerabilities.
Don't blame the user for clicking through a warning message. We get the same warning message with every executable we run, so we tend to ignore it.
But the user knows they didn't run an executable; they clicked on a picture. Somewhere in the process there has to be some intelligence. Computers will never be able to know exactly what you want to do. It's up to the user to make intelligent decisions about running software.
Yeah, what the Dog-Cow said. Program information file: used in Windows 3 to assist the operating system in running MS-Dos programs under Windows 3.x. The PIF file contains properties about memory usage (EMS/XMS), Video properties and I believe Execution (timing/pooling) properties. It has been a while since I have run MS-Dos programs under Windows 3.1 in a virtual machine.
...that allows discussion of their military plans in the same environment as chatting up hookers deserves to lose the next battle. Didn't they learn anything from Mata Hari?
http://en.wikipedia.org/wiki/Mata_Hari refers...
Or get them some actual women, so they have something better to do than blow stuff up and get blown up. In one study, this would actually work with crackers - script kiddies greatly lessened their activity after getting a girlfriend. Presumably, the female provided sufficient motivation to venture out from mom's basement.
So what they see is "picture.jpg" If they don't notice the picture icon next to it that would be the same as a .exe, then they fall for it.
Actually it will show the embedded icon from the .exe which can easily be set to look like a picture file.
But what has always confused me is the filename actually shows as "picture.jpg", while an actual picture.jpg would show as just "picture", right? Therefore it should still be possible to distinguish them because a real one does not have ".jpg". Though I can imagine people not noticing, I'm wondering if there is (or was) a much worse bug, such as the display truncating at the first period while file-type lookup used the last period?
Anybody know? I don't have windows here to test.
Well this particular "woman" had responded to an ad I put out looking for roomates. The moment she said she wanted to send a money order I knew what the scam was ad I put the ad right back up, but I was kind of pissed because I took the ad down for a day before "she" gave it away.
"I opened my eyes, and everything went dark again"
I am curious what they mean by "images laced with malware." I assumed all of these image decoder exploits would have been caught by now, but apparently not: http://www.theregister.co.uk/2... A memory safe systems programming language like Rust really cannot come soon enough!
Piss them off and they'll send you slashdot beta, then you're really fucked! Could we maybe start a Fuck Beta day like April 2? Because its the same thing only with more "stink of corporate caring."
Where do you work where cleaning staff has computers and receives regular company e-mails?
Now how many people - nerds included - could tell you what a .pif is off the top of their head? Admit it, plenty of you (myself included) would have to look it up because it's probably not something we encounter every day.
Not the specifics, but man it brings back memories. Us old foggies used to see them all the time, back when they were legitimate.
But how is a PIF file a "booby-trapped image"? There was no image.
Or get them some actual women, ...
The sad truth is that they actually have women ... enslaved.
Anyone who falls for such transparent hacking attempts deserves what they get.
Yeah, it's not like some major operating system hides file extensions by default or anything. Come on!
We used to do this to people when I was in Uni - hop on IRC SexChat channels, pretend to be a girl and get people to run "self extracting zip files" that were really just installs of Sub7. This was some time back in the 90's. People fell for it All. The. Time.
Of course, this was the 90s and people didn't have their guard up on the net as much back then, I suppose. Still, it accounted for many hours of hilarity, back in the day. Surprised people would still fall for it, almost 20 years later.
Is it that same one that won't run the executable?
They are fun to fuck with sometimes. I strung one along once and then sent an email that I was in trouble and needed money. Oh the tears I cried and "I thought you said you loved me." "Please help"
Also did the trace back thing with their email headers. "You said you live in Georgia so why is your email routed through the UK?" Didn't get a reply after that. I guess she fell out of love.
...NSA? FBI? Do you think TLAs have NOT been doing this?