Syrian Social Hack Co-Opts Fighter's Computers

hij (552932) writes "The BBC is reporting that Syrian government forces used a social hack to gain access to opposing forces computers. By acting like women sympathetic to their cause they were able to send images laced with malware to the fighters. From the article: "Fake 'femme fatales' have been used to steal battle plans and other data from Syrian opposition groups, a report suggests. The virtual women had been used in text chat on Skype to engage potential victims, security company FireEye said. And data had been stolen via booby-trapped images of the women to whom the victims had believed they had been chatting."

Re:who still falls for this picture.jpg.exe nonsen

[tlhIngan]

A random stranger sends you an executable file and tells you it's their picture. Go ahead, click on it.

Yeah, seems legit. Come on.

Anyone who falls for such transparent hacking attempts deserves what they get.

Lots of people do. it's called Dancing Pigs (or rabbits) and is probably the biggest security hole in computing today.

We like to complain about Apple's walled garden and such, but such a security model isn't governed from Jobs' ass - it came from deep understanding that humans are vulnerable, and most malware attacks take advantage of that vector. From sending seniors "hey, I'm your nephew, send me $100" scams to "I'm trapped in London, wire me $2000 for a plane ticket" sent to friends.

It doesn't take much to go beyond that - just get the person's trust and you can accomplish a lot. It's a lot more like spear phishing than anything - the user trusts the source and the guard goes down. Hell, I'm sure if you did a survey, most parents would click on an attachment if it appeared to be sent from their children, especially if said child works in IT. Perhaps even your parents will think "well, if he sent it, it must be something I need to do".