Monday, December 5, 2005

SPEAR-PHISHING Phishing is slowly but surely replacing spam. But it is much more dangerous, in particular what is called 'spear phishing', which is a step further from 'vanilla phishing'. If you have received emails purportedly coming from people you know, with content that is very realistic you may have been targeted by spear phishing. You might notice then that the email address given in the header of these fakes differs only slightly from the regular address of your acquaintances or friends. The spear-phishers must have access to some of your own mail by illegal means. Their aim is to log your complete computer activity. NewYorkTimes: "Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims. Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and web sites not only look like near perfect replicas of communiqués from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked. And spear-phishing is usually not the plaything of random hackers; it is more likely, analysts say, to be linked to sophisticated groups out for financial gain, trade secrets or military information. Authorities learned that at least 15 senior members of three of Israel's largest private investigative agencies were involved in a scheme in which dozens of companies received a compact disc or an e-mail message offering a business opportunity. Israeli investigators have unearthed e-mail messages indicating that Haephrati interacted with a number of companies and governments in countries besides Israel; Wismonsky said e-mail messages suggest that Haephrati once apparently tried to sell his spyware to the Norwegian government." This form of spying can be economical, political or just for pure personal enmity; even governments can use it. Israel seems to be the hub of spying. Computerworld: "A bug in Microsoft Corp.'s Internet Explorer Web browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker." It seems the battle for the internet has started. On the one hand the criminal vs. the legal use of internet and on the other hand the fight for power over the internet. TheRegister: "The World Summit in Tunis last month was overshadowed by the global argument over internet governance. Its biggest controversy came with the proposition put forward by the EU a month earlier that there be a new inter-governmental body that oversee ICANN. The US government - which currently enjoys unilateral control over the internet infrastructure - was furious and launched an enormous lobbying campaign, both public and private, across the board to retain its position." 4:18:57 PM

© Copyright 2006 Hetty Litjens.