ABSTRACT:
In this talk I shall describe the case of a malware-based electronic
surveillance of a political organization by the agents of a
nation state. While malware attacks are not new, two aspects of
this case make it worth serious study. First, it was a targeted
surveillance attack designed to collect actionable intelligence
for use by the police and security services of a repressive
state, with potentially fatal consequences for those
exposed. Second, the modus operandi combined social phishing with
high-grade malware. This combination of well-written malware with
well-designed email lures, which we call social malware, is
devastatingly effective. Few organizations outside the defense
and intelligence sector could withstand such an attack. This work
is of importance not just to companies that may attract the
attention of government agencies, but to all companies. As social
malware attacks spread, they are bound to target people such as
accounts payable and payroll staff who use their computers to
make payments. The traditional defense against social malware in
government agencies involves expensive and intrusive measures
that range from mandatory access controls to tiresome operational
security procedures. These will not be sustainable in the
economy as a whole. Hence, prevention will be hard.
This work received coverage from the New York Times in a March 28,
2009 article entitled "Vast Spy System Loots Computers in 103
Countries":
http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1
|
