NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2008-q2

[ISN] Air Force Cyber Command Gives Away the Goods

From: InfoSec News (alertsinfosecnews.org)
Date: Wed Apr 16 2008 - 01:29:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://blog.wired.com/27bstroke6/2008/04/air-force-cyber.html

By Kim Zetter
Threat Level
Wired.com
April 15, 2008

Businessweek published an interesting story last week about cyber
espionage involving a spear-phishing attack [1] that targeted a Booz
Allen Hamilton executive. The e-mail contained an attachment embedded
with a key-stroke logger and appeared to come from a trusted source in
the Pentagon. The attacker "knew enough about the 'sender' and
'recipient' to craft a message unlikely to arouse suspicion."

Spear phishing of course involves a targeted attack against a specific
individual or individuals. To be effective, it requires the attacker
know something about the target of the attack -- the target's work
title, the nature of his duties, etc.

This makes it all the more perplexing why the Air Force Cyber Command
center, which has been charged with the task of combatting the nation's
cyber enemies [2], published the photo above, which, according to one
critic, provides a good deal of information to anyone who might want to
target some of the Air Force command personnel and systems in an attack
like the one that targeted Booz Allen and many others.

The photo was published in the World Tribune last week, accompanying a
story about the command center [3] and also appeared on the Air Force's
own web site [4] last July. Even Wired.com used it to illustrate a story
about the Cyber Command center [5] two months ago.

But Rob Rosenberger, formerly of the VMyths web site, counts the ways
[6] in which this picture was a bad idea.

I'm curious to know if any other readers think this picture was a
mistake.

[1] http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm
[2] http://blog.wired.com/27bstroke6/2008/02/air-force-launc.html
[3] http://www.worldtribune.com/worldtribune/WTARC/2008/ea_china0041_04_10.asp
[4] http://integrator.hanscom.af.mil/2007/July/07192007/CyberCommand.jpg
[5] http://www.wired.com/politics/security/news/2008/02/cyber_command
[6] http://securitycritics.org/column/1/1/2008/2/3/

-==-
Let identityLoveSock take your personal information into
their wanting hands. http://www.identity-love-sock.com/
Because victims have money too.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]