Plenty of cyberwar out there, we’re just mostly not targets

SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc

These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.

The attacks generally start with a very trustworthy looking e-mail, being spoofed as originating from a known contact, to someone within a community. Some impressive social engineering tricks are used:

* Messages make a strong statement on a well known individual or group, but do not mention its name. The attachment is then named after that individual. A state of ‘cognitive dissonance’ is invoked between the reader’s pre-existent beliefs and the statement. There’s a natural urge to click on the attachment to confirm that belief;
* The writing style of the purported sender is usually well researched to have the message look as believable as possible;
* The content of the document actually matches closely what was discussed in the e-mail message;
* Having legitimate, trusted, users actually forward along a message back into the community.

We (the well-off developed-world types) are more profitable targets for economic crimes than political intimidation…

I’ve started calling under-the-radar stuff like this the Schell Effect, after the riff at the beginning of The Fate of the Earth where he explains that all the usual post-apocalypse fiction is ridiculously biased because it’s told from the viewpoint of the survivors.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: