Tuesday May 6, 03:35 AM
Hackers harpoon US executives with phony email subpoenas
By Glenn Chapman
SAN FRANCISCO (AFP) - US federal court officials have warned that hackers are emailing phony subpoenas embedded with malicious software to high-ranking executives to steal valuable corporate information.
Thousands of powerful US executives have received the bogus emails that contain links which, if clicked on, install software letting hackers take control of computers and swipe passwords or other sensitive data.
Internet security insiders refer to the attacks as "whaling" because they use social-engineering trickery involved in "phishing" but target individual "big phish" instead of casting nets in a sea of Internet users.
"The success rate was incredibly high," Websense Security Labs manager Stephan Chenette told AFP.
"Most likely due to the nature of the content and the real data, the emails had their exact names and legal language in there that made it seem like a serious subpoena."
The emails are crafted with the seal of the US federal court in San Diego, California, and are addressed to executives using their names, addresses and other individual details.
Clicking on a link to see a "subpoena" displays a realistic looking document and stealthily installs malicious computer code in the reader's computer.
"When the recipient tries to view the document, they unwittingly download and install software that secretly records keystrokes and sends the data to a remote computer over the Internet," court officials said in their warning.
"This enables criminals to capture passwords and other personal or financial information and starts software that allows the computer to be controlled remotely."
Subpoenas in the United States are usually served in person to assure judges that the orders from courts have been properly received by those named.
US investigators believe the hackers are not familiar with the court system because the website executives are directed to uses a "uscourts.com" domain name while actual court online addresses typically end in ".gov."
Aspects of writing in the messages appear British, according to police.
Among the targets have been executives at banking giant CitiBank, Time Warner (NYSE: TWX - news) -owned America OnLine and Internet auction house eBay, according to the courts.
The hackers likely got confidential information about intended victims stolen or gathered in the Internet's underworld.
"In the malicious community there is a lot of buying and selling of credit card and other information," Chenette said.
"Attackers buy cell phone numbers, home addresses and other specifics about people. In this case they were identifying and going after larger executives."
There is a trend toward more convincing, targeted "whaling" attacks, according to Chenette, who says to be wary of supposed court or tax department emails.
Trick emails with giveaway spelling errors of the kind that gave "phishing" its name are giving way to well-crafted, believable messages honed using confidential information about targets.
"The future of spam is to become more evasive and successful," Chenette said. "It is always a cat and mouse game ... a very real game."
|
|
|
Send Article by Email
Send Article by IM
Blog This with Y! 360
Printable View
