Russian spear phishing attack against .mil and .gov employees

Last Updated on Monday, 8 February 2010 08:52 Written by Jeffreycarr Monday, 8 February 2010 08:52

A “relatively large” number of U.S. government and military employees are being taken in by a spear phishing attack which delivers a variant of the Zeus trojan. The email address is spoofed to appear to be from the NSA or InteLink concerning a report by the National Intelligence Council named the “2020 Project“. It’s purpose is to collect passwords and obtain remote access to the infected hosts. Considering the target (.gov and .mil employees), and the purpose, I can’t imagine a better use for a National Security Letter than to have one hand-delivered to the company who has been leasing servers to these bad actors for years.

Brian Krebs broke the story.

Jim McQuaid adds additional info.

And this week’s IntelFusion FLASH Traffic explores the problem in greater depth (subscription service).

Bottom line, the U.S. needs to emulate China and start forcing bad ISPs to either clean up their act or shut them down. This is getting friggin’ embarassing.

The Friday Brief

Last Updated on Friday, 9 January 2009 09:10 Written by admin Friday, 9 January 2009 09:10

First, thanks to those of you who responded after yesterday’s announcement. Your thoughts and suggestions are much appreciated. Please keep them coming.

Now for some weekend reading:

• Sources and Methods discovers a “stealth” paper from the National Intelligence Council.
• Top FBI official names the second greatest threat after WMDs. 
• ProgrammableWeb has set up a Government API and Mashups Dashboard. Very cool!
• This type of cyber attack is making lots of smart folks nervous.

The Evolution of Preparing the NIC’s Global Trends 2025 Report

Last Updated on Sunday, 21 December 2008 01:25 Written by admin Friday, 21 November 2008 09:17

I haven’t read the full report yet. I hope to do so this weekend, but I did notice a trend in how this report was prepared in contrast to the NIC’s earlier efforts.

It reflects the larger trend that is happening within the business of Intelligence analysis overall; both in the National Security sector and in Business Intelligence – insular, stove-piped work is being replaced with barrier-busting exchanges of informed viewpoints across the globe. Here’s how the NIC authors break it down:

Global Trends 2010: “… relied exclusively on expertise within the U.S. Intelligence Community.”

Global Trends 2015: “…engaged more numerous and more varied groups of non-US Government experts, most of whom were American citizens.”

Global Trends 2020: “…we greatly expanded the participation of non-American specialists by convening six seminars on five continents.”

Global Trends 2025: “In addition to increasing still more the participation of non-USG experts from the United States and abroad to develop the framework for the current study, we shared several drafts with participants via the Internet and a series of discussion sessions across the US and in several other countries.”

Not only is this a great way to produce a forward-looking wide-ranging estimate like this one, it’s a model that’s being emulated by efforts like the Technology Intelligence Group (financial intelligence and analytics) as well as the efforts of DNI McConnell to promote an “Analytic Outreach” that cultivates relationships with experts outside of the black gate. I’ve certainly noticed a real movement in that direction by my own contacts within the IC.

Personally, I’m looking forward to reading this latest iteration of Global Trends 2025. I hope you are as well.