E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: National Post

Posted on March 12, 2012

An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO's Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers.

Classified briefings suggest the hackers were working from a Chinese government office, the Daily Telegraph reported.

Amusing as it is to see military minds fall for such a simple and seemingly innocuous trick, (a NATO spokesperson said that "discussions/chats/postings on Facebook are of course only about unclassified topics"), another related discovery illustrates the vulnerability to espionage created by social media, and the high stakes in play.

Using similar ploys, Chinese spies are believed to have breached the cyber-defences of the British defence contractor BAE, and over a period of 18 months stolen vast details of the F-35 Joint Strike Fighter, a multinational effort including Canada to create the world 's best fighter jet.

Citing security sources, The Sunday Times reported the JSF's radar systems may have been compromised, and therefore there may be the potential for a situation in which a fighter pilot cannot trust his radar.

The newspaper reported that the attacks were identified three years ago, and kept secret until they were disclosed at a dinner of cyber-security experts in London in December. It quoted a person in attendance who said a representative of BAE "seemed genuinely concerned that the attack had gone on undetected for so long and that it posed a threat to the aircraft 's defences."

Espionage is a major worry for every defence contractor, and much effort is directed at detecting, preventing and correcting it. BAE said it does not comment on allegations of cyber attacks, and the Chinese embassy in London called it a "baseless allegation," and said China condemns all forms of online crime, the Times reported.

But taken together, the two stories stake out the two extremes of online vulnerability in an interconnected world. Using the same easy trick, your enemies can evidently learn both the name of your dog and how your fighter jet works.

The scams also cast light on the productive use that can be made of so-called "spear-phishing," or targeted messages from a source the victim actually knows. A common example is an email that looks like it came from a person 's bank, asking for account numbers and passwords.

Spear-phishing against such high-ranking targets is sometimes known as "whaling."

In 2009, researchers with the University of Toronto, and others, discovered a massive online spying operation known as GhostNet, believed to be run by China. In that case, malicious software had been used to infiltrate more than 1,000 computers in highly strategic locations, mostly in Asia, including embassies and government offices.

In some cases, the computers could be remotely accessed and controlled, to the point of turning on audio and video recording for surveillance.

Also in 2009, a large-scale attack on oil, energy and petrochemical companies known as Night Dragon used similar strategies of Facebook impersonation to target financial information. This was also traced to China, although not definitively and China denied it.

As Ronald Deibert, one of the lead researchers on the GhostNet project, put it in a 2010 article for the Christian Science Monitor, co-authored with Rafal Rohozinski: "While Twitter, Google Groups, Yahoo Mail, and Flickr may make our cyberexperiences much more convenient, interactive, and richly engaging, they also create two risks: a wide spectrum of new security vulnerabilities and a multiplicity of ever-evolving vectors through which victims can be targeted and attacks mounted."

Admiral Stavridis now has an official Facebook page, on which he appears to be very active. The fake one has been removed.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.