AOH :: ISNQ5511.HTM

Air Force Cyber Command Gives Away the Goods




Air Force Cyber Command Gives Away the Goods
Air Force Cyber Command Gives Away the Goods



http://blog.wired.com/27bstroke6/2008/04/air-force-cyber.html 

By Kim Zetter 
Threat Level
Wired.com
April 15, 2008

Businessweek published an interesting story last week about cyber 
espionage involving a spear-phishing attack [1] that targeted a Booz 
Allen Hamilton executive. The e-mail contained an attachment embedded 
with a key-stroke logger and appeared to come from a trusted source in 
the Pentagon. The attacker "knew enough about the 'sender' and 
'recipient' to craft a message unlikely to arouse suspicion."

Spear phishing of course involves a targeted attack against a specific 
individual or individuals. To be effective, it requires the attacker 
know something about the target of the attack -- the target's work 
title, the nature of his duties, etc.

This makes it all the more perplexing why the Air Force Cyber Command 
center, which has been charged with the task of combatting the nation's 
cyber enemies [2], published the photo above, which, according to one 
critic, provides a good deal of information to anyone who might want to 
target some of the Air Force command personnel and systems in an attack 
like the one that targeted Booz Allen and many others.

The photo was published in the World Tribune last week, accompanying a 
story about the command center [3] and also appeared on the Air Force's 
own web site [4] last July. Even Wired.com used it to illustrate a story 
about the Cyber Command center [5] two months ago.

But Rob Rosenberger, formerly of the VMyths web site, counts the ways 
[6] in which this picture was a bad idea.

I'm curious to know if any other readers think this picture was a 
mistake.

[1] http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm 
[2] http://blog.wired.com/27bstroke6/2008/02/air-force-launc.html 
[3] http://www.worldtribune.com/worldtribune/WTARC/2008/ea_china0041_04_10.asp 
[4] http://integrator.hanscom.af.mil/2007/July/07192007/CyberCommand.jpg 
[5] http://www.wired.com/politics/security/news/2008/02/cyber_command 
[6] http://securitycritics.org/column/1/1/2008/2/3/ 


-==-
Let identityLoveSock take your personal information into 
their wanting hands. http://www.identity-love-sock.com/ 
Because victims have money too. 

Site design & layout copyright © 1986-2014 CodeGods