A MetaFilter member has told some wild stories in the past about the presence of malware attacks at their place of work, and is now compiling them all on a new blog called Targeted Email Attacks.
Before you click away, I want to explain how crazy this story is. The person that runs the blog works at a small non-profit that examines US-Asia policies and it’s in the Washington DC area. In terms of government targets, they’re pretty small potatoes, but if you browse the blog entries know that some group is not only targeting this small NGO by sending them virus-laden attachments but they often impersonate coworkers when attempting to get people to install malicious software (that would likely contain things like keyloggers and various methods of reporting home and giving attackers a way to get into this NGO’s network and download data).
This isn’t your garden variety windows virus junk going out to your entire address book on an infected system, this is straight-up spy-type shit, but the shocking thing to me is that someone is specifically targeting a tiny little non-profit and repeatedly doing some really crazy stuff like sending fake meeting minutes from the blog author’s own boss, and if you get an email like that right after a real meeting at work, I think even I would fall for such a thing.
The crazy part is when you realize it is someone’s (or many someones) job to know everything about a tiny group in Washington and to try again and again to trick them into exploiting their computers. Now imagine if you worked at somewhere like the Pentagon or a larger, more visible NGO that was in charge of lots more data and had lots more employees. I can’t imagine the amount of training required to show people how not to fall for these very believable tricks.
If you thought the world of spying was over when the Cold War ended, it certainly looks like it changed gears a bit and simply moved more to the online world.