Targeted Email Attacks

A MetaFilter member has told some wild stories in the past about the presence of malware attacks at their place of work, and is now compiling them all on a new blog called Targeted Email Attacks.

Screen shot 2011-03-01 at 2.21.14 PM

Before you click away, I want to explain how crazy this story is. The person that runs the blog works at a small non-profit that examines US-Asia policies and it’s in the Washington DC area. In terms of government targets, they’re pretty small potatoes, but if you browse the blog entries know that some group is not only targeting this small NGO by sending them virus-laden attachments but they often impersonate coworkers when attempting to get people to install malicious software (that would likely contain things like keyloggers and various methods of reporting home and giving attackers a way to get into this NGO’s network and download data).

This isn’t your garden variety windows virus junk going out to your entire address book on an infected system, this is straight-up spy-type shit, but the shocking thing to me is that someone is specifically targeting a tiny little non-profit and repeatedly doing some really crazy stuff like sending fake meeting minutes from the blog author’s own boss, and if you get an email like that right after a real meeting at work, I think even I would fall for such a thing.

The crazy part is when you realize it is someone’s (or many someones) job to know everything about a tiny group in Washington and to try again and again to trick them into exploiting their computers. Now imagine if you worked at somewhere like the Pentagon or a larger, more visible NGO that was in charge of lots more data and had lots more employees. I can’t imagine the amount of training required to show people how not to fall for these very believable tricks.

If you thought the world of spying was over when the Cold War ended, it certainly looks like it changed gears a bit and simply moved more to the online world.

Not what it says on the tin

I'm walking down the snacks aisle at Costco today during our bi-annual trip and I couldn't help but notice the extreme sizes of chip bags. You can buy several pounds of tortilla or corn chips in bulk, but there's one bag at the end of the aisle that jumps out at me for its sheer size and girth. The bag is about the size of my torso, maybe three feet tall by one foot wide and my jaw is dropping at inane and insane name they've come up with to market such a snack:

Sensible Portions

Content sausage factories

This is new to me: seeing a friend's awesome (and creepy) halloween cooking idea (which is kind of shocking and disgusting looking even though it's good food inside) show up in content mills I hadn't previously heard of, like 2leep and odditycentral. The 2leep links show up at the tail end of posts at Inquisitr like this one

So it appears that one site pays another to redirect links to a third, which sucks up almost an entire post's writing and photos (with a teeny tiny link to the original, but there's no point in following), and all three sites are coated in advertising.

It seems like someone has taken the old anonymous image aggregator sites (typically no-attribution russian blogs with 200 images in each post) and propped up a business model on it, but at the expense of the original creators of the content. 

The craigslist check con, and its aftermath

From Wikipedia’s entry on Con men and popular cons:

Stolen Cheques. A recent twist on the Nigerian fraud scheme, the mark is told he is helping someone overseas collect “debts” from corporate clients. Large cheques stolen from businesses are mailed to the mark. These cheques are altered to reflect the mark’s name, and the mark is then asked to cash them and transfer all but a percentage of the funds (his commission) to the con artist. The cheques are often completely genuine, except that the “pay to” information has been expertly changed. This exposes the mark not only to enormous debt when the bank reclaims the money from his or her account, but also to criminal charges for money laundering. A more modern variation is to use laser-printed counterfeit checks with the proper account numbers and payer information.

This con is what recently landed a guy in jail, for merely asking his bank (BofA) if a craiglist scammer’s check was legit or not.

Unclench people! Unclench!

For some reason, someone took my recent tongue-in-cheek post way, way too seriously.

I feel like a person that told a knock-knock joke at a party and in response got a 15 minute lecture on the nature of door design, acoustics, and various wood grains that affect the sound of knocks from a materials engineer that specializes in forest and forestry products.

There’s a million things I could say to explain how big corporation news in this country is breaking down and how blogs are on the rise; how the continum between my pissings in the wind here and Bill O’Reilly is a million shades of gray that blurs daily; I could write several thousand impassioned words about how the mass democratization of everything (thanks to the internet) is changing our society for the better; I could tell you tales of working on the code and interface five years ago and being thrilled when we heard “blog” used on TV the first time, but it all seems pointless.

The things I say here are pure opinion, mostly meant to crack up the dozen friends that read it. I don’t aspire to be the NY Times, though other webloggers are certainly heading there, much to their credit. I do think “MSM” is a silly term that makes people sound like outsider cranks, but if I say I’m going to avoid a blog that uses it, that’s about as earth-shattering as my neighbor saying they don’t care for the color orange.

I don’t take myself too seriously, so treat my words accordingly, as I will treat the 50 or so raving emails I’ve gotten in the past 12 hours. Another hint: look up at the address bar and see how seriously I take my words. A whole lot of nothing, get it? No? Try the second definition here.

The Plague!

While trolling usenet looking for strange documentaries, I found exactly that. This piece is very odd: it’s a 30 minute video of a news desk practicing for an all out terror attack on the US (featuring real news guy Forrest Sawyer). They are imagining that someone deployed the black plague in New Jersey, detonated a suicide bomb, and used a plane to deliver chemicals to civilians in Connecticut, with thousands of dead and injured. It features experts, eyewitnesses, and reporters in the field, and it seems like everyone is improvising, as you can kind of sense people making stuff up when pressed during questioning.

It’s 81Mb and I have no idea who did it or why, but it’s clearly just a drill, and a weird one at that. It’s on my blogtorrent server

(sidenote to server geeks: if anyone’s gotten server-side seeding to work in the new blogtorrent beta, let me know — I’m getting python script errors when I try it.)