Targeted attacks and zero day malware have always been rubbing shoulders, and it's not just a fad despite that everyone's remembering the wide-scale malware outbreaks attacking everything and everyone from the last couple of years. But the days of segmenting targeted attacks per country, city, WiFi/Bluetooth spot coverage are only emerging.
The idea of profitably serving a demand for a service however, is promting detective agencies to adapt to today's standards for surveillance and snooping in the form of using malware to obtain the necessary information. And despite that commercially obtainable surveillance tools are cheaply available to everyone interested and taking the risk of using them, customers obviously prefer to leave it to the "pros". Here's a story of an "adaptive" detective agency using targeted emails with malware to spy :
"The jury of five woman and seven men heard how the agency used "Trojan" computer viruses, which were hidden inside emails and attacked computers when opened, allegedly created by American-based IT specialist Marc Caron. Hi-tech devices used to bug phones were installed by interception specialist Michael Hall, the court was told. Prosecutors said a number of them were fitted to BT's telegraph polls and inside junction boxes, but BT eventually hid a camera in one of the boxes and caught him at work."
Here're more details on the targeted attack :
"Mrs Mellon opened it because it "purported to show what her husband was up to", said Ms Moore. It is alleged the agency hacked into emails to snoop on Tamara Mellon. The Trojan then recorded "every keystroke that was made", she said, including such things as bank account numbers and passwords. "They didn't take any money. They didn't steal anything, but from time to time they had a little snoop on behalf of their clients," Ms Moore said."
I imagine a questionnaire from such a detective agency in the form of the following :
- The victim's IT literacy from 0 to 5?
- Are they aware of the concept of anti virus and a firewall?
- List us all their contact points in the form of IM and email accounts
- Are they mobile workers taking advantage of near-office WiFi spots?
You get the point. Hopefully, such services wouldn't turn into a commodity, or even if they do, I'm sure they'll somehow figure out a way to legally forward the responsibility to the party that initiated the request.
Related posts:
HP Spying on Board of Directors' Phone Records
HP's Surveillance Methods
Mark Hurd on HP's Surveillance and Disinformation
No comments:
Post a Comment