The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [49]
There are two other types of malicious software you may find shocking. One can feed the attacker every word you speak within range of your computer microphone, even when you think the microphone is turned off Worse, if you have a Web cam attached to your computer, an attacker using a variation of this technique may be able to capture everything that takes place in front of your terminal, even when you think the camera is off, day or night. lingo
note
MALWARESlang for malicious software, a computer program, such as a virus, worm, or Trojan Horse, that performs damaging tasks.
mitnick message
Beware of geeks bearing gifts, otherwise your company might endure the same fate as the city of Troy. When in doubt, to avoid an infection, use protection.
A hacker with a malicious sense of humor might try to plant a little program designed to be wickedly annoying on your computer. For example, it might make your CD drive tray keep popping open, or the file you’re working on keep minimizing. Or it might cause an audio file to play a scream at full volume in the middle of the night. None of these is much fun when you’re trying to get sleep or get work done ... but at least they don’t do any lasting damage.
MESSAGE FROM A FRIEND
The scenarios can get even worse, despite your precautions. Imagine: You’ve decided not to take any chances. You will no longer download any files except from secure sites that you know and trust, such as SecurityFocus.com or Amazon.com. You no longer click on links in email from unknown sources. You no longer open attachments in any email that you were not expecting. And you check your browser page to make sure there is a secure site symbol on every site you visit for e-commerce transactions or to exchange confidential information.
And then one day you get an email from a friend or business associate that carries an attachment. Couldn’t be anything malicious if it comes from someone you know well, right? Especially since you would know who to blame if your computer data were damaged.
You open the attachment, and ... BOOM! You just got hit with a worm or Trojan Horse. Why would someone you know do this to you? Because some things are not as they appear. You’ve read about this: the worm that gets onto someone’s computer, and then emails itself to everyone in that person’s address book. Each of those people gets an email from someone he knows and trusts, and each of those trusted emails contains the worm, which propagates itself like the ripples from a stone thrown into a still pond.
The reason this technique is so effective is that it follows the theory of killing two birds with one stone: The ability to propagate to other unsuspecting victims, and the appearance that it originated from a trusted person.
mitnick message
Man has invented many wonderful things that have changed the world and our way of life. But for every good use of technology, whether a computer, telephone, or the Internet, someone will always find a way to abuse it for his or her own purposes.
It’s a sad fact of life in the current state of technology that you may get an email from someone close to you and still have to wonder if it’s safe to open.
VARIATIONS ON A THEME
In this era of the Internet, there is a kind of fraud that involves misdirecting you to a Web site that is not what you expected. This happens regularly, and it takes a variety of forms. This example, which is based on an actual scam perpetrated on the Internet, is representative.
Merry Christmas ...
A retired insurance salesman named Edgar received an email one day from PayPal, a company that offers a fast and convenient way of making on-line payments. This kind of service is especially handy when a person in one part of the country