Thursday, July 21, 2011

The Dalai Lama and Social Engineering

Posted by OurTech Team | Thursday, July 21, 2011 | Category: |






The interesting article archived at www.social-engineer.org/wiki/archives/Spies/Spies-DalaiLama.html
details an attack made on the Dalai Lama in 2009.
A Chinese hacker group wanted to access the servers and files on the network owned by the Dalai
Lama. What methods were used in this successful attack?
The attackers convinced the office staff at the Dalai Lama’s office to download and open malicious
software on their servers. This attack is interesting because it blends both technology hacking and social
engineering.
The article states, “The software was attached to e-mails that purported to come from colleagues or
contacts in the Tibetan movement, according to researcher Ross Anderson, professor of security
engineering at the University of Cambridge Computer Laboratory, cited by the Washington Times
Monday. The software stole passwords and other information, which in turn gave the hackers access to
the office’s e-mail system and documents stored on computers there.”
Manipulation was used as well as common attack vectors such as phishing (the practice of sending
out emails with enticing messages and links or files that must be opened to receive more information;
often those links or files lead to malicious payloads) and exploitation. This attack can work and has
worked against major corporations as well as governments. This example is just one in a large pool of
examples where these vectors cause massive damage.

Currently have 0 Comments:


Leave a Reply