Phishing for Military Secrets, and Zittrain’s Book
Wednesday, April 16th, 2008 by Harry LewisBusiness Week has a story that is scary and maybe reassuring at the same time. Perhaps it will be reassuring to people who have opened an email or clicked on an attachment against their better judgment that people who handle sensitive military secrets are tempted to do the same.
The spam and phishing attacks I receive are pretty lame, like this one I got today:
Dear HARVARD.EDU Subscriber,
To verify your HARVARD.EDU account, you must reply to this email immediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated from our database.
…
Thank you for using HARVARD.EDU !
THE HARVARD.EDU TEAM
The reply-to address is a mysterious gmail account, but if that weren’t bad enough, the thank-you from HARVARD.EDU is a dead giveaway. The ones that Booz Allen received were of much higher quality. They appeared to come from a real person in the office of the Secretary of the  Air Force, an individual with responsibility for sales of aircraft to foreign governments. And that is what the body of the email was about. But it was malware–wired to install software in the recipient’s computer that would log keystrokes and screenshots and send them to … China. We report  in Blown to Bits that after the major communications trunks to the Chinese mainland were severed by an earthquake, the volume of spam reaching the US dipped for a few days.
Costly as spam may be, the problem the Business Week article reports is potentially more serious. Effective breaches of the security of military and intelligence computer systems endanger U.S. security, and also undermine public confidence in the Internet itself.So the government is responding. According to the story, “By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President’s order a cyber security ‘Manhattan Project.’”
This is what Jonathan Zittrain is worried about, in his new book, The Future of the Internet–And How to Stop It–that the wide open Internet with which we are familiar will prove to be more trouble than it is worth, and we will, for our own good, opt for a safer network to which Chinese spies, and probably also American teenagers, cannot get connected.   The Boston area launch of Zittrain’s book will be at Langdell Hall at Harvard at 6pm this Friday, April 18. It’s a great book and should be a great event!