Every now and then you hear about some business or other large entity being “hacked” and a lot of ID theft type information stolen. The impression is left that somehow some super talented ‘hacker’ found around security and into the system to steal the database. What you don’t often see is that the security breach is often a matter of sloppy security in system access credentials (like passwords). Then there’s the intrusions into personal systems. Strategy Page has an item on this: Information Warfare: Russia Strikes Back.
“What most of these large scale attacks have in common is the exploitation of human error. Case in point is the continued success of attacks via Internet against specific civilian, military, and government individuals using psychology, rather than just technology. This sort of thing is often carried out in the form of official looking email, with a file attached, sent to people at a specific military or government organization. It is usually an email they weren’t expecting but from someone they recognize. This is known in the trade as “spear fishing” (or “phishing”), which is a Cyber War technique that sends official looking email to specific individuals with an attachment which, if opened, secretly installs a program that sends files and information from the email recipient’s PC to the spear fisher’s computer. Since 2012 an increasing number of military, government, and contractor personnel have received these official-looking emails with a PDF document attached and asking for prompt attention.”
It is a problem but a first level solution is known – just a bit of care – but it is easier to blame somebody else, especially if its the Chinese or Russians.
Update, see also the story, and especially the comments at DailyTech on the Home Depot hack attack.