The feds weigh in on Windows security

TalkBack 22 of 22:: « Previous

Thread View
Flat View

Exploit of Microsoft Office for Spying: On Monday, April 23, 2007, I was distressed to find a piece in USA Today regarding spying. This article is directly related. According to the USA Today piece (front page lower section). Gangs are hired to target specific military, trade and infrastructure servers at government agencies and corporations. The gangs use the "weapon" of Microsoft Office files attached to email to gain control of Personal Computers and then roam the organization's internal network. This gives those hiring the Gang advantage over the organization targeted. The goal is to keep the roaming secret, unlike the goal of hackers who may just want to make Microsoft or the agency / corporation look bad. 216 different agencies and companies are known to have been targeted in the last year and the article makes China out to be the source.

Lets remember that it is not just Tongs but also benevolent societies of Irish and Italian (ie EU) immigrants that have gangs (I make no distinction between a cyber gang and just a gang). The gangs hire lawyers to represent their interests and it is not correct for the USA article to target just the China based ones.

Here I am suggesting that agents hoping to protect those who hire them seek to discover data on internal networks that can be used in court cases. There is nothing new here. Lawyers have been hired to protect the interests of emigrant groups in the USA since the gold rush. The only difference is that much of what is wanted for discovery is now stored on internal networks rather than in a file case.

Members of benevolent societies that have been formed to help immigrants work in the USA are going to open Microsoft "weapon" attachments. Again it is not just Tongs. It includes Irish and Italian and likely many other groups that because of language and cultural skills and prejudice band together to assist each other in the USA work place.

One of the first things done when these "gangs" are formed is to hire legals who hire the detectives, not unlike those hired by HP's Dunn, who exploit Microsoft Office attachments for spying. At least with government agencies, the data is public in theory. With corporations the data belongs to the share holders and anyone can own shares. So if the spy does not pass on things like social security numbers the argument will be is this wrong?

IT professionals are not the ones to answer that question alone. Nonetheless, we in IT can encourage our organizations to move off of email attachment forms of communication that enable spying. Attachments can be sent in PDF and Text. Links can be provided to spread sheets, powerpoint presentations and open documents stored on servers that are known not to contain spy enablers. All Microsoft attachments can be stripped from email with a note that the recipient must request that the attachment be put into PDF or other form when they really need it.

Frank L. Mighetto CCP
Mexican Italian; Posted by: mighetto Posted on: 04/23/07 You are currently: a Guest | Members login | Terms of Use