CEOs are in danger

The number of attacks against corporate officials has grown increasingly over the past year. Many suspect most of these attacks to be handiwork of one particularly sophisticated cyber-criminal. The search for the said culprit is a difficult one and extends over a few continents. The cyber-detective’s name is Joe Stewart, a researcher for Atlanta-based SecureWorks Inc.. Stewart has been on the case since February, but is still at loss as to who the perpetrator is or even where he can be found. He first thought he’d found a lead, which took him to China (as was to be expected), but it proved to be false. A huge drawback in the investigation is the fact that many of the victims refuse to discuss their experience.

The number of CEOs that have been attacked is in the thousands range. The attacks were email-based. A CEO would get a personalized email which contained the name, organization and title of the intended victim, thus giving it an air of authenticity. This is a new method, the numbers speak for themselves: last year there would be approximately one such email a day, the end of June, 2007, has seen 500 and in mid-September there were around 1,100 such emails in less than one day.

This amazing (amazingly troubling) number should be attributed to many things. First of all, many CEOs answer emails themselves, which means that they can be directly addressed and infected. Secondly, the popularity of such online communities as Facebook and MySpace provides hackers with information which would otherwise seem useless, but give tips about the person in question. Corporate websites are also a goldmine for hackers when constructing these highly personalized emails. And, of course, the huge variety of illicit software tools online make it a lot easier for hackers, who would previously have to construct their own, whereas now all they need to do is pay a few hundred dollars.

Articles