In January 2014, Snowden claimed to have "made tremendous efforts to report these programs to co-workers, supervisors, and anyone with the proper clearance who would listen" (Cassidy, 2014). Snowden further stated that reactions to his disclosure varied widely but no one was willing to take any action. In March 2014, Snowden reiterated his early testimony saying that he had reported "clearly problematic programs" to ten officials (Cassidy, 2014).
Cassidy, J. (2014, January 23). A vindicated Snowden says he'd like to come home. The New Yorker. Web. 27 May 2014.
I consider Thorisson's description of whistleblowing to be an apt description of the necessary and pivotal actions that must be taken in order to bring illegal activities into the light. It is not enough to tell people about the problem who have no authority to take action toward fixing the problem or making the appropriate changes to labor, practice, or policy. Typically, those people who may be sympathetic by don't have official duties and responsibilities in the relevant realm can put their own career in jeopardy by trying to take action or pass the message up the chain. It is important that those who are given the information not be on parity with the whistleblower. Someone in a position of authority needs to be made aware of the problem, and that receiving person needs to take steps to bring the problem to the correct person, and to standby in order to be certain that the proper steps are being taken. It is often the case that he act of reporting is also the act of informing the proper authorities about the illegal action. While this may seem narrow in focus, it is sufficient in effect. For instance, while it might be within the spirit of the policy, but not the letter to, say, drop a note onto the desk of the proper authority, this would not be sufficient. This is an act of reporting and not of seeking out the appropriate party necessarily, but it is not talking (or reporting) truth to power, which is a necessary aspect of reporting to the proper authorities.
Allen, Malcolm. "Social Engineering: A Means To Violate A Computer System," SANS Institute, 2006, available online at https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
Dimension Research. "The Risk Of Social Engineering On Information Security:
A Survey Of It Professionals" in Dimension Research, Sept. 2011, available online at http://www.checkpoint.com/press/downloads/social-engineering-survey.pdf
Honan, Mat. "How Apple and Amazon Security Flaws Led to My Epic Hacking" in Wired. 8 June 2012, available at http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
Harper, Allen et al. "Grey Hat Hacker: the Ethical Hacker's handbook." 2011, Ebook, available online at http://mirror.ebooks-it.org/e-books/mcgraw-hill/McGraw.Hill.Gray.Hat.Hacking.The.Ethical.Hackers.Handbook.3rd.Edition.Jan.2011.ISBN.0071742557.pdf
Kabay, M. "Social engineering in penetration testing: Cases
Merriam -- Webster. "Engineering." N.d. available online at http://www.merriam-webster.com/dictionary/engineering
Microsoft. "How to Protect Insiders from Social Engineering Threats." 2006. Available online at http://technet.microsoft.com/en-us/library/cc875841.aspx
Penetration tests with a social-engineering angle" in Network World, October 25, 2007, available online at http://www.networkworld.com/newsletters/2007/1022sec2.html
Perrin, Chad. "Mitigating the social engineering threat" in IT Security, 2010, available online at TechRepublic, http://www.techrepublic.com/blog/it-security/mitigating-the-social-engineering-threat/#.
SANS Institute. "Social Engineering Awareness: Employee Front Desk Communication & Awareness Policy." N.d.
Schneier, Bruce. "Social Engineering: People Hacking" in Enterprise Risk Management, 2009, available online at http://www.emrisk.com/knowledge-center/newsletters/social-engineering-people-hacking
Symantec. Francophoned. August 2013, available online at http://www.symantec.com/connect/blogs/francophoned-sophisticated-social-engineering-attack)
Winkler, Ira. "Security Tips: Social Engineering The Non-Technical Threat to Computing Systems" in Computing Systems, Volume 9, Number 1, Winter 1996, available online at https://www.utdallas.edu/infosecurity/STsocial.html
Appendix 1 Complete Security Response Symantec
Risk Level 2: Low
Discovered: February 22, 2011
Updated: February 22, 2011 2:17:39 PM
Type: Trojan, Worm
Infection Length: Varies
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
W32.Shadesrat is a worm that attempts to spread through instant messaging applications and file-sharing programs. It also opens a back door on the compromised computer.
Wild Level: Low
Number of Infections: 0-49
Number of Sites: 0-2
Geographical Distribution: Low
Threat Containment: Easy
Damage Level: Medium
Payload: Opens a back door.
Performs DDoS attacks.
Download files on to the computer.
Releases Confidential Info: Steals passwords for certain applications.
Distribution Level: Medium
Target of Infection: May spread through file-sharing applications, instant messaging applications, and its own BitTorrent application.
This worm may arrive on the computer at a location and using a file name specified by the attacker, for example:
%CurrentFolder%[THREAT FILE NAME].exe
When the worm executes, it creates the following registry subkey:
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID[EIGHT TO TEN RANDOM CHARACTERS]
Next, it modifies the following registry entry in order to add itself to the list of applications authorized by the Windows firewall:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList"%CurrentFolder%[THREAT FILE NAME].exe" = "%CurrentFolder%[THREAT FILE NAME].exe:*:Enabled:Windows Messanger"
The worm then connects to a remote location allowing an attacker to perform the following commands on the compromised computer:
Hijack the audio or video on the compromised computer
Inject itself into other running executable files
Perform DDOS attacks through UDP flooding
Record all keystrokes
Run as a proxy, redirecting an attackers traffic
Sniff network traffic
Upload or download files through HTTP and FTP
Next, the worm may steal passwords from the following applications:
It may then search through the registry for a number of installed applications and steal passwords from these as well.
The remote attacker may attempt to spread the worm through the following file-sharing applications, if installed on the compromised computer:
The worm may also be instructed by the remote attacker to install its own BitTorrent application in order to spread to other computers.
It may also attempt to spread through instant messaging applications by dropping a link to itself in any active windows.
Writeup By: Gavin O'Gorman
Appendix 2 -- Spear phishing attack email
Appendix 3 -- Industries targeted by Operation Francophoned
Appendix 4 -- Operation Francophoned detections worldwide