Attackers have targeted Harry Potter and no amount of magic can pull the secrets back. Yes, as you may have heard, the unofficial word is out about how the newest Harry Potter episode concludes. To me, that isn’t as much of the story as is how that information supposedly became available. If you came here looking for the spoiler information, the only thing we’re spoiling here is the attack method.
A few days ago, on a popular hacking email list, someone claiming to be part of an activist group described how they did it (along with some "spoiler details" about Harry Potter and the Deathly Hallows). This is the real story and should strike fear in IT administrators and computers owners everywhere (including you parents with kids that use a PC on your home network).
The method was as simple as targeting an email address of an employee of Bloomsbury Publishing. Using some sort of engineered temptation to "click on the animated icon", the attack caused an exploit to be downloaded to and executed on the user’s PC. This allowed a reverse shell (think of someone having DOS remote control of your PC) to be created. That gave them total control to do whatever they wanted on (and to) that PC. And the attacker does that with the credentials of the user.
Gloating at the success, the attacker commented how amazing it was to see how many people inside the company have copies and drafts of the book. What this means is that the very same thing can be done to our commercial and home networks. From company secrets to home user documents, email stores, pictures of your family on vacation last year, and protected password files can be accessed.
There’s a number of important lessons here:
- One is to stay up to date on patches. Automatic (Windows) Update is the easiest method for this for Windows users.
- Keep Anti-Virus definitions current (as frequent readers of OSG: Bits, Bytes, and Packets know we recommend Kaspersky).
- Distrust email from unsolicited sources.
- Avoid phishing attempts in emails. If you must (for some reason) use a link that came in an unsolicited email, cut and paste the link from the email to the browser to avoid clicking on a link that is going somewhere else other than where it says.
- Teach these methods to your users. Parents need to do the same to their children.
This is all scary stuff that is no longer theory or possibilities discussed by security professionals and web sites. Many people take security as an after thought. You may not believe in magic, but Harry Potter and the other wizards now believe in computer security.