U.S. Air Force Phishing Exercise went Rogue

U.S. Air Force phishing test transforms into a problem

A cyber-wellness exercise on phishing fraud conducted by the U.S. Air Force went out too well. Robert McMillan reported on NetworkWorld, “The e-mail said that crews were going to start filming ‘Transformers 3’ on Guam and invited airmen to fill out applications on a Web site if they wanted to work the shoot. The Web site then asked them for sensitive information.” The exercise went rogue when the information leaked out from their network to the public via e-mails and the like of Transformers fan sites. U.S. Air Force issued a statement to account for the incident, “Unfortunately, many of Andersen’s personnel responded to this inject and submitted their personal information to the Web site, and forwarded the information outside of Andersen.”

It is interesting to see how victims not only not realised they have fallen into the scam. Furthermore, helped in propagating it. It is interesting to see how trust are established among human (on the cyber space).Yet saddening to witness how scammers are exploiting such vulnerabilities of us.

Let see what we can learn from this incident… If I’m a scammer…

  • Spoofed e-mail address from an looks-like legitimate source

The first step of every phishing attacks. Social engineer the victim to believe it is neither a spam nor scam. E.g. admin1@emilonsecurity.com

  • I would use some catchy theme

I’m impress with the designer of the U.S. Air Force phishing exercise. Transformer sure is catchy, getting the victim excited and catch him/her off-guard. It is also proven that they will propagate the scam for you too! 😀

  • Have my victim create an account with me

Single-username/single-password syndrome. If I have these information, most probably I can access most of your accounts. According to the case study, most likely I would also get information like their name, address, date-of-birth, etc. I would also ask for their e-mail addresses (I could help myself to their e-mail account and propagate the scam if they don’t do it for me 😛 Mutual trust are already established between them isn’t it?), and two set of “secret questions” (a backup if my single-password syndrome attack fails). In addition, I could make full use of all these information gathered and conduct a spear-phishing attack, drastically improve the success rate.



A German was caught invading the privacy of 150 youngsters, using malware to manipulate webcams and spy on schoolgirls (German Webcam Hack Perv Suspect Cuffed).

I’ve also found a number of similar past incidents from The Register:

The New Koobface Malware?

I received quite a number of malicious emails from a friend of mine via the Facebook Messenger this morning. It’s rather easy to tell that it’s a malware.

  • The email that display the message provides a link (screenshot 1), whereas, viewing the message via Facebook does not (screenshot 2).

Screenshot 1

Screenshot 2

  • My email address is part of the parameter in the URL (screenshot 1); a generic characteristic of a malicious link.
  • Looking at the target recipient of the message (screenshot 2), it’s suspicious that all the names beginning in J and K.
  • The message is sent from a friend of mine whom I rarely contact.

It’s something similar to the faced out Koobface malware (2008). I’m not very sure if this malware is a new version of Koobface malware, but it does have similar behaviors.

Security message (Quoted from ESET on the Koobface malware): “Don’t trust this new message or any like it sent to you via social network like Facebook. And of course, make sure your antivirus software is always up-to-date.”

To read more about Koobface Malware: Koobface Malware makes a Comeback (http://news.cnet.com/8301-1009_3-20002112-83.html)