Between the lines
By John Klossner
the obama administration
plans to close
data centers this year.
the total floor space is
equal to 5. 5 football fields.
SOURCE: VIVEK KUNDRA, CIO,
U.S. FEDERAL GOVERNMENT, APRIL 2011
Visa, Gap Send
Phishing Becomes More Sophisticated
the suCCessful use of phishing emails to breach secure organiza- tions like Oak Ridge National Laboratory and EMC’s RSA security
division is a stark reminder of the serious
threat posed by a type of attack that was previously dismissed as low-tech.
The Oak Ridge lab last month disclosed that
sophisticated data-stealing malware had infiltrated its networks. The breach originated in a
phishing email sent to about 570 employees.
The email was disguised to look like a memo
about benefits changes written by the lab’s HR
department. When a handful of employees
clicked on the embedded link in the email,
malware was downloaded to their computers.
Such emails now appear to be the preferred
method for breaking into corporate networks,
said Anup Ghosh, founder of security firm
“You only need a very low click-through rate
to establish several points of presence inside
an organization,” Ghosh said. “If you have
1,000 employees in your organization and
you train them all on not opening untrusted
attachments, you’ll still have someone doing
it. This is not a problem you can train yourself
Exacerbating the problem is the growing
sophistication of phishing campaigns.
Organized cybercrime groups are using
convincingly crafted emails to target high-level executives and employees within the
organizations they want to attack. In many
cases, the phishing emails are personalized,
localized and designed to appear as though
they originated from a trusted source.
Increasingly, information from social networking sites such as LinkedIn and Facebook
is being used to make the targeted phishing
attacks harder to detect, said John Pescatore,
an analyst at Gartner. “With all the personal
information and friends lists people expose on
those sites,” he added, “it is not that hard to
craft a very personal-sounding email.”
– Jaikumar Vijayan
Credit card company Visa and clothing retailer Gap announced last
month that they’re using SMS text
messages to deliver updates about
promotions and discounts to Gap
customers’ mobile phones.
The system, which uses Visa’s
global processing network, will be
expanded to retailers nationwide,
Visa said, although no timeline was
Gap and Visa began a pilot of the
real-time text message system in
November. Customers enroll via a
secure website and are sent Gap
offers when they use Visa cards to
complete transactions that meet
certain criteria — for example, if
they buy something at a store in a
specified ZIP code. Once the offers
appear on their phones, the customers can take advantage of them
by showing the text messages to
Gap sales clerks.
Visa said that high-speed transaction processing helps retailers reach
potential customers with new offers
while they’re still out shopping.
Amy Carr, director of customer
relationship management strategy
at Gap, said the Visa system has
given the retailer new insights
into its customer base, leading to
improvements in the way it targets
promotions to people.
— MATT HAMbleN