Search results for: Men in black

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

10/18/12 Update: 2006 posting at forum – where Russell Handorf still contributes using his “grey hat hacker” handle “satanklawz” – suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being “friends” with Handorf but still won’t answer any real questions; Chet Uber offers to have Lamo “interview” me – Neal Rauhauser, who claims he has nothing to do with Project Vigilant, suggests I should accept offer – which I will, after they start giving serious answers to my serious questions first; Project Vigilant submitted bid for Voice Stress Analyzer request by BoP to detect if inmates are lying.

Highlights: At college, Russell Handorf used to illegally “sniff” networks for free web access; Decade ago, hosted Adrian Lamo website where he used to be known as “satanklawz”; Defended Lamo online in web forum postings; In 2003, wrote that fugitive Lamo’s enemies might DoS the NY Times, attack investigators; Provided details on web on how to access potential Comcast customers’ private info; Wrote “Fear Not: Hacks, Attacks and Cracks” column; After Philadelphia InfraGard Board of Directors gig, former “grey hat hacker” joined FBI in September of 2009.

[Editor’s Note: Before publishing this article I emailed both Russell Handorf and Adrian Lamo to ask them questions about their past and possibly present relationship, but neither one got back to me. I’ll gladly correct any errors or add comments if they change their minds. My last two articles provide more background on Adrian Lamo, Neal Rauhauser, Project Vigilant and the Bradley Manning case: Bradley Manning Facebook friend was a security and risk management expert and More members from secretive, oddball Project Vigilant group revealed. Article by Ron Brynaert]

The following screenshot was the front page for a website owned by a “Grey Hat hacker” who the FBI hired to be a computer scientist for its Philadelphia Cyber Squad in 2009: