The U.S. Government seems to be leaking a lot these days. After the WikiLeaks scandal, and the leak of the plan to stop leaks, we’ve heard about another leak. Two days before Christmas, an unknown number of government employees opened a greeting email that looked like it was from the White House. Normally, that’s no big deal, but this email contained a surprise gift.
Here’s what it said:
As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500
People clicking on the links in this phishing email, downloaded a trojan called ZeuS. If they installed it, their computers proceeded to send out all of the Word and Excel documents to a hacker’s website. It appears that this hacker only wanted information that he could later sell.
Here’s what the greeting card website looked like.
(image from KrebsOnSecurity)
I don’t think I should have to tell everyone this, but you should never have to download a greeting card. If you are asked to do this, exit the web page immediately.
Someone should have told the government employees about stuff like this. Very sensitive documents were stolen because the employees didn’t know about the high-risk practice of downloading from unknown websites.
Some of the documents were identified as coming from such places as the National Science Foundation, the Massachusetts State Police, the Financial Action Task Force, the Millennium Challenge Corporation, and many other .gov sites.
The US Government is now proposing that people use an Internet ID card to protect their privacy. Would you trust them to know how to guard your private information?