June 2010

One of the more common methods of spreading malware on the Internet is through social engineering. Most malicious activity is often successful because users are deceived into believing it is legitimate. Exploitation by social engineering is extremely lucrative and will likely significantly increase in the mobile market.
Phishing is the criminal act of attempting to manipulate a victim into providing sensitive information by masquerading as a trustworthy entity. This technique is a well-established, significant cyber threat, and mobile devices provide unique opportunities for phishing, including variants such as vishing and smishing.

Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services.VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.

The U.S. government is seeing "hints" that adversaries are targeting military networks for "remote" sabotage, the head of the Pentagon's recently launched Cyber Command said in his first public remarks since being confirmed last month. "The potential for sabotage and destruction is now possible and something we must treat seriously," said Gen. Keith B. Alexander, who also heads the National Security Agency, the nation's largest intelligence agency. "Our Department of Defense must be able to operate freely and defend its resources in cyberspace." Alexander spoke Thursday before more than 300 people at the Center for Strategic and International Studies in Washington. In remarks afterward, Alexander said he is concerned about the safety of computer systems used in war zones. "The concern I have is when you look at what could happen to a computer, clearly sabotage and destruction are things that are yet to come," he said. "If we don't defend our systems, people will be able to break them." James A. Lewis, director of CSIS's Technology and Public Policy Program, said advanced militaries are capable of destroying U.S. computer systems. "That wasn't true four years ago, but it's true now and Cyber Command will have to deal with it," he said. The Cyber Command, launched last month at Fort Meade, was created by Defense Secretary Robert M. Gates to streamline the military's capabilities to attack and defend in cyberspace, supported by NSA's intelligence capabilities.

 EFA is the only independent national organisation with a longstanding tradition of promoting online civil liberties. EFA was established in January 1994 and incorporated under the Associations Incorporation Act (SA) in May 1994. EFA is independent of government and commerce and is solely funded by membership subscriptions and donations from individuals and organisations with an altruistic interest in promoting online civil liberties.

Although EFA has been leading the Open Internet campaign against the Government's proposal to censor the Internet, that is just one aspect of our activities and interests. In addition to Internet censorship, EFA campaigns on a wide range of issues relating to Internet regulation, including copyright, defamation, R18+ for computer games, telecommunications, ISP liability, privacy, domain names, trade marks, and the digital economy.