NATO cybersecurity is worse than it looked; a lot worse

Fake Facebook pages targeting NATO top general are tip of a very insecure iceberg

By  

This morning Sophos security's NakedSecurity newsletter ran advice called Five free tips to avoid falling for Facebook scams.

Rather than using the usual victimized computer-phobic grandmother as the news hook/human-interest-angle to the story, however, Sophos re-told the story about hackers suspected of being Chinese spies created a fake Facebook account for the Supreme Allied Commander of NATO in Europe.

The U.K.'s Guardian newspaper referred to the fake account as having the "sophistication and relentlessness" of attacks often referred to as advanced persistent threats and theorized that only a state-sponsored intelligence agency could have been behind the attack.

It's probably more accurate to say the attackers must have had at least the technological sophistication of the average 14-year-old American high school kid.

That might have made NATO look even more lame for not having detected or stopped the "attack" until an unspecified number of NATO and British military officials had friended the fake Admiral James Stavridis, allowing the fakers to harvest their private email addresses, pictures and phone numbers according to the Telegraph.

The fake NATO-commander page may have seemed more credible because Stavridis actually does maintain a genuine Facebook page on which he announced the end of the war in Libya last October.

There have been a number of other fake James Stavridis pages on Facebook, according to a NATO spokesperson quoted in the Telegraph.

No one is admitting how long any of the pages were up before being identified and deleted; this one managed to remain undetected for at least a few days despite regular efforts to identify fakes from Facebook, NATO itself and what the Guardian describes only as a "major defence company" recently awarded a 40-million-pound contract to bolster security at NATO headquarters and outlying offices in Europe.

Cold War? Call NATO. Cyberwar? Call someone else. Anyone else.

I admit, a laconic description of a quick-response-team's organization and goals and leisurely reaction to fake-Facebook pages may not be good indications of how effective NATO will be at defending itself against cyberattack.

Photo Credit: 

Reuters/Francois Lenois

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness