St. Louis Police Department Victim Of Spyware Attack
According to the St. Louis Globe-Democrat, KMOX.com, and FOX2now.com the Saint Louis Police Dept. has been under attack. It’s a very attractive headline until you pick apart the articles.
24 people may have had their personal information compromised following the cyber attack of one computer in the St. Louis Metropolitan Police Department, authorities said.
This more than likely means that the infected computer contained the personal information of 24 people. This was probably not a direct attack, or a real attempt to gather information.
More than likely a staffer opened an e-mail attachment and got infected. This happens everyday to common people, and it does not make headlines.
Attacks usually occurs against websites and networks. It is usually an attempt to hijack a website or overload servers and network equipment to the point that they become unresponsive, or become a real pain to use.
The attack came through an e-mail in February. The department’s website was not attacked in any way, according to police spokeswoman Erica Van Ross.
If the virus/spyware was meant to scan witness lists, criminal lists, etc. It would be careless to send it through e-mail. Most mail servers (Exchange, Lotus, etc.) has server specific virus scanners on the computer that scans incoming and outgoing messages for viruses embedded in the attachments.
One thing 90% of virus scanners can do is detect threats in e-mails, so a smart hacker would not entertain sending viruses through e-mail, because the rate of detection is extremely high.
Companies that cannot afford to maintain a mail service should use Google Apps for domains, because all of the mail security you will ever need is provided by Google, and maintained on their servers.
The names, addresses and social security numbers of the 24 people may have been viewed. They have been identified and will be notified so they can take steps to prevent identity theft.
All 24 were involved in incidents in 2002, 2003 and 2005. Police say some of the cases may already be closed.
The keywords are “may have been used.” 9 times out of 10, a dumb spyware program riding on the back of an e-mail as an attachment will not be specific enough to scour and interpret the information stored on that computer.
A party who was truly interested in that information would not use this inefficient method, and especially not to target one particular computer.
The department will assist the victims in credit protection services. The department is also re-evaluating its security system.
Pretty assuring from a department who doesn’t have an adequate firewall, and or mail security system setup.
I am sure re-evaluating means firing somebody on staff, or searching for another company to setup and manage their security system, who will push for a complete overhaul of the network and server environment, which would lead to retraining staff on updated equipment, new servers, expensive security contracts, etc.
This is highly likely if they plan to act on their statement. However, with the City of St. Louis finances as low as they are, I would not be surprised if nothing was done at all.
Protect Yourself from Spyware and Viruses
Don’t let this be you! Get a good firewall. If you are a business check into
WatchGuard Firewall, or some of the Juniper or Cisco solutions. Residential DSL subscribers should upgrade to a 2Wire Gateway solution. Cable Internet subscribers should purchase or request an Ambit Router from their provider.
Get yourself some protection. Businesses should consider outsourcing mail, but if you insist, look into AVG Email Server Edition. Residential customers will be adequately covered with AVG Internet Security
.
As always, if you need help for your own computer reach me at LivePerson, if would like to upgrade the security of you business or outsource your e-mail chat with me on oDesk.
On a Humorous Note
Breaking News: Some Bullsh*t Happening Somewhere
If you are offended by cursing, cussing, profanity, whatever, do not view! However, you will be missing a very funny clip, that kinda summarizes this evenings local news coverage of the St. Louis Police Cyber Attack.
