No chance of dismissal.
This all happenned because she was desperate for a hot man. All the prospective hot men in management will be queueing up for her next assignment.
A Nigerian man was sentenced to 18 months in prison after tricking a NASA employee into clicking on an email attachment that installed malware on her government-issued computer. According to a Justice Department press release, the unnamed Washington-based employee received the email from an individual she had had met on an …
but I've never been caught out, did a little digging of my own when I 'apparently' won an Irish lottery - never having been to Ireland, but even with my non existent resources, I found a name - connected to various email scams, an address based here in the UK, but unfortunately couldn't find anyone interested in pursuing the matter further.
Another scam, some stock market thing, I came across led to a telecommunications company in Spain, but again, nothing I could do with the information.
A Nigerian prince did email me, but I just deleted it.
Perhaps I should send the info to NASA, they seem to give an fsck, unlike the British government.
As long as the users are human, they will click on attachments, follow links, and do anything else that might satisfy their curiosity - however much they're told not to. It's the sysadmins job to make sure that no damage results; it's the sysadmins' manager's job to make sure that they are getting this done.
Back in December 2006, the US DOD started to block all HTML-encoded mail messages, inbound as well as outbound. HTML-encoded mail messages serve three purposes: distribution of spam, installation of malware, phishing. Plain text messages without any encoding work fine for everything else. How long is it going to take for NASA and DOE to figure that out? It really pisses me off that at DOE research labs we virtually lost our Internet and (!) local network because of "security" (a topic in itself), while at the same time the most basic measures are not being implemented.
They used at least four investigatory agencies over two continents to catch a simple phishing scam and all because it was a NASA employee and a gov' issued computer ( no mention of wether there was any sensative info on it).
If they can expend that kind of budget on one case, why can the authorities at least look at some of the big money scams that are pulled on joe pub'ic?
Is it because they don't need to be answerable to the great unwashed that pay their wages?
Skull & crossbones 'cuse there is no red flag. Come the revolution etc.!!!!
Indeed, the article (mis-)reads "The success this international team had in identifying the culprit is impressive. But it's important to note that this breach never would have happened without the cooperation of one very gullible (and likely delinquent) NASA employee."
No, actually, it's important to note that this SUCCESS would never have happened without a NASA employee involved. Come on.
Spot on....
The girl was conned by someone she thought she'd established some sort of trust relationship with. Not the same as clicking on a link from someone you've never heard of.
The security business has to accept that the end user will always do something that appears to us to be mindblowingly dim.
Our job is damage limitation...... live with it.
See, it's like this... '419', 'Nigerian', 'fraudster', 'scam', 'con', phishing', etc, etc.
All interchangeable terms. '419' is just a generic term for Nigeria's main industry - not to mention that of the ex-pat Nigerians in other countries - AND the wannabes of all races all over the world.
Plus, '419' has the merit of being short and pretty well understood...
Might interest all to know that, back before the interweb was 'invented', I had an interesting business relationship with some Nigerians in London. Their 'business' consisted of - what a surprise - credit/bank card and cheque fraud. From the proceeds of which they lived an amazingly affluent lifestyle. It's a long standing tradition.
When I received my first 419 email it came from within the European Union (from a big-name Internet cafe in Holland.) I printed it out and took it to the Police station thinking that if the person was in Europe I might be able to spoil his day. The Policeman I spoke to was very pleasant but said he couldn't do anything because under UK law no crime had been committed as I hadn't actually sent this person any money and got defrauded.
This is really cool... I can attempt to commit fraud as often as I like and the Police can't/won't touch me for it. I only have to be careful when I actually do steal the money.
I sent the email with headers to the administrator of the Internet cafe and received a response. The response was that it wasn't his problem what people were doing in his cafe.
Next I though "what the heck" and tried to report the matter to the Dutch Police. Their website contained no useful contact details.
I went to more trouble than most people would, just for the fun of it and got nowhere. Is it any wonder this kind of scam is flourishing?
The user clicked on a link, which resulted in a program being INSTALLED?
Don't they know how to lock down PCs there?
Or, what about their anti-virus software?
NASA = Naive Amateurs Stumbles Around?
Paris because... well... Even she can't be that dumb, can she?