The Pebble and the Avalanche

Moshe Thumbnail
Current Revolutions in Business and Technology

by Dr. Moshe Yudkowsky,

author of The Pebble and The Avalanche: How Taking Things Apart Creates Revolutions

 

Fri, 2006-Oct-20, 05:08

Story Marker
Investor's Business Daily Newspaper Subscription List Stolen

Investor's Business Daily, the second-largest print and online newspaper devoted to financial news and information in the United States, has had at least a portion of its subscriber list stolen. As a result, subscribers receive unsolicited email marked "Finance.com" and "Quote.com" that offer tips about penny stocks; as you might imagine, I would rather heap my money up in a pile and set it on fire than purchase stocks based on these tips. These email messages have been arriving for about a week and show no sign of stopping anytime soon.

This email problem may also be related to phishing attacks against Investor's Business Daily customers, who receive email that purports to be from the newspaper but is actually sent by criminals. Investor's Business Daily placed a notice on their home page to warn their subscribers about the phishing attacks, but I see nothing on their web site about loss of subscriber information.

The evidence for the theft of Investor's Business Daily's email information is straightforward. As I've noted here and elsewhere, when a company asks me for an email address I create one for the exclusive use of that company. If the company misbehaves I can turn off that email address; and I can also determine how that email address is used. The recent spam messages touting penny stocks came from various fake addresses, but they were all addressed to an email address that was assigned for the exclusive use of Investor's Business Daily.

Security expert Bruce Schneier recently noted an important article about "targeted" viruses, i.e., a deliberate attempt by a virus writer to selectively attack a lucrative target, which yields important information but avoids the attention that accompanies a large-scale attack against the entire Internet. I certainly don't know how Investor's Business Daily lost control of their subscription list, but I do know that if I were investigating this problem, a targeted attack is the first thing I'd check.

Comments are temporarily disabled while we work on anti-spam measures.

Trackbacks are closed for this story.

[ 1 ]