According to News.com.au, dozens of diplomats attending the 2011 sixth G20 summit in Cannes were snared.
The tempting message that masked the Trojan was sent to the finance ministers and central bank representatives that attend these summits.
All that was needed to get those high-value espionage targets to click were these nine words:
To see naked pictures of Carla Bruni click here
The nude photos were legitimate: Ms. Bruni, now using the name Carla Bruni-Sarkozy, is a pop singer and former supermodel who married the French President Nicolas Sarkozy in 2008. At the time of the phishing attack, she was France’s first lady.
While the victims eyeballed the nude photos, malware invisibly infected their computers, as well as replicating and forwarding copies of itself to others.
Somebody the Daily Telegraph calls “a government source in Paris” told the news venue that just about everybody who got the message fell for it:
Almost everybody who received the email took the bait.
The purpose, target, effect and origin of the attack are still apparently unknown and under investigation.
It’s worrying that such a low tech attack can still be effective, especially against those in the upper echelons of power. Sure, it can be hard for humans’ to block their most basic impulses but there is a long, sordid and well publicised history of attacks like this and there can be no excuses for G20 attendees being so foolish and unprepared.
We trust that Naked Security readers will be more careful where they click!
Image of Carla Bruni-Sarkozy By Remi Jouan via Wikimedia Commons