Nov 13, 2008

This is Getting Stupid

Frank,
This is getting stupid.

I'm getting all kinds of warnings this morning about Cyber Security testing us with "phishing" emails, trying to trip us up.

Here's one I got.

Note that the email comes from lans-llc.com, which is the website of our employer, and the link we're supposed to, umm, not click on is also hosted by our employer's website.

I'm confused now. How will I ever possibly be able to tell when something coming from our own employer is or isn't something I should act upon?
-Anonymous

Anonymous,
You have been given an opportunity to excel. Create a folder in your email program called "Phishing" and file every stupid request you receive in it. Imagine the time savings! As an added bonus, you can refer back to this folder should you ever forget how to spell "user-fieldly" or "security procaution". How's that for 'refining your expectations'?
Frank


> From: ***
> Date: November 13, 2008 8:14:47 AM MST
> To: nmug@lanl.gov
> Subject: Re: Phishing Email Warning
> Reply-To: ***


> There is also this one, which I
> am told is also a phishing
> attempt...

> ----------------------------
> Original Message
> ----------------------------

> Subject: LANS Employee Survey

> From: "Dustin Andrews"

> Date: Wed, November 12, 2008 6:42 am
> To: "Undisclosed Recipients"
> --------------------------------------------------------------------------

> Dear LANS employee,


> As an employee of LANS/LANL, you
> have been identified to
> participate
> in the yearly LANS-LLC 360 degree
> feedback survey process. The
> purpose of

> this feedback is to gain your
> perspectives about how we (LANS)
> are meeting our employee's
> expectations and needs.

> Below is a link to the online
> survey. Your responses will be
> kept completely confidential.
> The survey is web-based. Your name
> will not be attached to any
> results. The survey is
> user-fieldly and you should
> be able to complete it within 15
> minutes or less.


> We appreciate your willingness to
> participate and value your
> feedback. Our hope is this
> process will help us meet and
> refine your expectations. Your
> response will help shape the
> future of LANL and
> LANS and is very important.

> While all data collected will be
> kept confidential and
> anonymized, as a security
> procaution you will be asked to
> authenticate with your LANL
> one-time passcode. Additional
> validation information may also
> be requested.

> To begin, please click the
> survey URL below:

> http://www.lans-llc.com/employee_survey_FY09.html

> our participation is greatly valued.

25 comments:

Anonymous said...

Here's a simply solution. If LANS and NNSA wish to play these dirty games with their employees, don't respond to *ANY* further Emails, whether from your Group Lead, AD, or even Mikey, himself. It's the only safe solution to take at this point in time.

LANS and NNSA appear to be looking for a way to find "culprits" to hang high, so protect yourself. Morale is just going to keep sinking lower and lower if they keep this stuff up. Stress is already high enough among LANL staff without making things even worse.

Anonymous said...

The listed lans-llc.com web page has a "Weblink Contact" link that returns: help@lanl.gov

I suggest that employees who receive this possibly bogus message send Email to this address at help@lanl.gov and ask them what is up and whether the lans-llc.com site is to be consider a bogus site.

The same Email question should also be sent to LANL's cyber-security office. I would love to see their response.

Anonymous said...

After a search for domain names the following waws found.

lans-llc.com

Make an instant, anonymous offer to the current domain registrant. Learn More




The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.


Registrant:
LANL
P.O. Box 1663
Los Alamos, New Mexico 87545
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: LANS-LLC.COM
Created on: 10-Nov-08
Expires on: 10-Nov-09
Last Updated on: 10-Nov-08

Administrative Contact:
Sullivan, Joyce joyces@lanl.gov
LANL
P.O. Box 1663
Los Alamos, New Mexico 87545
United States
(505) 665-4996 Fax --

Technical Contact:
Sullivan, Joyce joyces@lanl.gov
LANL
P.O. Box 1663
Los Alamos, New Mexico 87545
United States
(505) 665-4996 Fax --

Domain servers in listed order:
NS15.DOMAINCONTROL.COM
NS16.DOMAINCONTROL.COM


The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.

gbosen said...

Forward any email with a link to Cyber Security asking if its Phishing.

Anonymous said...

The old LANS domain was "lansllc.com". It went out of service back in late 2007.

The whois data shows the domain of "lans-llc.com "was bought by LANL on November 10th of this year through GoDaddy.

This is the same ruse that was pulled last month over at PNNL. It's apparently being mandated by DOE. The result at PNNL was a bunch of bad publicity and a day without internet so that everyone could take mandatory cyber-security classes.

You can be sure at least a few clueless employees at LANL will fall for this ruse and the result will be the ol' Nanos style shut-down for mandatory cyber training as punishment. In fact, LANS probably already has the training material ready to go.

What other organizations pulls sleazy crap like this on their own employees? Shutting down LANL for a day of cyber-security training will cost the government about $4 million and will produce lots of bad publicity for LANL. It will also give Congress yet another item with which to bang over the head of LANL.

It's time to pull LANL out of the clutches of a badly broken DOE and hand it over to DOD. All DOE seems to know how to do these days is to beat up on their labs. We don't deserve this type of crap.

Anonymous said...

Ha-ha, DOE. This was really funny. I suppose that some DOE f*cktard is now going to get a big reward for coming up with this sleazy stunt. Perhaps it's the same DOE f*cktard who came up with the bright idea of a mandatory DOE "branding" campaign with lame DOE logos to be pasted on everything in sight at the labs.

Geeze, where does DOE HQ dig up these people?

Anonymous said...

This stunt begs the question: Where does the lans-llc server reside and how does traffic get routed to it?

Do the passwords this LANS bogus site capture go through the open internet to reach this server? If so, then it looks like LANS may have taken a made-up security threat and turned in to an real one!

Anonymous said...

How many successful hits by this bogus site will it take to trigger a LANS decision to stop all work for mandatory security training? At PNNL, it was reported that over 400 people were duped.

Will 100 successful hits by this site cause a $4 million per day work stoppage at LANL? How about 10? Maybe just 1?

Anonymous said...

PNNL taking day without cyberspace

By Annette Cary, Herald staff writer - Oct 31, 2008

RICHLAND -- There will be no cruising around the Internet or checking e-mail today at Pacific Northwest National Laboratory.

Computer screens are going largely dark.

It's a reminder to employees of the importance of maintaining computer security after some employees fell for a trick to download fake "malware," or malicious software, as part of an audit of the lab's cybersecurity.

The national lab in Richland plans a computer stand-down today. Employees will spend much of the day in training sessions -- in which they will be allowed to use their computers -- and in meetings to learn how and why to protect the lab's computer systems from intruders.

"This allows management and staff to have uninterrupted focus on understanding the need for a solid cybersecurity system at PNNL and on the responsibility that each individual employee has to ensure the network is safe," said Mike Talbot, a Department of Energy spokesman.

Shutting down much of the computer system is intended as "kind of a wakeup call," said lab spokesman Geoff Harvey. It will demonstrate how work at the lab would have to be done if a cyberattack were successful, he said.

The lab does classified work for the Department of Homeland Security and the Department of Defense, and research it does for private industry may be proprietary.

"Putting that at risk is just not acceptable," Harvey said.

There may be some loss of productivity as employees try to get some work done in between cybersecurity sessions today with limited software operating on the lab's computer network, but the inconvenience should help drive home the importance of tight cybersecurity, he said.

The stand-down was planned as a result of a DOE test of cybersecurity systems in May.

About 450 employees were sent an e-mail message that "looked very official," Harvey said. They earlier had been notified that they would need new training for security badges.

The phishing e-mail they then received as part of the cybersecurity audit directed them to go to an Internet site and follow directions that included clicking on a button that supposedly would change printing parameters for a training certificate.

Although the website appeared to be an official DOE site, it actually was an impostor site that ended with the suffix ".net" rather than the ".gov" used by DOE. Employees who clicked on the button allowed the DOE audit team broad access to the lab's unclassified computer network.

About 10 percent of those who received the fake e-mail fell for the ruse, said Staci West, lab spokeswoman.

However, because it was only a test, there was no breach of security or loss of personal information.

"DOE believes that standing down the computer network for the day is the best way to highlight to PNNL staff the need to recognize, understand and respond appropriately to the ever increasing threats," Talbot said.

Anonymous said...

This may explain why ORNL is having a "cyber stand-down" on Friday, per the following message:

"Over the past several months, ORNL has been systematically implementing
cyber security measures to address vulnerabilities that were identified
during a DOE-HSS "Red Team" investigation. Corrective actions include
implementation of Least User Privileges, completing deployment of a new
central log analysis system which will include gathering and analyzing log
data from all workstations, implementation of the ANL Federated Intrusion
Notification/Response system, increasing user awareness of the threats and
becoming aware the impact that a real incursion can have on work and
productivity.

On Friday, November 14 from 10:00 a.m. to 2:00 p.m ET, ORNL will implement
a planned stand-down of the Laboratory’s cyber network. The goal in this
activity is to generate awareness of what the Laboratory’s response would
be during a real cyber attack. Access to the internet will be blocked and
e-mail to or from external mail addresses will be queued for delivery after
the stand-down."

Anonymous said...

Yep, after looking at this ORNL story, I predict that manufactured outrage by our management toward the staff and a security "stand down" are already in the cards for LANL, regardless of the outcome.

It's all been planned out in advance by the goon squad over at DOE HQ.

Anonymous said...

Why, oh, why would any top rated scientist want to work for a DOE lab any longer? DOE is slowly killing off science in the United States. Just using an everyday PC for doing work at these labs is going to soon become next to impossible.

Heckavajob, Sam Bodman!

Anonymous said...

The cyber police now have management wrapped around their fingers. Solution: Don't wait for morons who are trying so hard to not only disrupt computing but create one more disruption in the eyes of Congress. They need this validation of their existence to DOE, to say "I told you so.." Just shut down your computer, lets have a moritorium on our own terms. Get to work in your lab, office, clean up your desk, do something else besides waiting to grab their bait.

I have tried this a few times recently (left PC OFF all day); its amazing how many phone calls and personal visits were made. Would we make news if the Lab employees decided, on their own, to stop using the Internet for a day, irregardless of what DOE sez? Would we get spanked for it?

Anonymous said...

Sam B. is history soon. Stay tuned.

Anonymous said...

Of course, for that one-day stand-down for computer security training, you will have to charge you programs, not overhead. Although, this kind of training is appropriately an overhead charge, LANS wants to keep the overhead rates low.

By the way, Mikey would like to charge your program code for his training.

Anonymous said...

I'm all for shutting down the pc for an indefinite period. Let the front office deal with my time sheets and travel on the dammed new "Oracle".

Anonymous said...

This sure reads like entrapment. I would think that a person who got terminated for this would at least have a case of sueing the individual who directed the implementation of this nonsense.

It is time that individuals get some accountability for actions which have adverse consequences to individuals.

Anonymous said...

This is how it will go down. At least one person will fall for the phishing scheme. DOE will have a stand down at LANL for one day. Since LANL is the only lab that the public knows about the news media
will have a field day and dig out the old news story on Wen Ho Lee, the fire, the standdown, the meth, and the the Mustang. Another huge scandal! Wallace could be the lab spokesman saying how they are going to punish those dam scientists and how much he will enjoy it. Ya Ya Palin 2012! Someone has got to pay for Obama 2008. Bill O will say look... Obama comes in and LANL goes bad!!!! Told you so.

2014 the lab shuts down for good and praise
Jesus for that! 2016 those who know Mandarin can speak to our new colonial masters.
It will turn out that Jesus already did come back but he died a second time in Waco 1993.

8500 AD, the United States will be remembered only as a single point of Earth history on a quiz show in
Pluto.

Anonymous said...

Mandatory shutdown and manufactured outrage from DOE is coming to LANL, just as it has to every other DOE lab.

They've even got the exact date for LANL's mandatory training already marked on the calendar.

All that is left to be done is for some weasel within DOE HQ to make the phone call to POGO and CBS News telling them how awful thing are over at LANL.

Anonymous said...

2014 shutdown? Works for me.

Anonymous said...

"2014 shutdown? Works for me.

11/15/08 1:56 AM"

Ya cool just watch out for 2016.

Anonymous said...

"Sam B. is history soon. Stay tuned."

Any insight/rumors on who will be replacing current DOE/NNSA political appointees?

Anonymous said...

Obama will be picking T. Boone Pickens, creator of the "Pickens Plan" for energy, to be the next DOE Secretary. You heard it here!

Anonymous said...

Sec Energy is usually a throwaway. Gas back around $2/gal for now. Maybe the Gov of Michigan - no technical background and a Harvard law degree.

Anonymous said...

From the LANL NewsBulletin, posted 17 Nov 2008:

New information security training required for Laboratory employees

November 17, 2008
Must be completed prior to winter closure

New online training about information security is required for all Laboratory workers using a Laboratory computer.

"We're required to train all Laboratory workers on the new information security procedures in order to better protect our information," said Leslie Linke of the Chief Information Office (CIO).

Linke said all employees must complete the new annual information security refresher training, course number 47075 (or course number 47926 for employees who don't have an administrative-level cryptocard), before the Laboratory's winter closure begins on December 25.

Information security, formerly part of the annual security refresher training (course number 1425), has been expanded to provide employees a more comprehensive understanding of their responsibilities in helping the Laboratory meet its cyber defense requirements, said Linke. She emphasized that the new annual information security refresher is now required in addition to the annual security refresher training.

Beginning today the new training can be found through the Virtual Training Center. Employees receive credit for the course through the Virtual Training Center upon completion.