Yesterday I wrote about a Web site promoting something called the Home Network Awareness Program. This site claims to be affiliated with the Department of Homeland Security and throughout the site makes it a point to appear as a legitimate community effort to help reduce the risks of terrorism by analyzing network traces of home networks and any available public network. While this is clearly a non-starter and farcical to a seasoned network security admin, people with a less jaundiced eye would easily accept this as a legitimate site.
However, if you check the blog Emery Martin of Brooklyn New York, the founder of the site, you'll see the following:
"The Neighborhood Network Watch (NNW) aims to address the lack of criticality being leveled at these areas, along with raising public awareness about the security issues with public networks, and revealing the malleable nature of information and data. It aims to do this by taking on the role of a government sanctioned community organization that is a hyperreal manifestation composited from current government agencies and potential future agencies." (Italics mine)
So, Mr. Martin is using his Web site to impersonate a legitimate government authority to obtain personally identifiable information that is in flight on home and business wired and wireless networks. I think we have an official term for this type of site, it's called a phishing site. Check out http://www.google.com/search?hl=en&rls=GGLG,GGLG:2005-42,GGLG:en&defl=en&q=define:Phishing&sa=X&oi=glossary_definition&ct=title to see the definitions of phishing and you'll find that the http://dhsnnw.org site meets these requirements.
What's interesting is that no phishing filters that I work with tagged this site. Maybe it's too new? Maybe it's not popular enough? Or maybe the people who search for phishing sites were fooled into thing that it was a legit site too.
The Register did a nice article on debunking this site, which you can find at http://www.theregister.co.uk/2008/04/24/neighborhood_network_watch_unmasked/ It turns out that Mr. Martin is a graduate student in Interactive Telecommunications at New York University's Tisch School of the Arts and the site is his Master's Thesis.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)