Too Suspicious?

bmcculley at rcn.com bmcculley at rcn.com
Fri Oct 28 22:26:01 EDT 2005


I don't think you are being too suspicious in carefully
vetting such online spam;  I do think it's going a bit far to
impute a governmental request that you get M$ software. 
That's beyond the line of attributing to malice that which is
most likely pure stupidity.

I'd say that even some superficial evidence seems to indicate
that this was a legit but incredibly stupid DoC official
communication (the email message headers would be stronger
evidence, but they are unavailable to me).  One key bit is the
contact info included in the message, with phone numbers that
are consistent with info on the BIS agency web pages.

I especially appreciated the very first line of text on the
survey page: "BUSINESS CONFIDENTIAL" on a publicly accessible
web page?  LMFAO!  Thanks for sharing that tidbit!

btw, does anyone else think that the TX location for the
registrant of that survey site smells like pork?



Or, another thought, is this a very sophisticated test
camoflaged as a stupid survey?  Given the publicity about not
opening attachments or responding to web links of unknown
trustworthiness, perhaps any legitimate supplier that
responded lost points on some covert security audit?  Or those
who didn't take the bait got points somehow?  hmm, isn't the
puzzle palace wonderful?


---- Original message ----
>Date: Fri, 28 Oct 2005 20:53:32 -0400
>From: Jim Kuzdrall <gnhlug at intrel.com> 
>Subject: Too Suspicious?  
>To: gnhlug-discuss at mail.gnhlug.org
>
>    This is a response to an implied request by the
government that I 
>get Microsoft software, among other things.  It came in a
survey asking 
>details about the IR night vision equipment produced at my
(one-man) 
>company.  My stuff is of a very rugged industrial variety,
and orders 
>of magnitude less sensitive than needed for night vision.
>
>    The original survey was in html (which I had to read as
plain text).  
>I don't know what it requested because I never opened the ".doc" 
>instructions that were attached.  The on-line survey form's
link does 
>not go back to bis.gov.  It goes to:
>
>   https://doc.inquisiteasp.com/surveys/WVZRYE
>
>    Has anyone heard of this outfit?
>
>    After some other queries, too detailed for here, I think
the survey 
>is legitimate but dangerously naive.
>
>    My response follows the quote.
>
>* * * * *
>
>On Friday 28 October 2005 03:55 pm, RONALD DEMARINES wrote:
>> October 28, 2005
>>
>> Dear Industry Executive:
>>
>> Several weeks ago, the U.S. Department of Commerce, Bureau of
>> Industry and Security (BIS) sent you an email with a
hyperlink to a
>> survey entitled Defense Industrial Base Assessment: U.S.
Imaging and
>> Sensors Industry. We are contacting you because the
original deadline
>> for completion has past and we have not received a survey
from your
>> firm. As noted in the original email, a response to this
survey is
>> required by law under the Defense Production Act of 1950,
as amended
>> (50 U.S.C. App. Sec. 2155). We are requesting your immediate
>> attention to this matter.
>>
>> Background:
>>
>> The BIS is conducting an industrial base assessment of the U.S.
>> imaging and sensors industry with a special focus on the
night vision
>> segment of this industrial sector. BIS will be analyzing
the industry
>> that provides products and services for defense,
>> commercial/industrial, and consumer markets.
>>
>> For the purpose of this assessment we are including in the
industry
>> sector: producers; component, material, and subsystem
suppliers;
>> technology providers; service providers; distributors,
wholesalers,
>> brokers, retailers; and public and private research
facilities (see
>> the attachment for a more comprehensive list of the types of
>> organizations and applications included in this sector).
>>
>> Requirement:
>>
>> Please complete and return the on-line survey indicated
above. If you
>> have any questions about this request or need BIS staff to
send you
>> another link to the on-line survey, you may contact Lani
Tito (202)
>> 482-8225, (ltito at bis.doc.gov ), Martin Canner (202) 482-2519,
>> (mcanner at bis.doc.gov ) or Ron DeMarines (202) 482-3755
>> (rdemarin at bis.doc.gov ).
>>
>>
>> Sincerely,
>> Brad Botwin, Director
>> Strategic Analysis Division
>
>* * * * * *
>
>Greetings Ronald Demarines,
>
>    I will not respond to this survey, if indeed you are
legitimate, 
>until I receive it by First Class Mail on Government
letterhead.  At 
>least that way, if I am blamed for allowing unauthorized
mapping of our 
>military night vision industry, I will have a piece of paper
to justify 
>the level of deception.
>
>    If you are just naive about security matters, let me
point out some 
>mistakes you have made:
>
>    1) I have no way to prove where this email (or any other) 
>originated.
>
>    2) Judging from the name of the file you wish me to open,
the survey 
>is in a proprietary format, Microsoft "doc".  I am running
Linux.  I do 
>not have any licensed software to open Microsoft's format. 
Without 
>licensed software, I have no way to know the information is
correctly 
>presented - if indeed I could get it open at all.
>
>    3) The "doc" format permits macros which can implant
spyware and 
>other unwanted programs in my computer.  A prudent person
does not open 
>picture files, html files, or macro-capable word processor
files that 
>arrive by email.  If you wish your surveys to be read, send
them in 
>plain text.
>
>    4) The link to return your original survey did not go
back to the 
>government.  It went to an IPS in Texas and then to a west coast 
>company that is totally unknown to me.
>
>    5) Sending unencrypted information via the Internet is as
private as 
>publishing it in every newspaper in the world. 
>
>    6) You are apparently unaware of the communication I had
last week 
>with BIS or the result of the communication, indicating that
you are 
>not in close touch with that organization. 
>
>    If I had vendetta against the US in mind, I would love to
have the 
>verified locations of the premiere high technology infrared
industry 
>sites.  I could quickly get my moles into the best locations.
>
>    If you think me too suspicious, blame it on 40 years in
the Cold War 
>and the President's directive that we are "at war" against
the deadly 
>terrorists.
>
>James A. Kuzdrall
>
>_______________________________________________
>gnhlug-discuss mailing list
>gnhlug-discuss at mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss



More information about the gnhlug-discuss mailing list