I'd heard of \"social engineering\" before; that's a form of hacking that involves breaking into computer systems by getting secure information from people who have it. It can be done by calling up users and claiming to be a sysadmin and asking for their passwords, for example. Hard to defend against, since such defenses require an alert and informed user base.<\/p>\n
But now there's something new: the notion of a \"semantic attack,\" which at base seems to consist of making a person or system believe something that isn't true. The general approach is certainly not new; lying is a form of semantic attack. What's new to me is the paradigm that this is an effective form of attack on a computer system.<\/p>\n
Martin Libicki's interesting paper \"What Is Information Warfare?<\/a>\" includes this key point in Chapter 9<\/a>: \"A system under semantic attack operates and will be perceived as operating correctly (otherwise the semantic attack is a failure), but it will generate answers at variance with reality.\" The rest of that chapter is interesting but not so relevant to the current reality of semantic attacks.<\/p>\n And semantic attacks of a variety of forms are real. The usual canonical example is the faux press release that caused a severe drop in the price of Emulex stock in 2000. The recent manipulation of posted Yahoo news stories is a similar kind of semantic attack. And in a different direction, I've been seeing a lot of URLs lately that look like they go to some site but actually go elsewhere; this Crypto-Gram posting<\/a> explains what's going on with that.<\/p>\n