Harry Potter and the Plot-Spoiling, Phishing Scam

Phisher uses known black magic to steal secrets.

An attacker named "Gabriel" claims to have stolen the text of the upcoming "Harry Potter and the Deathly Hallows" from Bloomsbury Publishing by use of a phishing scam.

He has published what he claims are all of the plot points—including main characters who get killed and the final outcome of the seven-book series.

Gabriel says he used "the usual milw0rm downloaded exploit." The exploit entailed delivering to a Bloomsbury employee an e-mail with an invitation to click on a link, open a browser and click on a maliciously crafted animated icon that allowed the attacker access to the victims system.

"Its amazing to see how much [sic] people inside the company have copies and drafts of this book," Gabriel wrote in a posting on Insecure.org. "Curiosity killed the cat." (Ed. note: Spoiler alert: Do not click on the link to read Gabriels posting if you dont want to have the plot spoiled.)

milw0rm is a group of politically motivated "hacktivists" whose most famous exploit was penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. They have anti-nuclear and pro-peace agendas and, in this case, anti-Harry Potter and pro-Pope Benedict XVI.

"We did it by following the precious words of the great Pope Benedict XVI when he still was Cardinal Joseph Ratzinger," Gabriel said. "He explained why Harry Potter bring the youngs [sic] of our earth to Neo Paganism faith. So we make this spoiler to make reading of the upcoming book useless and boring."

Gabriel said he did it "to protect you and your families."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.