If you have an Internet connection, you’re probably on Facebook. Despite this nearly ubiquitous use, it’s still fairly shocking how much information we and the network are willing to surrender. Our phone numbers, identities, interests, home address, email addresses, and other personally identifiable information is sitting in an insecure vault behind an easily crackable password. And if you are a hacker, you’re more than aware of this.
Rob Rachwald, Director of Security and Strategy at Imperva, a security firm in California, revealed to us the many strategies that hackers are using to gain access to your personal information and credit card info, all through Facebook. “In general Facebook is not written to be secure. In fact the purpose of Facebook is to violate your privacy as much as possible. So what you’re doing in essence, you’re getting closer to people through an electronic medium at the expense of divulging information about yourself. That’s their business model.” But Rachwald credits Facebook for avoiding massive data breaches, like the Korean social networking competitor CyWorld that was speculated to have 35 million passwords stolen by the Chinese government. In many instances, Rachwald says, it’s actually the users that are divulging too much information or signing up for different sites, although Facebook is not without fault entirely since its platform is inadvertently hosting malicious activities.
With that in mind, here’s a 101 course on what Facebook hacks and attacks you need to keep an eye out for.
Hacker strategies
Picture trolling
While this is an earlier practice that people would use to make money from, it’s evident it still goes on today. Facebook “friends” would sell images of attractive women, usually found in a user’s public Facebook album, to porn sites or publish them on public forums that would then circulate around the Web and without the users’ consent.
Friend-mapping
People have gotten smarter these days and are using more sophisticated measures, Rachwald tells me. One trend he’s noticed is hackers that are emulating profile information about an existing user and using that profile to deceive the victim’s friends into befriending them again on Facebook. What this means is that a hacker will create a new profile with the same or similar information about that person, including the profile photo, and “re-friend” all of the victim’s friends. In a matter of a few days, the profile created under misleading pretenses could have access to several hundred friends, while in the background a crawler is downloading all the personal data about these new “friends,” including email addresses, phone number, pictures, and other information.
One instance where this could be a particularly dangerous attack is that these “hackers” could ask the victim’s Facebook friends for money due to financial duress – and they might indulge, given that it appears that the request is coming from the friend.
Organizational-Mapping
If you’re in an authoritative position and a hacker wants to target you, organizational mapping is one strategy that professionals should be vigilant of. It’s not only on Facebook, and Rachwald says that it’s more of a threat on LinkedIn. Hackers will find out information about the friends of the victim through Facebook and find out who their best friend is. By assuming the false identity of the victim’s “friend,” the chances are greater that the victim will be comfortable clicking on a link with a virus, malware, or spyware embedded in the opened website. This is especially dangerous for individuals like bankers, politicians, and other authoritative professionals.
A tip for anyone who’s wary of opening up suspicious URLs, even if it is from a friend, a personal favorite that I like to use is VirusTotal.com.
Geolocation information
What few of you might realize is that all of the photos that you take on a smartphone with GPS logs the exact location where you’ve taken that photo. So if you’re sharing these images to Facebook or another social network for that matter, and you’ve take
Rob Rachwald, Director of Security and Strategy at Imperva, a security firm in California, revealed to us the many strategies that hackers are using to gain access to your personal information and credit card info, all through Facebook. “In general Facebook is not written to be secure. In fact the purpose of Facebook is to violate your privacy as much as possible. So what you’re doing in essence, you’re getting closer to people through an electronic medium at the expense of divulging information about yourself. That’s their business model.” But Rachwald credits Facebook for avoiding massive data breaches, like the Korean social networking competitor CyWorld that was speculated to have 35 million passwords stolen by the Chinese government. In many instances, Rachwald says, it’s actually the users that are divulging too much information or signing up for different sites, although Facebook is not without fault entirely since its platform is inadvertently hosting malicious activities.
With that in mind, here’s a 101 course on what Facebook hacks and attacks you need to keep an eye out for.
Hacker strategies
Picture trolling
While this is an earlier practice that people would use to make money from, it’s evident it still goes on today. Facebook “friends” would sell images of attractive women, usually found in a user’s public Facebook album, to porn sites or publish them on public forums that would then circulate around the Web and without the users’ consent.
Friend-mapping
People have gotten smarter these days and are using more sophisticated measures, Rachwald tells me. One trend he’s noticed is hackers that are emulating profile information about an existing user and using that profile to deceive the victim’s friends into befriending them again on Facebook. What this means is that a hacker will create a new profile with the same or similar information about that person, including the profile photo, and “re-friend” all of the victim’s friends. In a matter of a few days, the profile created under misleading pretenses could have access to several hundred friends, while in the background a crawler is downloading all the personal data about these new “friends,” including email addresses, phone number, pictures, and other information.
One instance where this could be a particularly dangerous attack is that these “hackers” could ask the victim’s Facebook friends for money due to financial duress – and they might indulge, given that it appears that the request is coming from the friend.
Organizational-Mapping
If you’re in an authoritative position and a hacker wants to target you, organizational mapping is one strategy that professionals should be vigilant of. It’s not only on Facebook, and Rachwald says that it’s more of a threat on LinkedIn. Hackers will find out information about the friends of the victim through Facebook and find out who their best friend is. By assuming the false identity of the victim’s “friend,” the chances are greater that the victim will be comfortable clicking on a link with a virus, malware, or spyware embedded in the opened website. This is especially dangerous for individuals like bankers, politicians, and other authoritative professionals.
A tip for anyone who’s wary of opening up suspicious URLs, even if it is from a friend, a personal favorite that I like to use is VirusTotal.com.
Geolocation information
What few of you might realize is that all of the photos that you take on a smartphone with GPS logs the exact location where you’ve taken that photo. So if you’re sharing these images to Facebook or another social network for that matter, and you’ve take
No comments:
Post a Comment