We’ve written about the dangers of identity theft on Facebook at ReputationDefender Blog before, but this post from the SNOsoft Research Team Blog takes the issue to a whole new level. Written by Adriel Desautels, CTO of Netragard, L.L.C, a network and information security firm, the post explains how Facebook users can be easily duped into exposing their company to attack.
From the article:
Lets start off by talking about the internet and identity. The internet is a shapeless world where identities are not only dynamic but can’t ever be verified with certainty. As a result, its easily possible to be one person one moment, then another person the next moment. This is particularly true when using internet based social networking sites like Facebook (and the rest).
Humans have a natural tendency to trust each other. If one human being can provide another human with “something sufficient” then trust is earned. That “something sufficient” can be a face to face meeting but it doesn’t always need to be. Roughly 90% of the people that we’ve targeted and successfully exploited during our social attacks trusted us because they thought we worked for the same company as them.
The author goes on to explain in vivid detail the method by which he and his team were able to successfully infiltrate their client’s defenses. By posing as an employee of the company, and becoming Facebook friends with actual employees, the hackers were able to trick their “colleagues” into clicking a link which took them to a fake website, a tactic commonly known as phishing. The information provided through the phising site gave the hackers access to nearly all of the company’s network.
We used those credentials to access the web-vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc. It was game over, the Facebook hack worked yet again.
While Mr. Desautels was working to protect his client, there is not much stopping dangerous hackers from utilizing this method for their own means. This is why, more than ever, it is important to be proactive in protecting your online reputation. In many ways, the Internet is like the new wild west. Identity theft, defamation, and slander run rampant with scarce oversight and little legal recourse for victims. Taking care of your online reputation and showing discretion in social networking is key to protecting your identity in the information age.
1 comment so far ↓
[...] written about the dangers of hackers on Facebook before, but this presents an entirely different threat. Just imagine the possible abuses. [...]
Leave a Comment