18 August 2008

Satan is on my Friends List

Eleanor Dallaway

ID theft via social networking sites is all media hype according to Shawn Moyer and Nathan Hamiel. In their session on social networking at Black Hat, Las Vegas, the duo insisted that ID theft via social networking sites is not a problem.

“If you put information on a social networking site, assume it’s not private”, said Hamiel. “If you give your credit card to Facebook, you deserve to fail”, added Moyer.

Social networking sites are an ideal target for cyber-criminals. With millions of users, (Facebook is now in the top 10 most visited sites daily,) there are plenty of users to target.

“Applications are social networks biggest problems”, Moyer argued. “By adding an application, you allow the owner of the application to access all of your profile information. They can then keep your information offline, and can hang on to it”.

Hamiel added that social networking applications are coded by people “who really shouldn’t be coding”.

Adding applications can also reveal a lot about a person, which can be used for marketing purposes.

“Social engineering on social networks is diamond-tipped spear-phishing. It gives great ROI for targeted attacks”.

Profiling well-known people is trivial on social networking sites, as Moyer and Hamiel proved when experimenting with a well-known person within the industry. With his permission, they set up a profile and to add legitimacy, invited others within the industry to be his ‘friend’. Within twenty-four hours, many CSOs, CISOs, CISSPs, a journalist on a well-known security publication, and even his own sister had accepted his friend request.

This serves to prove that even the infosec savvy can be fooled.

More Black Hat news :

Phishy eco-system

Technology will always fail, says Angell of doom

Hackers and academics need to work together

 

<< News index