How hackers find your weak spots
- 20 October, 2009 03:29
While there are an infinite number of social engineering exploits, typical ones include the following:
Stealing passwords: In this common maneuver, the hacker uses information from a social networking profile to guess a victim's password reminder question. This technique was used to hack Twitterand break into Sarah Palin's e-mail.
Friending: In this scenario, a hacker gains the trust of an individual or group and then gets them to click on links or attachments that contain malware that introduces a threat, such as the ability to exploit a weakness in a corporate system. For example, says Netragard CTO Adriel Desautels, he might strike up an online conversation about fishing and then send a photo of a boat he's thinking of buying.
Impersonation/social network squatting: In this case, the hacker tweets you, friends you or otherwise contacts you online using the name of someone you know. Then he asks you to do him a favor, like sending him a spreadsheet or giving him data from "the office." "Anything you see on a computer system can be spoofed or manipulated or augmented by a hacker," says Desautels.
Posing as an insider: Imagine all the information you could extract from an unknowing employee if you posed as an IT help desk worker or contractor. "Roughly 90% of the people we've successfully exploited during [vulnerability assessments for clients] trusted us because they thought we worked for the same company as them," Desautels says.
On the Netragard blog, he describes an exploit in which a Netragard worker posed as a contractor, befriended a group of the client's workers and set up a successful phishing scheme through which he gleaned employee credentials, eventually gaining entry to the entire corporate infrastructure.
- Cloud and Co-Location Solutions
- New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection (Sponsored by McAfee)
- Choice and Control: Considerations for Developing Enterprise Cloud Strategies
- Smart Cloud: Move Beyond monitoring to Holistic Management of Application Performance
- MSP Guides for effective Endpoint Management Solutions
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Qureshi addresses the trend of ‘mojility’
- CITRIX SYNERGY ’13: IT needs to be empowered, says Sallam
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
Box buys iOS app to improve its own
Growing mobile malware threat swirls (mostly) around Android
Barracuda Networks raises free capacity of Copy.com to 15GB
Coke gives peace a chance ( +16 photos)