How hackers find your weak spots

The top four emthods hackers use to fool you

Mary Brandel (Computerworld (US))
20 October, 2009 03:29
Comments

While there are an infinite number of social engineering exploits, typical ones include the following:

Stealing passwords: In this common maneuver, the hacker uses information from a social networking profile to guess a victim's password reminder question. This technique was used to hack Twitterand break into Sarah Palin's e-mail.

Friending: In this scenario, a hacker gains the trust of an individual or group and then gets them to click on links or attachments that contain malware that introduces a threat, such as the ability to exploit a weakness in a corporate system. For example, says Netragard CTO Adriel Desautels, he might strike up an online conversation about fishing and then send a photo of a boat he's thinking of buying.

Impersonation/social network squatting: In this case, the hacker tweets you, friends you or otherwise contacts you online using the name of someone you know. Then he asks you to do him a favor, like sending him a spreadsheet or giving him data from "the office." "Anything you see on a computer system can be spoofed or manipulated or augmented by a hacker," says Desautels.

Posing as an insider: Imagine all the information you could extract from an unknowing employee if you posed as an IT help desk worker or contractor. "Roughly 90% of the people we've successfully exploited during [vulnerability assessments for clients] trusted us because they thought we worked for the same company as them," Desautels says.

On the Netragard blog, he describes an exploit in which a Netragard worker posed as a contractor, befriended a group of the client's workers and set up a successful phishing scheme through which he gleaned employee credentials, eventually gaining entry to the entire corporate infrastructure.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Facebook

References show all

Comments are now closed.

Share
Share this article1
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Indian travellers to African and American nations are having a tough time ..."

Attack on Telenor was part of large cyberespionage operation with Indian origins: report
""Box acquired the Folders intellectual property from its developer Martin Destagnol..." I ..."

Box buys iOS app to improve its own
"The Android based suppliers need to be forced to update the versions ..."

Growing mobile malware threat swirls (mostly) around Android
"Yet another invite to copy.com with 20GB for free https://copy.com?r=klzP2t"

Barracuda Networks raises free capacity of Copy.com to 15GB
"The best use of video conferencing I have seen, bringing world peace ..."

Coke gives peace a chance ( +16 photos)

Tags: hackers, security

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Featured Resources

Virtualization and Consolidation Solutions

Both a challenge and solution are presented here for deploying equipment offsite in co-location sites or the cloud.

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

NovaStor NovaBackup Solutions. Simple, Fast and Reliable Windows Backup Software.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Latest Jobs