Tuesday, January 26, 2010

Social Engineering via Social Networks

The Financial Times reports that the hackers responsible for attacking Google used social networking sites to infiltrate the search engine's network. According to the Financial Times,
The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were. The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.“We’re seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them,” said George Kurtz, chief technology officer at security firm McAfee.“Someone went to the trouble to backtrack: ‘Let me look at their friends, who I can target as a secondary person’.”
This article highlights how our personal information can be exploited in unexpected ways and provides a real-world example to many of concepts we discussed in class.

No comments: