Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Jobs

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Networking
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

How hackers find your weak spots

A look at some of the ways hackers use social networking tools to gain access to victims' systems

By Mary Brandel
October 19, 2009 06:00 AM ET
Comments
(0)
Recommended
(30)
Digg
Share/Email



Computerworld - While there are an infinite number of social engineering exploits, typical ones include the following:

Stealing passwords: In this common maneuver, the hacker uses information from a social networking profile to guess a victim's password reminder question. This technique was used to hack Twitter and break into Sarah Palin's e-mail.

Friending: In this scenario, a hacker gains the trust of an individual or group and then gets them to click on links or attachments that contain malware that introduces a threat, such as the ability to exploit a weakness in a corporate system. For example, says Netragard CTO Adriel Desautels, he might strike up an online conversation about fishing and then send a photo of a boat he's thinking of buying.

Impersonation/social network squatting: In this case, the hacker tweets you, friends you or otherwise contacts you online using the name of someone you know. Then he asks you to do him a favor, like sending him a spreadsheet or giving him data from "the office." "Anything you see on a computer system can be spoofed or manipulated or augmented by a hacker," says Desautels.

Posing as an insider: Imagine all the information you could extract from an unknowing employee if you posed as an IT help desk worker or contractor. "Roughly 90% of the people we've successfully exploited during [vulnerability assessments for clients] trusted us because they thought we worked for the same company as them," Desautels says.

On the Netragard blog, he describes an exploit in which a Netragard worker posed as a contractor, befriended a group of the client's workers and set up a successful phishing scheme through which he gleaned employee credentials, eventually gaining entry to the entire corporate infrastructure.

Next: BT's Web 2.0 security strategy

Related Links

Read more about security in Computerworld's Security Knowledge Center.

Comment Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints


Jump to comments

hackers

Additional Resources

Microsoft
DirectAccess and UAG: Better Together
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Case Study: Energy Firm Tightens Protection, Simplifies IT Work
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

0 comments | Add new
See all comments (0) | Add new

White Papers & Webcasts

Death to PST Files
Download Now  

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.  

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.  

WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!

Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now  

Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.

What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now  

Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefing: More than Business Value

Computerworld Briefing: Staffing for Intelligence

All Computerworld Reports

Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.



IT Jobs

 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.