Networking sites could help hackers
Print storySocial climbing
Posted in Security, 14th July 2006 13:17 GMT
Free whitepaper – Vulnerability management buyer's checklist
Professional networking sites are unwittingly providing hackers with the possible means to carry out sophisticated social engineering scams, a UK security consultancy warns.
SecureTest was able to produce a comprehensive personal profile of an internal employee in a short time using data from social and professional networking sites such as Ryze, LinkedIn, and Ecademy. Combining the technique with careful web searching and cross referencing yielded information that would be difficult to obtain using traditional phone-based social engineering techniques.
In one example, a SecureTest researcher was able to obtain the full employment history and the names of key colleagues of an IT professional in a matter of hours. The worker involved had also listed details of his family members, professional memberships and hobbies.
SecureTest warns that the data could be used to impersonate an individual or to enable the hacker to build a relationship with key decision making personnel within a targeted organisation.
SecureTest isn't able to cite incidents where the attack has been used in practice, but warns that the risk it details is all too real. It advises firms to update their security policies in order to warn workers of the potential threat. ®
Image spam: the threat returns
Jump start your Application Security initiatives
The shortcut guide to managing certificate lifecycles
Avoiding 7 common mistakes of IT security compliance
Email continuity
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive