Social Networking to Gather Information: Over the last decade, some of the biggest security threats have come from the use of social networking. The rapid growth of these technologies lets millions of users each day post on Facebook, Twitter, and many other networks.
What Type of Information Are They Posting?
- Personal Information
- Location Information
- Friend Information
- Business Information
- Likes and Dislikes
The danger of making this wealth of information available is that a curious attacker can piece together clues from these sources and get a clear picture of an individual or a business.
With this information in hand, the attacker can make a convincing impersonation of that individual or gain entry into a business by using insider information.
NOTE: The process of using information from many different sources to indirectly gain insight about a hidden or protected target is known as inference.
When you, as an attacking party, play detective and gather information meticulously and as completely as possible, the results can be impressive.
Keeping your eyes and ears open, you can catch nuggets of information that human beings tend to let slip in the course of a conversation or a day.
Before you post any type of information on these networks, ask yourself a few questions:
- Have you thought about what to share?
- How sensitive is the information being posted, and could it be used negatively?
- Is this information that you would freely share offline?
- Is this information that you wish to make available for a long time, if not forever?
Social networking has made the attacker’s job much easier based on the sheer volume of data and personal information available.
In the past, this information may not have been as easy to get, but now, with a few button of clicks, it can be had with little time investment.
With the little effort is it possible for an attacker to gather the following:
- Locating Information
- Personal Data
- Company Information
- Photos of Private or Secure Facilities
- Information on coworkers
- Event or vacation information
Going back to our earlier exploration of Footprinting as a part of attack process, you learned just how powerful unprotected information can be.
When employees post information on social networks or other sites, it should always be with a mind toward how valuable the information may be in the wrong hands and whether it is worth posting.
It is easy to search social networks and find information that an individual may have shared to too wide an audience.
A Wealth of Information
In early 2009, Facebook officials announced that their user base had surpassed 400 million users, making it the largest social network of all time with further growth expected.
Likewise, Twitter claim to have 6 million unique monthly visitors and 55 million monthly visitors. With this kind of volume and these networks’ inherent reach, it’s easy to see why criminals look to these sites as a treasure trove of information and a great way to locate and identity victims.
Not surprisingly, security stories about Twitter and Facebook have dominated the headlines in recent years.
In one high profile case, hackers managed to hijack the Twitter accounts of more than 30 celebrities and organizations, including President Barack Obama and Britney Spears.
The hacked accounts were then used to send malicious messages, many of them offensive. According to Twitter, the accounts were hijacked using the company’s own internal support tools.
Twitter has also had problems with worms, as well as spammers who open accounts and then post links that appear to be about popular topics but that actually link to porn or other malicious sites.
Of course, Twitter isn’t alone in this: Facebook, too, regularly chases down new scams and threats.
Both sites have been criticized for their apparent lack of security, and both have made improvements in response to this criticism.
Facebook, for example, now has an automated process for deleting issues in users’ accounts that may indicate malware or hacker attempts.
With Facebook recently celebrating its 10 years anniversary and showing no signs of lessening in popularity, the issue of security will undoubtedly become higher profile.
Over the next decade, more apps, services, and other technologies can be expected to switch to mechanism that integrate more tightly with Facebook, using it as a sort of authentication mechanism.
Although for the sake of convenience this may be a good idea, from a security standpoint it means that breaching a Facebook account can allow access to a wealth of linked information.