Social Engineers Dodge Security via Facebook

Home

Online Media

Social Engineers Dodge Security via Facebook
By Brian Prince
2009-04-08

Article Rating:

/ 1

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

A penetration test by Netragard at an energy company highlights how hackers can use Facebook, LinkedIn and other social networking sites as part of phishing schemes. In the test, Netragard used social engineering to get its hands on information that could have been used to compromise critical systems at the company. Addressing this security issue means having smart policies about what employees can and cannot do on the Web.

The most important part of an attack isn't always a vulnerability; sometimes it's the user's trust.

This was certainly the case during an authorized penetration test at an energy company conducted by security vendor Netragard. Looking for a way inside the customer's defenses, the vendor turned to Facebook. Testers built a profile claiming to be of an employee of that company, bolstered it with information on work experiences taken from actual employees of the energy company and began "friending."

What the Facebook "friends" didn't know was that this was all part of a long con—a bit of social engineering used to lull the employees into giving up their credentials more easily. The simulated attack underscores both the importance of having sound policies on employee use of sites like Facebook, LinkedIn and MySpace and the challenges of authenticating users on the Web.

"Before the advent of social networks, criminals were able to access your employees through things like spam, or maybe they could call them up and social-engineer them," said Adriel Desautels, CTO of Netragard. "But sites like Facebook and MySpace and LinkedIn and all these different sites [give] criminals the ability to bypass just about any security technology you have in place and gain direct social access to your employees."

Read the rest of this article on eWEEK.com.

	Discuss Social Engineers Dodge Security via Facebook

	>>> Be the FIRST to comment on this article!



	>>> More Online Media Articles >>> More By Brian Prince

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Buyer's Guide

	Explore hundreds of products in our Publish.com Buyer's Guide.

	Web design Content management Graphics Software Streaming Media	Video Digital photography Stock photography Web development

View all >

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Dec 10, 4 p.m. ET
Eliminate the Drawbacks of Traditional Backup/Replication for Linux with Michael Krieger. Sponsored by InMage

Dec 11, 1 p.m. ET
Data Modeling and Metadata Management with PowerDesigner with Joel Shore. Sponsored by Sybase

Dec 12, 12 p.m. ET
Closing the IT Business Gap: Monitoring the End-User Experience with Michael Krieger. Sponsored by Compuware

Dec 12, 2 p.m. ET
Enabling IT Consolidation with Michael Krieger. Sponsored by Riverbed & VMWare

Join us on Dec. 19 for Discovering Value in Stored Data & Reducing Business Risk. Join this interactive day-long event to learn how your enterprise can cost-effectively manage stored data while keeping it secure, compliant and accessible. Disorganized storage can prevent your enterprise from extracting the maximum value from information assets. Learn how to organize enterprise data so vital information assets can help your business thrive. Explore policies, strategies and tactics from creation through deletion. Attend live or on-demand with complimentary registration!

Register Today!

FEATURED CONTENT

IT LINK DISCUSSION - MIGRATION
A Windows Vista® migration introduces new and unique challenges to any IT organization. It's important to understand early on whether your systems, hardware, applications and end users are ready for the transition.
Join the discussion today!

.NAME Charging For Whois
Whois has always been a free service, but the .NAME registry is trying to change that.
Read More >>

Sponsored by Ziff Davis Enterprise Group

NEW FROM ZIFF DAVIS ENTERPRISE

Delivering the latest technology news & reviews straight to your handheld device

Now you can get the latest technology news & reviews from the trusted editors of eWEEK.com on your handheld device
mobile.eWEEK.com

RSS 2.0 Feed

Publish.com

Google Watch

Google GPay Patent Whets the Wireless Thirst

Google Drops Curtain on Home Decor Trademark Suit

Google News Goes Straight to the Source

Video Interviews

Designing Apps for Usability
DevSource interviews usability pundit Dr. Jakob Nielsen on everything from the proper attitude for programmers to the importance of prototyping in design to the reasons why PDF, Flash and local search engines can hurt more than they help.

BUYER'S GUIDES

• Content management

• Digital photography

• Graphics Software

• Stock photography

• Streaming Media

• Video

• Web development

• Web design

View all >

	Publish: Contact Us \| Advertise \| Site Map

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2013 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Publish is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.