Social Networking Sites - spams, scams, hacks,viruses
Lots and Lots of Networking sites and at the same lots of vulnerabilities too |
Orkut, Facebook, twitter, Myspace, LinkedIn, Hi5, Friendster .. these are the social networking sites which I am using right now. You may be member of more or less - but if one is on net , then 99 % chances are there that they are member of atleast one social network. But all members on Social Netowrking sites are not genuine , some hackers, crackers will always be there.
With social networking sites attracting millions every month, the risk of virus attacks, account hijacks and spam mounts.
Several instances of hackers exploiting these networks have exposed flaws in the system. In April this year, Michael Mookey, a 17-year-old student from New York, created a virus that sent automated tweets in thousands through a cross-site scripting vulnerability. Twitter acknowledged the attack but insisted that no user-sensitive data was lost. Apparently, Mookey only meant to popularise his site, stalkdaily. In August, Twitter was shut down for a few hours when created a worm that caused its servers to crash. The same morning, Facebook confirmed that there was a similar attack but said it affected only a part of the network.
Earlier these october, thousands of Hotmail passwords were leaked and Microsoft blocked many accounts and restored after getting the accounts confirmed, may be some 10,000 accounts' data was stolen. And in the first week of the month, independent technology blogger Micheal Arrington of Techcrunch.com blew the lid off the dubious CPA (cost-per-action) advertisements that were being run by game developer Zynga via games such as Farmville and Mafia Wars on social networking sites.
Hacking into social networks requires very little technical skill. It's much more of a psychological game -- using information on personal profiles to win a complete stranger's trust.
This second type of hacking is called social engineering. Social engineering uses persuasive psychological techniques to exploit the weakest link in the information security system: people [source: SearchSecurity.com]. Examples of social engineering scams could be:
- Calling a systems administrator posing as an angry executive who forgot his password and needs to access his computer immediately.
- Posing as a bank employee and calling a customer to ask for his credit card number.
- Pretending to lose your key card and kindly asking an employee to let you into the office.
When creating a profile page on a social network, many people fail to consider the possible security risks. The more personal and professional information you include on your public profile, the easier it is for a hacker to exploit that information to gain your trust.
Let's say you're an engineer and you blog about one of your current projects on your Facebook page. A hacker can use that information to pose as an employee from that company. He has your name and your position in the company, so you're liable to trust him. Now he can try to get a password out of you or proprietary information that he can sell to your competitors.
The security advantage of most online social networks is that only your "friends" or members of your network can see your complete profile. That's only effective if you're extremely selective about whom you include in your network. If you accept invitations from absolutely everyone, one of those people may potentially be a hacker.
Social networking sites are vulnerable to attacks because their ‘openness’ encourages users to share information. The problem with online social networks is that they have no built-in authentication system to verify that someone is indeed who they say they are. A hacker can create a free profile on a site like LinkedIn, designing his profile to match perfectly with the business interests of his target. If the target accepts the hacker as a connection, then the hacker suddenly has access to information on all of the target's other connections. With all that information, it's possible to construct an elaborate identity theft scam.
To fight back against social engineering, the key is awareness. If you know that social engineering hackers exist, you'll be more careful about what you post on your online profiles. And if you're familiar with common social engineering scams, you'll recognize a con when it's happening instead of when it's too late.
With millions connected to such social media sites as Facebook, Myspace and Twitter, it poses a severe risk to the personal details of users. The users must not share log-in information and must change the passwords regularly. More importantly, their social networking log-in credentials must be different from their banking log-in information.