Disclaimer

Thoughts and opinions expressed here may not reflect those of my employer:
Ketchum

Subscribe to the jamesjdonnelly channel on YouTube

J.D.’s Tweets

Creative Commons License

What’s good about networking is great for hackers

Organizations are wise to adapt to the unstoppable force that is social networking.  At this point, if you don’t agree please refer to the myriad perspectives that advocate this point, right after you crawl out from under your rock.

Yes, there are reputational risks for companies/brands that engage through social media.  These have been well documented with ample perspectives on how to prepare against such risks.  (Ahem.  Cough, cough.)

In addition, there are technological risks.  Being “social” on these networks inherently implies that people are casual with information and, at times, complacent about how widespread that information is being shared.  When (un)official company networks sprout, it’s the candid banter of employees or alumni typically reveals more than an untrained eye can see.

Like mosquitoes to standing water, hackers love social networks.  The casual banter provides the information from which they can plan attacks against company infrastructures.   If you have the stomach for it, you should read the play-by-play account of how a team of hackers used information pilfered from Facebook to infiltrate the entire infrastructure of an organization: 

In summary:

  • Technical reconnaissance detected a vulnerability in the company’s corporate website, which could be exploited
  • Hackers scanned nearly 200 employee Facebook profiles to piece together enough information to create a fictitious but realistic doppelganger (the profile was an attractive female to target male 20-40 year-old employees)
  • The hackers launched the Facebook profile and the friends list grew quickly to include managers, executives, secretaries, interns, and even contractors
  • Three days were spent “conversing” on topics learned from the previous profiling of Facebook conversations
  • A link was provided with a note — “Omigawd have you seen this I think we got hacked!” – and people began clicking and verifying credentials, which provided access to the web-vpn  and the entire network

Scary, huh?  Luckily, the operatives were a team of “anti-hackers” who are hired to infiltrate so that companies can make improvements.

Of course, being too loose with information on social networks may affect individuals as well.  A recent report from the U.K. shared that insurance companies are considering raising premiums based on how much revealing information can put a policyholder’s security and valuables at risk.

In the end, all individuals — company and non —  must be reminded to only Tweet/post information that they’d say comfortably through a bullhorn on a street corner…in a not-so-safe part of town.

As always, I’d love your comments below.  Feel free to share, Digg, Tweet, post…just please be careful!

Update (May 6):  If Facebook’s Open Graph gets widely adopted, it must be assumed that the pool of private information from which hackers can draw will grow exponentially.  More user preferences, links, likes and dislikes provide more patterns for hackers to exploit.  I expect a few large hacking incidents will kick the social networking privacy debate into overdrive.

6 comments to What’s good about networking is great for hackers

  • [...] This post was mentioned on Twitter by James Donnelly. James Donnelly said: BLOG: What's good about networking is great for hackers. http://bit.ly/9ubDTR [...]

  • Joe Carleo, APR

    James,

    This post is scary but shows strong educational value. I deal with a number of non-profits who want to use social media to raise money, but they don't have a hacker resistant tech infrastracture so may be victimized. Although hackers probably won't get proprietary info, the non-profit's brand could be seriously damaged and may require lots of expensive IT rethinking in addition to PR damage. In this tight economy, they can't afford this potentially expensive mistake.

    Joe Carleo, APR
    Advanced Language & Media Services

    • Good thoughts, Joe. These particular hackers were tartgeting IT, but you have to wonder if their "social networking trolling" would produce similar results if they were targeting proprietary information, non-profit financial information, blueprints for the future, or anything else stored on a hard drive. Which, these days, is pretty much everything.

      Thanks for participating. (See you at the next PRSA-Charlotte event!)

    • Ralph G. Rogers

      Hi Folks,

      All that has been said here will not stay here no more than the large amount information we share on our internet social networks with hackers being an expensive but only a small portion of the total problem.

      With only the addition of a drivers license and/or SS number these lurkers may know more about us than our friends and families and a quick phishing expedition by the lurkers may provide even that information.

      Our use of social networking makes Identity theft, burglery and the commission of many other crimes ever so much easier.

      What we do not give the lurkers ourselves a little quick internet research will. Remember there are many pay sites with huge databases that can provide almost anything we ourselves to not post.

      Ralph G. Rogers
      Dallas, Texas

      • Such good points, Ralph, thank you. I don't think people realize how much they put themselves (and corporate networks) at risk through the information that's shared through social networks, databases, blogs….comment posts……. Okay, now I've scared myself. I better stop there. ; )

  • [...] can harm personal privacy or sensitive corporate information.  As one example, keep in mind that hackers love to collect information – including where you’ve been and when – before they [...]

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>