The Washington Times Online Edition
Select a category: 

Inside the Ring: FBI on social-network risks

The FBI recently published a report warning of the dangers posed by social-network sites that it says are being exploited by digital “con artists, criminals and other dishonest actors.”

The FBI report, made public earlier this month, states that social-networking criminals are “exploiting this capability for nefarious purposes,” using two main tactics.

They include computer hackers who specialize in writing and manipulating computer code to gain access or install software on computers and phones. The second method involves hackers who specialize in exploiting personal connections through social networks.

“Social hackers, sometimes referred to as ‘social engineers,’ manipulate people through social interactions (in person, over the phone, or in writing),” the report said.

“Humans are a weak link in cybersecurity, and hackers and social manipulators know this. They try to trick people into getting past security walls. They design their actions to appear harmless and legitimate.”

Social-networking sites such as Facebook and others are Internet-based services that are used to share information and communicate.

According to the FBI, the risk of using social-network sties is that “once information is posted to a social-networking site, it is no longer private.”

“The more information you post, the more vulnerable you may become,” states the report, posted on the National Counterintelligence Executive site. “Even when using high-security settings, friends or websites may inadvertently leak your information.”

Personal information obtained by hackers and criminals on social networks can be used to conduct attacks on people or organizations; and the more information that is shared, “the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites,” the report said.

Foreign intelligence agencies, predators, hackers and business competitors are among those who use social-networking sites that can be targeted in attacks. The information may not be used to attack the social-networking site, but could be used in other attacks.

Among the tactics used are infected USB flash drives preloaded with malicious software that are provided to people as part of an attack.

Another method is the use of messages from a friend on the social network that directs you to view a video on another site. However, when you view the video, a message appears asking you to download a new version of the software that is in reality a virus that will then take over your computer.

The malware then communicates to all “friends” on the network directing them to the same virus and thus giving them control of multiple computers.

The FBI report warns computer users to avoid “phishing” scams by not opening email or email attachments or click on links from people you do not know.

“Spear phishing” was behind the March 2011 hacker attack in emails sent to a small group of employees of the security firm RSA, which provided banking and other corporate-security software.

“They only needed one employee to open an infected file and launch the malware,” the report said. “The malware downloaded information from RSA that then helped the hackers learn how to defeat RSA’s security token.”

That attack led to the compromise of “a number of defense contractors’ networks” that were broken into as a result of the compromised RSA security token.

U.S. officials said at the time that China was thought to have been behind the RSA hack and the subsequent breach of the networks of the defense giant Lockheed Martin.

Another cyberthreat in the FBI report is called “click-jacking,” or concealing hyperlinks beneath legitimate clickable content that, when clicked, causes a user to unknowingly download a computer virus or send a user’s identification to a site.

Facebook “like” buttons and digital “share” buttons have been used for this purpose.

Story Continues →

View Entire Story
About the Author

Bill Gertz

Bill Gertz is a national security columnist for The Washington Times and senior editor at The Washington Free Beacon (www.freebeacon.com). He has been with The Times since 1985.

He is the author of six books, four of them national best-sellers. His latest book, “The Failure Factory,” on government bureaucracy and national security, was published in September 2008.

Mr. ...

Comments
blog comments powered by Disqus
All site contents © Copyright 2014 The Washington Times, LLC
Jobs | About | Customer Service | Terms | Privacy