Social networking security breaches
There are risks to engaging social networks.
The Information Technology security market has been dominated recently with debate over the success and intensity of consumer response to the social interactive websites such as Facebook.com. At the heart of this debate is the notion that whilst every attempt is made to facilitate a regulated, secure e-communication environment, there is a real danger of users overlooking security risks and falling prey to cyber criminals.
Most notably and alarmingly there seems to be an increasingly blasé attitude to information security when it comes to these specific websites.
The principle of keeping in contact, albeit through a Facebook or personalized page/ site, is appealing. There is no cost associated with taking part and there are a host of digital activities one can participate in – from posting messages on a superwall right through to conventional e-mail correspondence, horoscope updates, events and group management, posting pictures & albums, video clips and much more.
According to information supplied by Symantec about Facebook.com, the Web service has taken a granular approach to privacy issues. This means that users or those with profiles can adjust privacy settings to an array of configurations and thereby allow for any level of access, or control the extent to which their personalized information is displayed.
However, the main security risk with any social network is that it provides a collective target for cyber-criminals. There is no real way of checking who is keeping tabs on people’s personal details or why. Threats can take many shapes or forms and a user who provides access to personal information and does not exercise caution could expose themselves to anyone from the casual hacker right through to a sexual predator.
It would be naïve of end users to think that there are no loopholes or grey areas on the Internet that can be exploited. The fact is that a skilled cyber criminal can only benefit from knowing more about their intended target – they can reduce their social engineering tactics to manipulate the situation.
With enough information an attacker may be in a position to gain access to the network using personal information and call the corporate helpdesk using their credentials. This risk is escalated and could be used to gain further information pertaining to bank details etc.
Interestingly enough it is often the most common, seemingly innocent activities that lead to the most damage. For example, pictures meant for positing on sites or to place on profiles may, either intentionally or accidentally, contain a Trojan Horse. Information requests that originate from ‘known’ sources could turn out to be well planned social engineering activity designed to solicit personal information to enable further, more sinister attacks.
Recent media reports also suggest that social network websites are gaining the attention of concerned authorities.
Whatever the result of this situation or that which transpires with similar scenarios, one thing is for certain: any user that enters the public digital domain should remain vigilant and always be mindful of the extent to which they share information, or interact with fellow users. Failure to do so could carry with it severe consequences.
Facebook is not the only social network on the Internet, but it can certainly claim to have successfully captured the interest of a wide online audience. End users are attracted to the opportunity to immediately make and/ or sustain contact with friends and family. People are encouraged to seek out old faces and make acquaintances with new ones. And the fact that it is freely available and accessible through a straightforward username and password registration process adds to the success of the Facebook recipe.
Remember that many of these attacks are motivated by financial gain, so the more information that is available, the more the attacker can gain. Trojan Horses, false information requests and material swap through the Internet could provide instant back-door access to the site and could pose a serious risk for the user. One article posted on www.iol.co.za quotes a spokesperson for New York Attorney General Andrew Cuomo as saying that Facebook has been notified that it could face a consumer fraud charges for "failing to live up to claims that youngsters there are safer from sexual predators than at most sites and that it promptly responds to concerns." This follows as investigation by the office of the Attorney General into the alleged failure of Facebook to respond to calls and emails from state investigators.
Clint Carrick is the CEO of Cyber Detectives (www.carrik.co.za)