Online sharing helps hackers sharpen 'spears'

Jul 29, 2013
Sharing on social media helps hackers sharpen "spear phishing" attacks they use to trick their way into computers, security experts said Monday.

Sharing on social media helps hackers sharpen "spear phishing" attacks they use to trick their way into computers, security experts said Monday.

Spear phishing refers to individualizing deceptive messages sent to people in order to trick them into clicking on links or opening files booby-trapped with viruses.

Public posts on Twitter, Facebook, Instagram, Foursquare and other online venues give hackers fodder to mimic the way people write and the words they use, said Ulisses Albuquerque of the Trustwave.

"I don't think people have any idea what kind of insight that gives to a potential hacker," Albuquerque told AFP.

He and colleague Joaquim Espinhara are at a premier Black Hat security conference in Las Vegas this week to present a talk titled "Using Online Activity As Digital Fingerprints To Create A Better Spear Phisher."

The Trustware security consultants created a software tool that "fingerprints" the way people communicate by analyzing online posts.

The tool scrutinizes posts at social networks such as Twitter, Facebook and LinkedIn to ascertain writing styles, right down to hashtags added to indicate subjects of online posts.

A hacker unable to break into a company's computer network could write a convincing email pretending to be from a friend of an employee and include an attachment or link that, once clicked, unleashes malicious code.

"Say a CEO has a Twitter or LinkedIn account and I am able to see those posts," Albuquerque said.

"Then I could produce content that looks like it came from him and send it to his staff, who will be less suspicious of clicking a link."

He said the Trustwave-developed tool was not designed to extrapolate insights into people's conduct or personalities, but that such observations could be made if desired.

"Absolutely, you can show what the people posting are like," Albuquerque said.

The tool provides "spear phishers" with outlines for creating messages likely to hook prey.

It is intended for "ethical hackers" such as security professionals working with companies or organizations to find and patch weak spots in computer network defenses, according to Albuquerque.

It can also be used to help prove when posts claiming to be written by someone are bogus, he said.

Explore further: Twitter security in crosshairs after AP account hijack

add to favorites email to friend print save as pdf

Related Stories

Facebook introduces hashtags

Jun 12, 2013

Facebook is introducing hashtags, the number signs used on Twitter, Instagram and other services to identify topics being discussed and allow users to search for them.

Facebook to use Twitter hashtag style

Mar 14, 2013

Facebook is preparing to take on Twitter by adopting the messaging service's iconic hashtag symbol, The Wall Street Journal reported Thursday.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

VendicarE
1 / 5 (1) Jul 30, 2013
Isn't online sharing (digital communication) what digital communication is all about?

In further news... Chemicals help drugs do their work.

More news stories

First steps towards "Experimental Literature 2.0"

As part of a student's thesis, the Laboratory of Digital Humanities at EPFL has developed an application that aims at rearranging literary works by changing their chapter order. "The human simulation" a saga ...

TCS, Mitsubishi to create new Japan IT services firm

India's biggest outsourcing firm Tata Consultancy Services (TCS) and Japan's Mitsubishi Corp said Monday they are teaming up to create a Japanese software services provider with annual revenues of $600 million.

Finnish inventor rethinks design of the axe

(Phys.org) —Finnish inventor Heikki Kärnä is the man behind the Vipukirves Leveraxe, which is a precision tool for splitting firewood. He designed the tool to make the job easier and more efficient, with ...

Meth mouth menace

Something was up in Idaho. While visiting a friend in Athol, a small town north of Coeur d'Alene, Jennifer Towers, director of research affairs at the Tufts University School of Dental Medicine, noticed ...