Social Engineering of Social Networking
It would be difficult for me to say how many people I know have a Facebook or Myspace account (or both). Many do. I had a Myspace account for a while, but I got tired of it. My ego didn’t need to be fed any longer by strangers who wanted to read about what I was doing today. Most parents have probably seen hundreds of pictures of their daughter, and their daughter’s friends pursing their lips and holding up their fingers in what I refer to as the Myspace pose. So there are tons of people out there on these social network sites. And they all want to customize their page with stuff: OMG, LOL, check out what ur Scooby Doo name is! or various applications that are now available through third party installable programs. Not only are your future employers using these sites to check you out, but so are those with more malicious intent. They are diving into your account trying to persuade you to go to sites where you either reveal your personal information or download and agree to installing a piece of software that will do it for them. All by seemingly harmless postings on your page. They are starting to call them ‘drive by downloads’. One little link on a friend’s page, you trust them, so you get the link too. Anyone who clicks the link downloads something to their computer, and not thinking about the repercussions, click ‘ok’ because we’re so used to all the random safeguards on our modern computers.
Social engineering has long been the way ‘hackers’ (I use this term loosely) gain information to be used maliciously. Long before the days of the web 2.0 these people were gathering dial in numbers and usernames and passwords from pieces of paper left around, in the trash, or by phoning up an unsuspecting staff member. Then came spam, soliciting something fun, sending you to links that were riddled with virus programs. Today we’ve learned these tricks and how to stay ahead of them, to an extent, but the experts in social engineering will continue to find ways to get the information you’re not so willing to give. These days, social networking sites are all the more happy to just give out that information. Oh, but your account is private? Do you really know that person you just let be a friend? Did you install an application or put one of those quiz links on your page? How about a friend of yours? Each new application can be developed and in those applications user information can be garnished. Most programmers will not care about gathering information, but some do. Every link could be malicious, you really don’t know until you go there, and even then, do you really? Not every anti-virus or security suite catches everything. It may already be too late.
Does it bother you that every move you make is tracked by a company? It happens every day, whether it is simple user information about the website you’re visiting, or if it’s something more complex, like your email address dug up through that application that tells you who your best love match is. You can be as paranoid or not as you want to be, hoping that your anti-virus/Internet security system is more up-to-date than those trying to steal your information. I don’t have a foil hat, but I try to keep up to date with the goings on in the security world, even if it doesn’t directly relate to me, as anyone who uses the Internet should. As long as your computer is connected, it is vulnerable to attack. Whether or not you help it along is up to you.