Social engineering through social networks

There’s an interesting story in the Financial Times about how the attacks on Google may have been engineered through social networks of targeted employees, posing as friends in order to persuade them to click on compromised links. It’s a classic example of contemporary espionage, illustrating the growing power of social networks as well as the importance of strong authentication. The attack might seem unusually sophisticated to many people, but it’s precisely what we should expect, given the current state of the art in information security. The solution lies in better security education for potential targets of attacks. Unfortunately, there’s been far too much secrecy surrounding these incidents. Companies in the front line for such attacks need much better advice on how to avoid becoming the target of future attacks. That means more imaginative thinking on how such offensive techniques might develop in the future. We need to understand what’s coming next rather than what’s gone before.  

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

As more and more employees participate in social networking, it's expected that attackers are also taking advantage of that venture as well. I recently did a post on my blog, http://securnetworks.com/blog/ls0, about hacked social networking accounts being sold on the hacker underground.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close