Social engineering through social networks

There’s an interesting story in the Financial Times about how the attacks on Google may have been engineered through social networks of targeted employees, posing as friends in order to persuade them to click on compromised links. It’s a classic example of contemporary espionage, illustrating the growing power of social networks as well as the importance of strong authentication. The attack might seem unusually sophisticated to many people, but it’s precisely what we should expect, given the current state of the art in information security. The solution lies in better security education for potential targets of attacks. Unfortunately, there’s been far too much secrecy surrounding these incidents. Companies in the front line for such attacks need much better advice on how to avoid becoming the target of future attacks. That means more imaginative thinking on how such offensive techniques might develop in the future. We need to understand what’s coming next rather than what’s gone before.