Online sharing helps hackers sharpen 'spears' | Inquirer Technology

Online sharing helps hackers sharpen ‘spears’

01:14 PM July 30, 2013

AP FILE PHOTO

SAN FRANCISCO – Sharing on social media helps hackers sharpen “spear phishing” attacks they use to trick their way into computers, security experts said Monday.

Spear phishing refers to individualizing deceptive messages sent to people in order to trick them into clicking on links or opening files booby-trapped with viruses.

Article continues after this advertisement

Public posts on Twitter, Facebook, Instagram, Foursquare and other online venues give hackers fodder to mimic the way people write and the words they use, said Ulisses Albuquerque of the security firm Trustwave.

FEATURED STORIES

“I don’t think people have any idea what kind of insight that gives to a potential hacker,” Albuquerque told AFP.

He and colleague Joaquim Espinhara are at a premier Black Hat security conference in Las Vegas this week to present a talk titled “Using Online Activity As Digital Fingerprints To Create A Better Spear Phisher.”

Article continues after this advertisement

The Trustware security consultants created a software tool that “fingerprints” the way people communicate by analyzing online posts.

Article continues after this advertisement

The tool scrutinizes posts at social networks such as Twitter, Facebook and LinkedIn to ascertain writing styles, right down to hashtags added to indicate subjects of online posts.

Article continues after this advertisement

A hacker unable to break into a company’s computer network could write a convincing email pretending to be from a friend of an employee and include an attachment or link that, once clicked, unleashes malicious code.

“Say a CEO has a Twitter or LinkedIn account and I am able to see those posts,” Albuquerque said.

Article continues after this advertisement

“Then I could produce content that looks like it came from him and send it to his staff, who will be less suspicious of clicking a link.”

He said the Trustwave-developed tool was not designed to extrapolate insights into people’s conduct or personalities, but that such observations could be made if desired.

“Absolutely, you can show what the people posting are like,” Albuquerque said.

The tool provides “spear phishers” with outlines for creating messages likely to hook prey.

It is intended for “ethical hackers” such as security professionals working with companies or organizations to find and patch weak spots in computer network defenses, according to Albuquerque.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

It can also be used to help prove when posts claiming to be written by someone are bogus, he said.

TOPICS: Hackers, Internet, News, technology
TAGS: Hackers, Internet, News, technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.