Computer Crime Research Center

hack/1018031491.jpg

Hackers attack social networks

Date: June 22, 2006
Source: mercurynews.com
By: John Boudreau

Social networking sites, where millions of people communicate with friends and family, are emerging as the next frontier for Internet pickpockets.

These hackers and data miners are beginning to tap into the vast amount of personal information stored on these sites to defraud unsuspecting chatters. So far, such efforts have been limited. But security experts believe social networkers could be vulnerable to ``spear-phishers,'' criminals who send masked messages to a small number of people that appear to be from someone they know, as well as other, more general scams.

``Social networking sites are always going to be rich pickings,'' said Chris Boyd, research manager for Face Time Security Labs, a Foster City company that recently discovered an attack on Orkut, Google's social networking site. ``It's almost like fishing in a barrel.''

While the dangers of sexual predators trolling these sites have been highlighted in recent months, risks to personal and financial information are not on the radar screens of many people.

Last week, Orkut was hit with a worm seeking financial information and passwords. In early June, an instant-messenger phishing assault on My Space users tried to steal account information. And in October, the site, which is owned by News Corp. and has more than 70 million users, shut down briefly after a member named ``Samy'' inserted malicious code into the profiles of members who viewed a specific page. More than a million people unknowingly became a ``friend'' of Samy. The code didn't steal any information from users, but illustrates how a hacker can begin to infiltrate a person's profile.

``This is something we'll be seeing a lot of,'' said Dmitri Alperovitch, principal research scientist at CipherTrust, a message security company. ``The potential for criminal activity is enormous here.''
Original article



Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo