POWERFUL PEOPLE and FRIENDS

(Authentic) POWERFUL PEOPLE "Truly" Serve Others WELL!

 

LinkedIn is a Hacker's Dream TOOL

 

SAN FRANCISCO -- If you use LinkedIn, you've probably told the site where you work, what you do and who you work with. That's a gold mine for hackers, who are increasingly savvy in using that kind of public -- but personal -- information for pinpoint attacks.

It's called "spear phishing," and it paid off last year in two especially high-profile security breaches: a Gmail attack that ensnared several top U.S. government officials and a separate attack on RSA, whose SecurID authentication tokens are used by millions.

In both cases, the attackers successfully tricked their targets into opening e-mail attachments that appeared to come from trusted sources or colleagues.

Investigators haven't disclosed how the attackers gathered information on their victims, but at RSA's security conference last month, the risks of social networking sites -- and LinkedIn (LNKD) in particular -- were a hot topic. Dozens of presenters said the business networking site could be a potent weapon in the hacker toolkit.

"Businesspeople are using LinkedIn for research purposes, and headhunters and marketers use it to recruit. Why wouldn't Chinese intelligence agents use it as well to spear phish?" said security analyst Ira Winkler, the author of "Spies Among Us."

Most of the discussion about LinkedIn's risks was theoretical -- investigators say it's almost impossible to trace back the original source of personal data used in successful "social engineering" attacks.

But in one arresting case study, self-described "hacker for hire" Ryan O'Horo demonstrated how he used LinkedIn to get inside a client's corporate network.

[Related: 5 Degrees For Thriving Tech Careers]

O'Horo is a managing security consultant for IOActive, a services firm that offers vulnerability testing. His customer, a "high-profile company with tens of thousands of employees," had top-notch technical protections.

"We needed to go to the next level," O'Horo said of his efforts to crack its network.

http://l.yimg.com/os/284/2012/03/13/linkedin-connections-top-jpg_171818.jpg" width="475" />A recent hacker forum posting (Courtesy: Imperva)O'Horo created a fake account on LinkedIn, posing as a company employee. He stocked the profile with realistic details -- a plausible job history and skill set -- plus a few credibility-establishing flourishes like a membership in a local hockey league. From his dummy account, O'Horo sent out 300 connection requests to current company employees. Sixty-six were accepted.

Next, O'Horo requested access to a private LinkedIn discussion forum the company's employees had created. The group's moderators granted his request without ever checking a company directory to confirm his identity.

"Now I had an audience of 1,000 company employees," O'Horo said. "I posted a link to the group wall that purported to be a beta test sign-up page for a new project. In two days, I got 87 hits -- 40% from inside the corporate network."

O'Horo got caught just three days into his LinkedIn attack: An astute employee figured out he didn't belong and blew the whistle. But he'd already made his point.

"They were definitely surprised that the group existed," O'Horo said of his client's response to his report. "It wasn't a formal company group; there was no oversight or policy covering that aspect of their social presence. The people in charge of their information security didn't know it was there."

Hackers don't need anything so fancy as private discussion forums to take advantage of LinkedIn, though. The site's users openly display plenty of valuable data.

At last summer's DefCon security conference, a group of "social engineering" hackers staged a game in which contestants attempted to trick employees at more than a dozen major companies -- including Apple (AAPL, Fortune 500), AT&T (T, Fortune 500), Calmar (WMT, Fortune 500) and United Airlines (UAL, Fortune 500) -- into disclosing sensitive corporate information. Next to Google (GOOG, Fortune 500), LinkedIn was the competitors' most widely used resource.

[Related: 4 Things Identity Thieves Don't Want You To Know]

Some people divulged specific technical information about their employer's infrastructure in their profiles, while others offered up details that could be used for stealth attacks. For example: If you can learn the name of a target's colleagues, it's fairly easy to fake an email that appears to come from one of them.

LinkedIn says it urges users to think carefully about the information they choose to reveal.

"We recommend members connect only with people that they know and trust," says company spokesman Richard George. "All Internet users should of course be aware of the fact that there are bad guys out there who unfortunately resort to things like phishing attacks, and that people should use common sense and tools available to them to ensure that they don't fall prey."

LinkedIn's vulnerability, though, is inextricably tied to its growth. The site now has 150 million users -- almost twice as many as it had just one year ago. As its database grows richer, its value increases for both its members and those wishing to exploit them.

Security researcher Rob Rachwald regularly monitors the chatter on sites and chat rooms where hackers meet to swap tips. LinkedIn's prominence there is rising, he says.

To illustrate the point, he pulled up a scattering of recent messages from one online hub, HackForums.net. One posting solicited for someone to break into a target LinkedIn account, while others advertised "real LinkedIn connections" for sale.

"Hackers go where people go," says Rachwald, the director of security strategy for software firm Imperva. "As Facebook grew, they went there. As LinkedIn grows, they're going there."


More from CNNMoney:
How they’ve hacked you
If you’re using ‘Password1’ change it. Now.
This remote controlled plane can hack you

Views: 52

Comment

You need to be a member of POWERFUL PEOPLE and FRIENDS to add comments!

Join POWERFUL PEOPLE and FRIENDS

Badge

Loading…

GORDON PARKS Celebrating 100 years of his Life!

 

 Click here  http://anndandridgepublicrelations.ning.com/forum/topics/gordon-parks-legendary-american-photographer-musician-writer-and-

 

Martha Washington

Martha Washington aka Martha Dandridge READ about her Black Sister Ann Dandridge

Click here  http://j.mp/MqTr7C

 

 

The Brent Shapiro Foundation

Click here:  http://anndandridgepublicrelations.ning.com/profiles/blogs/the-brent-shapiro-foundation

.. Ann Dandridge "remembers" Dorothy Dandridge

Ann Dandridge

Promote Your Page Too..

 

PRINCESS Angela of Liechtenstein

Click here  http://j.mp/11UDSWK

WHITNEY HOUSTON by
(my client) Mark Bego

Click here: http://anndandridgepublicrelations.ning.com/profiles/blogs/whitney-...

Whitney Houston!: The Spectacular Rise and Tragic Fall of the Woman Whose Voice Inspired a Generation

 

I'm Searching for "Special" Individuals, Groups & Organizations to JOIN Us here at PPAF! MANY may "not" know my Purpose for Starting our PPAF Network. I'm Gathering EVERYONE Together who Helps to Improve the Quality of Life for Others! If you know of these People INVITE them to Join Us! Enjoy the information below!

 

 

DOLLY PARTON


Click here: http://anndandridgepublicrelations.ning.com/profiles/blogs/the-amazing-dolly-parton

 

 

 

 

WHITNEY HOUSTON - Yes JESUS Love Me (and You!)

More Great VIDEOS
Click here:  http://j.mp/rN8hpx

 

Attention ALL PPAF Members! I Pray to JEHOVAH GOD for all of You to become Excellent at Making Money

(Tools) and Helping to Improve the Quality of Life for Others in JESUS' Name!


 Image result for dr jerry buss
More about DR. JERRY BUSS  Click here  http://anndandridgepublicrelations.ning.com/profiles/blogs/dr-jerry-buss-owner-of-the-los-angeles-lakers

 

 

WHO Do You ADMIRE? Sometimes it's disturbing to see who People Admire and/or why they Admire Them. I admire EVERYONE who Loves their Neighbor as much as they Admire/Love Themselves! I admire PEOPLE who Respect Themselves & also Show Respect & Courtesy to OTHERS! Ann Dandridge

 

 

CHER - Children of the Night PSA


For MORE INFO Click here:  http://anndandridgepublicrelations.ning.com/profiles/blogs/dr-lois-lee-founder-president-


 

 

"WOW" - Children of the Night With Out Walls

Click here:

24 hour hotline and Shelter Intake
1 800 551 1300 x 0

Dr. Lois Lee – Founder & President x 125
Program Start-Up, Program Development, Fundraising, Legal Assistance and In-kind contributions

Our PPAF Resource Information Page Click here: http://anndandridgepublicrelations.ning.com/profiles/blogs/ppaf-resource-information-page

xxxx

 

 

Join ME on TWITTER! Go to:

www.twitter.com/anndandridge

 

 

Join ME on TWITTER! Go to:

www.twitter.com/anndandridge

 

DOROTHY DANDRIDGE

 

 

Join Us here on PPAF by putting UP your own Page! Scroll to the Top of this column where it says SIGN UP

 

 

 

 

Leila Lopes from Angola - Miss Universe 2011

Click here:  http://anndandridgepublicrelations.ning.com/profiles/blogs/pageants-and-beauty-competitions?id=2347143%3ABlogPost%3A91211&page=1#comments

 

 

Click below:
www.TheNannyTV.com

 

 

 

Welcome to POWERFUL PEOPLE and FRIENDS!

Nat3ddesign Graphics .. Ann Dandridge "remembers" Dorothy Dandridge Ann Dandridge Promote Your Page Too..

 

 

Welcome to Powerful People and Friends!


 

 

 


..Ann Dandridge "remembers" Dorothy Dandridge
Ann Dandridge
Promote Your Page Too..

Kathys Comments

Hello EVERYONE!
I'm ANN DANDRIDGE and I created this Wonderful Group for Everyone who's interested in Helping to Improve the Quality of Life for ALL! We're all Unique and different and I look forward to meeting People who are Not Conceited or Self-Centered. Loving Others as Much as You Love Yourself is More than Awesome! SHARING is Important & RARE!Kathys Comments

I'm interested in our site being filled with Wonderful People! If you know anyone who is interesting and unique be sure to invite them to become part of PPAF!

 

 

THEOLYNN

 

 

 

Actress-Model-Singer-Songwriter Couture Clothing Designer Fitness Consultant

 

 

 

www.inmag.com

Tell them Ann Dandridge sent You!

Dorothy Dandridge was born November 9, 1922, She is a Legendary Movie Star! EVERYONE is invited to Join Us here at PPAF by putting UP your own Page!
Click here:

 

 

 

Halle Berry

 

 

 

 

Halle Berry

 

 

 

 

Halle Berry

 

 

 

Halle (Oscar)

 

 

 

Tyra (Emmy)

 

 

 

Halle Berry

 

www.VanessaWilliams.com


www.AliciaKeys.com

WHITNEY HOUSTON

Click here: http://anndandridgepublicrelations.ning.com/video/heartbreak-hotel-whitney-houston-faith-evans-kelly-price

www.JoanCollins.net

RUTA LEE Click here http://anndandridgepublicrelations.ning.com/profiles/blogs/my-dazzling-friend-ruta-lee

 

 

Ruta Lee

 

www.Rihannanow.com

 

 

 

 

 

CHAKA KHAN

www.ChakaKhan.com

 

DONNA SUMMER
Click here:  http://anndandridgepublicrelations.ning.com/profiles/blogs/donna-summer-the-queen-of-disco-a-breathtaking-beauty?id=2347143%3ABlogPost%3A107608&page=1#comments

*******************

**********************

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

© 2019   Created by Ann Dandridge Public Relations.   Powered by

Badges  |  Report an Issue  |  Terms of Service