- The Washington Times - Wednesday, May 30, 2012

The FBI recently published a report warning of the dangers posed by social-network sites that it says are being exploited by digital “con artists, criminals and other dishonest actors.”

The FBI report, made public earlier this month, states that social-networking criminals are “exploiting this capability for nefarious purposes,” using two main tactics.

They include computer hackers who specialize in writing and manipulating computer code to gain access or install software on computers and phones. The second method involves hackers who specialize in exploiting personal connections through social networks.

“Social hackers, sometimes referred to as ‘social engineers,’ manipulate people through social interactions (in person, over the phone, or in writing),” the report said.

“Humans are a weak link in cybersecurity, and hackers and social manipulators know this. They try to trick people into getting past security walls. They design their actions to appear harmless and legitimate.”

Social-networking sites such as Facebook and others are Internet-based services that are used to share information and communicate.

According to the FBI, the risk of using social-network sties is that “once information is posted to a social-networking site, it is no longer private.”

“The more information you post, the more vulnerable you may become,” states the report, posted on the National Counterintelligence Executive site. “Even when using high-security settings, friends or websites may inadvertently leak your information.”

Personal information obtained by hackers and criminals on social networks can be used to conduct attacks on people or organizations; and the more information that is shared, “the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites,” the report said.

Foreign intelligence agencies, predators, hackers and business competitors are among those who use social-networking sites that can be targeted in attacks. The information may not be used to attack the social-networking site, but could be used in other attacks.

Among the tactics used are infected USB flash drives preloaded with malicious software that are provided to people as part of an attack.

Another method is the use of messages from a friend on the social network that directs you to view a video on another site. However, when you view the video, a message appears asking you to download a new version of the software that is in reality a virus that will then take over your computer.

The malware then communicates to all “friends” on the network directing them to the same virus and thus giving them control of multiple computers.

The FBI report warns computer users to avoid “phishing” scams by not opening email or email attachments or click on links from people you do not know.

“Spear phishing” was behind the March 2011 hacker attack in emails sent to a small group of employees of the security firm RSA, which provided banking and other corporate-security software.

Story Continues →