8 March, 2019

Beware Of Free Gifts. How Hackers Use Social Media To Profile And Trick Their Victims.

Image of a Trojan Horse. Who says there is no point in reading the classics? North Korean hackers adapted the Trojan Horse to hack Chile's entire ATM network. An unsuspecting employee at a company that connects the ATM infrastructure for all of Chile's banks was tempted with a job offer on social media. This resulted in malware being installed that gave the hackers access to the ATM network, and a way into every bank in the country. Background The Iliad describes how the Greeks were unable to break into the city of Troy because of its strong defenses. So instead they used subterfuge and placed a large, beautiful wooden horse (with Greek soldiers inside) outside the city gates. And sure enough the Trojans wheel the horse into their city where the Greeks soldiers let the rest of their army into the city. And that was the end of Troy. Socially engineered attacks Social engineering is all about the masquerade. Hackers pose as legitimate companies or individuals which, in the case of targeted attacks, the victim knows personally. These attacks are personalized and target specific victims, rather than being carried out en-masse in the hope that one in a thousand recipients takes the bait. Keep it brief  Cybercriminals routinely trawl through social networks to identify high-potential targets before learning more about them through their public profiles. The more people post about themselves on social media, the more vulnerable they become. Hackers (phishers) develop extensive profiles of their target victims, just like salespeople will create detailed profiles of their best customers. Trust me Hackers use this information to build trust with potential victims. After all, it’s far easier to dupe someone with an attack that demonstrates personal knowledge of the target. Hackers contact potential victims making it clear that they’re familiar with their background, job roles and interests. Armed with a raft of detailed information gathered from social media profiles, scammers are much better positioned to masquerade as trusted individuals, such as employers or colleagues. Companies routinely use LinkedIn to find employees. Attackers use the guise of an honest operator to approach their victims with a job offer. Beware of the Trojan Horse! (Material adapted with permission from blog by Safeguard Cyber) Trojan Horse Blog - Nazis City of Charlottesville case study (courtesy Safeguard Cyber) Challenge:  After the Unite the Right events (August 12, 2017), nation-states and hacker groups used the city of Charlottesville as part of a disinformation campaign to create more divisiveness in American society. This was done by  by "friending" city employees on social media. This made it possible for the hacker groups to post to their own timelines, narratives, and social engineer these employees, impacting their own personal security. This was a reputation crisis for the city because it impacted its tourism, real estate value, and ultimately the tax base. The city of Charlottesville determined that they needed to protect their reputation and the security of their civil servants. Charlottesville needed a means to find the malicious, fake, and impersonated accounts that were connecting to the city-owned accounts, and were posting on Charlottesville digital presences to create disinformation. Solution: The City deployed the SafeGuard Cyber platform to change the risk profile of the city by finding fake accounts, disinformation, and bots, and then taking them down. By protecting the accounts of civil servants, we were able to protect the city's employees' social profiles from being taken over and/or used for further disinformation. Take Aways Keep a low social media profile. Watch out for any offers that seem too good to be true or overly familiar from a stranger - especially if they involve downloading an attachment. DemLabs is organizing a (free) cyber-security roundtable  on March 13th in DC to discuss social media based attacks and defense strategies against them. Details here. Deepak Co-Founder, DemLabs Democracy Labs is a hub for ongoing technology and creative innovation that serves progressive groups at the national, state, and local levels. Donate here to support our work.
case study image
11 Jun’ 2024

Alito Caught On Tape: AI Transcript Reveals Arrogance And Threats

Alito’s Wife Caught on Tape Spewing Venom... "Laura Windsor recorded Martha-Ann and Justice Samuel Alito, her husband’s comments during the Supreme Court Historical Society’s annual dinner...

case study image
9 Jun’ 2024

Amplify your message with a shared set of talking points

The same message heard several times is more persuasive. How do you get your extended team of volunteers, canvassers, staff and candidates to stick to the...

case study image
30 May’ 2024

12 Great Gifts For Not Voting!

Not sure if you should vote? Check out these 12 gifts for not voting! Parents asked Robert Hubbell why their son or daughter should vote for...

case study image
29 May’ 2024

Don’t Commit National Suicide: Ken Burns’ Warning

Ken Burns Suspends 'Longstanding Attempt At Neutrality' to Utterly Torch Trump "Filmmaker Ken Burns ditched his trademark political neutrality during an undergraduate commencement address at Massachusetts’ Brandies University to warn...

case study image
14 May’ 2024

NOT ON OUR WATCH: People powered news

‘A Lie Is Halfway Round the World Before the Truth Has Got Its Boots On’ How do you get the facts when much of the media...

case study image
7 May’ 2024

Reach more people with Gamification: Could you be a HANDMAID ENFORCER?

Don't just preach to the choir. Use gamification to reach and engage more people. How do you get your message to people who aren't necessarily interested...