Sharing helps hackers sharpen 'spears'

2013-07-30 08:01
(Duncan Alfreds, News24)

(Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

San Francisco - Sharing on social media helps hackers sharpen "spear phishing" attacks they use to trick their way into computers, security experts said on Monday.

Spear phishing refers to individualising deceptive messages sent to people in order to trick them into clicking on links or opening files booby-trapped with viruses.

Public posts on Twitter, Facebook, Instagram, Foursquare and other online venues give hackers fodder to mimic the way people write and the words they use, said Ulisses Albuquerque of the security firm Trustwave.

"I don't think people have any idea what kind of insight that gives to a potential hacker," Albuquerque said.

He and colleague Joaquim Espinhara are at a premier Black Hat security conference in Las Vegas this week to present a talk titled Using Online Activity As Digital Fingerprints To Create A Better Spear Phisher.

Malicious code

The Trustwave security consultants created a software tool that "fingerprints" the way people communicate by analysing online posts.

The tool scrutinises posts at social networks such as Twitter, Facebook and LinkedIn to ascertain writing styles, right down to hash tags added to indicate subjects of online posts.

A hacker unable to break into a company's computer network could write a convincing e-mail pretending to be from a friend of an employee and include an attachment or link that, once clicked, unleashes malicious code.

"Say a CEO has a Twitter or LinkedIn account and I am able to see those posts," Albuquerque said.

"Then I could produce content that looks like it came from him and send it to his staff, who will be less suspicious of clicking a link."

He said the Trustwave-developed tool was not designed to extrapolate insights into people's conduct or personalities, but that such observations could be made if desired.

"Absolutely, you can show what the people posting are like," Albuquerque said.

The tool provides "spear phishers" with outlines for creating messages likely to hook prey.

It is intended for "ethical hackers" such as security professionals working with companies or organisations to find and patch weak spots in computer network defences, according to Albuquerque.

It can also be used to help prove when posts claiming to be written by someone are bogus, he said.
Read more on:    trustwave  |  cybercrime

Join the conversation! encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Comments have been closed for this article.

Inside News24


Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.