Monday, February 18, 2008

Introduction to Social Networks Evil Twin Attacks

Via gnucitizen.org -

Lets have a look at a social network like LinkedIn. For those of you who don’t know what LinkIn is, let me say that it is probably the largest professional social network available today. Once you give information about your place of work and the education centers you used to attend, LinkedIn will try its best to hook you up to everyone else that have been associated with your current company, university, etc. The benefit is obvious: you keep up with people who may help you in the future. However, nothing stops an evil mind to register an account on the name of John Dawson, a reputable IT security expert, currently employed by HSBC, Canary Wharf, London. If the evil twin of John Dawson inhabits LinkedIn, how many people will trust that shady persona and as such be fooled into one of the biggest scams? I find this question very interesting and quite fascinating from the hacker point of view.

The hack here is not technical but rather psychological. Remember, hacking is the action of outsmarting the others and as such it may take any form. Fooling people’s believes is an important craft that have been with us since the dawn of humanity, yet we often fail to acknowledge it effectiveness. These are what Evil Twin attack are all about. From WiFi security prospective the evil twin is the rogue access point that pretends to be a friendly network. From the social networks point of view, the evil twin is a hacker or a bot masking himself as the real person.

Social Networks Evil Twin Attacks work both ways. First, the impersonator will be given the chance to trick the victim’s current friends into a trap. Second, he will trick people, who will try to contact the real person along the way, into a trap as well. Therefore, if the evil John Dawson is approached by someone who is looking for work in his sector, he will be in a very comfortable position to gain internal insights of the company of that person as very often people tend to serve any juicy information on the interviewing process.

Social Networks are huge threat whether you realize it or not. The bad guys are not restricted in terms of types of tools for their malicious activities, like whitehats do as this seams to be part of technical eliteness. The bad guys will break into the targeted network by any means necessary. This includes fooling people, laying and cheating on their way towards their goal.

No comments:

Post a Comment