The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on August 23, 2017

How hackers are using social media to hack

How hackers are using social media to hack
George Beall

Hackers think social media is the best thing ever. Not only has it attracted longtime hackers, but it has also created new ones. It’s just so easy! Individual social media platforms have been hackable since their introduction. But, believe it or not, social media was a small net at one time. Now that social media platforms have multiplied and attracted hundreds of millions to their universe, they’re inviting hacking attacks.

The problems that exist

According to a 2016 study by The University of Phoenix, 84 percent of U.S. adults claim to have at least one social media account and, “as the prominence of social media has grown, so too has the number of criminals preying on those who use it.” The same survey showed, “Nearly two in three U.S. adults who have personal social media profiles say they are aware that their accounts have been hacked and 86 percent agree they limit the personal information they post due to the fear of it being accessed by hackers.”

Users don’t understand or appreciate their vulnerability. For most users, social media offers a means to chat with family and friends, share photos and promote causes. They underestimate their individual presence and value to outsiders. So, they get careless. After all, if no one out there is really interested, there’s no need to worry about passwords, for example.

Among the things they don’t understand is the sophistication of the technology. For example, if you download a free game, the game will ask you to connect with friends. To make it easier, the game asks for you to turn over your Facebook friends. Do that and you’ve established a new network that those friends may, in turn, share with others, and so on.

Any hacker that gets a foot in your door inherits access to all your contacts. If you use social media to comment on retailers, restaurants or services, the hacker gets access to your browsing and shopping history. So, common users do their best to protect their personal information. Still, they fail to remember:

  • Nothing posted on social media can be completely deleted.
  • Passwords need unique qualities, regular updating and a credible password manager.
  • Using social media while on public Wi-Fi hotspots allows for it to be accessed by anyone utilizing that hub.
  • Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize phishing scams.
  • Everything you place in your profile – personal preferences, political opinions, social commentary and more – is exposed even if you control the privacy settings.
  • Any negative comments about an employer are accessible to that employer without any expectation of personal privacy.

You’re asking for it

Social media users and the businesses that employ them to work on their computers are asking for trouble. Hackers have a dozen or more techniques to get into your identity. Physical theft of your phones, tablets and laptops give a thief immediate access to your contacts, social media and history unless you install security firewalls specific to those threats.

Social engineering is a trick that simply asks for passwords. You are giving your email addresses away all the time. Possessing your email address lets criminals approach you for private info including passwords. They can approach you as a trusted business you deal with such as a doctor’s office that you patronize, or a service you use. Even posting the email addresses of business officers or of other employees exposes them to unwanted solicitations.

Keyloggers are programs that can be leached into your system to report every move you make on your computer, a huge database the program can then mine for passwords, contacts and personal information.

Continuous education and training cannot be underestimated. A run-through conducted by IT isn’t enough. Training on best practices in policy and procedure must be systematic and accountable. Security must become a cultural mandate because of its alignment with corporate goals.

IT personnel must engineer response and remediation. Businesses of size need to staff up to the need, and the small businesses that cannot afford the staffing must secure outside professional support and controls.

Shadowing, side jacking and firesheep make libraries, coffee shops and public parks easy places to steal your info. Dedicated hackers use technology to follow users and their use.

Some technology has access to every keystroke and other programs can de-engineer computer user habits and history. They can run analytics that describe and predict behavior. They can, for example, identify the type of and source of emails that specific users tend to open.

No system too big or too small!

Reporting for The New York Times, Sheera Frenkel writes, “the human error that causes people to click on a link sent to them in an email is exponentially greater on social media sites… because people are more likely to consider themselves among friends.” She continues, “Once one person is compromised, attacks can move quickly through that person’s friend network, leading to what [Pentagon] officials described as a nightmare situation.”

As is well known, the highest US government systems have been hacked from inside and outside. Allowing those government systems some credit for their in-place security, you should understand the vulnerability of your personal or business data. There are no universally effective solutions, but you need to take the steps available to reduce the vulnerability and, thereby, reduce the cost of loss and remediation.

Your smartphone, tablet, laptop and desktop can receive and host malware. The intrusion then follows your networks that expand with every social media contact. You thereby become a traveling contagion carrier.

Any business can take the lead by educating its employees on their personal vulnerability. And, on the assumption that the personal interest will get and hold their attention, you can then expand that concern to protect the group’s interest. It helps when individuals understand that the threat to the whole is a threat to their own interest.