Increasingly, hackers are finding a way to attack Internet users. Nowadays, social networks are the most affected by the different threats of these criminals.by Ana María Restrepo
Technological advances have allowed us to have the world at our feet, avoiding the barriers of time and space, connecting with people we have never seen, exchanging ideas, knowledge and even feelings with beings that are millions of kilometers away in places where we may never be able to reach. However, having "control" through a click has become not only a fun and interesting aspect, but also dangerous so much that you can lose your privacy, your identity and even your security by opening a link that you should not.
And although this sounds very terrifying, it is true. Many people have found in information technologies the salvation to their problems, moreover, in my particular case I do not know what I would do today without the Internet, but other individuals have lost their data thanks to the Internet.
The modalities of cyberattacks have increased in the last five years, especially since 2005 when hackers increased their criminal actions causing deep damage to governments, banking institutions, companies and individuals.
At present there are many ways in which cybercriminals scam Internet users, however for some months and due to the great popularity of some social networks on the Internet, social engineering is being taken up as the best and most useful technique to steal information.
Be sociable
Man has always needed to live with his fellow men and in this way he has become a social being, creating a structure called a social network, in which individuals relate and unite with each other. Also, thanks to the network it has been configured as the means of interaction of different people through chats, forums, blogs, online games and the famous social networks such as Facebook, Hi5, MySpace, Bebo, Skyblog, Xing (formerly called Neuron) and Viadeo, among others, which are based on the theory of the six degrees of separation. This theory suggests that anyone on the planet is connected to another human being through a chain that has no more than four intermediaries, creating a wide web of acquaintances throughout the world, a case that is used by hackers to implement their social engineering and attack the members of said network.
Social networks emerged around 1995 when the site was created classmates.com which intended for classmates from schools, institutes, universities, among others, to meet again. Seven years later, circles of friends are created online, when talking about virtual communities and a year later sites such as MySpace or Xing were created and from there almost 200 social networking sites have emerged.
Attack nests
Communities of friends on the Internet offer users features such as visible profiles, giving gifts, hugs, inboxes, photo albums, agenda of events, groups, online games and applications for all tastes, in addition to classified ads that allow the creation of business relationships.
It should be noted that the popularity of social networks has increased in recent years with the invention of Facebook, however, its high predilection and fame has made it possible for cases of cyber attacks to develop because the networks combine the real world with the virtual, leaving a small line that allows the entry of the bad guys to the two realities.
In June 2008 two of the most recognized social networks suffered a massive phishing attack through 50 websites that pretended to be Facebook and Hi5 as explained by the security company Eset. Users of these networks are exposed to receiving fake messages that steal their personal data (username and password). This fraud occurred through the mass sending of emails through zombie computers. These messages invite the recipient to join the network or receive information from it, so that the user clicks on one of the links and is directed to a false page, identical to the real one, as in the case of banks where they are asked for their username and password.
According to Jose Javier Merchan of PandaLabs, it is no longer necessary to open suspicious emails to stumble upon a malicious code, it is enough to connect to a social network, because in recent months these have been the ideal means to distribute malware, which has been the virtual threat that has been most developed in 2008.
In August, 132 malicious programs were put into circulation every hour and during the first eight months of the year approximately 527,000 new programs containing malicious software were circulated, four times more than during the whole of 2007.
Background
Merchan explains that the first known attack occurred in 2005 when a MySpace user created a worm that allowed him to add a million users to his contact list. This worm threw a script to the different users who stumbled upon it in search of vulnerabilities that were exploited to perform malicious actions such as infecting cookies with malicious code, opening SSL connections, etc. The other attack was by another worm that used users' profiles to spread, so that anyone who visited that profile became infected. And from then on, countless virtual infections continued to develop through "friends".
Most serious of all, these threats show that hackers can modify the profile of any user at will and infect any computer. But as we have mentioned in many articles, the intention of hackers no longer refers to the scientific and knowledge character but what they want is to make money at the expense of others.
New developments, new threats
It is impossible for hackers not to sneak into any computer system and much more if it is to test the security of some Internet pages, to demonstrate their knowledge or to do damage in a virtual way but that affects reality.
These actions of cyber criminals in the networks are achieved through the use of social engineering and thanks to the poor security that these networks have. Daniel Rojas, marketing manager for Latin America at Symantec, explains that social networking sites are easy for criminals to exploit, as they take advantage of the trust that users have in them to increase their chances of success.
Today, Facebook is the most well-known and visited social network. Jose Javier Merchan explains that this page that creates social fabrics has become in its five years of existence, one of the most successful social networks on the Internet. With more than 100 million affiliates, it is located among the twenty most viewed pages on the Net, and with more than 200,000 new users every day, becoming one of the largest cyber phenomena of recent years.
Also, one of the biggest black holes that Facebook has is that users' profiles give much more information than would be convenient, facilitating data loss and the possibility of being infected or having unwanted encounters.
But why are networks so vulnerable to these threats? Rojas affirms that "social networks are not the problem in themselves, the problem arises in the trust that people can have in them, which does not allow them to be cautious when using them."
A year full of problems
According to Symantec's latest report on Internet security threats, phishing attacks using, among others, social networking sites have grown in the past year by nearly 60%. This phenomenon is occurring on a larger scale in countries such as the United States or China, where the main sites for phishing are social networks. However, this marked behavior in these countries may represent a global trend due to the increased consumption of these tools.
The first security problems that arose on Facebook arose in early 2007, when a man posed as a teenager to attract minors and exchange photos with them and there was criticized the way this network protected minors. A few months later there was a programming problem, since when a user entered his password, instead of his account, it was directed to the mailbox of another user, so that the confidential information of some users was visible to others.
But Merchan says the most serious case occurred in mid-December, when a Canadian pornography company was denounced by Facebook as responsible for having "hacked" the account of 200,000 users, gaining access to data such as their username, password or email address.
Then other cases continued such as the creation of a tool to be used by Facebook, which allowed the entry of zango adware, and the spread of the worm, Boface.A, which inserts in the comments of MySpace and Facebok a link that seems to lead to a YouTube video, but that, in reality, leads to a false page that imitates this well-known website. "When the user tries to watch the supposed video, a message appears telling him that for this he needs to install the latest version of Flash Player. If any user performs that installation, what they will really be entering into their computer is a copy of the worm," says Jose Javier.
However, it's not just Facebook that is a victim of these incidents. Merchan says that in March 2008, PandaLabs detected a Trojan, called Orkut.AT, that used the social network Orkut to spread itself by showing a YouTube video in the users' notebook to which it appeared to be linked. The image shows Giselle, a participant of the reality show Big Brother in Brazil. When you clicked on the link, a message came out indicating that you could not see the video did not have the corresponding codec and was offered the possibility to download it, and in doing so you were downloading the Trojan Orkut.AT and immediately redirected the user to the page where the video in question was shown. Once on the computer, the Trojan posted its malicious message on the scrapbooks of all of its new victim's Orkut contacts.
Avoid watering
It is important that we use social networks to be warned against these incidents and avoid inappropriate content in order not to lose confidential information.
Because when accessing the networks a profile is created and data such as name, age, marital status, etc. are included, it is valuable to remember that this information is not always real and that one can put a username and a false email, also it is not convenient to provide data such as age and address, among others.
PandaLabs also recommends that when creating a blog do not publish data that can be used to identify the user as a minor, or to know their place of residence, study, etc. You should also be careful when sharing files and posting photos of minors.
Daniel Rojas, for his part, affirms the care given by Merchan, but also recommends the use of security software that in addition to protecting the integrity of confidential information, allow validating the authenticity of websites.
Tips for browsing social networks by PandaLabs
- Install a security solution on the computer that has proactive technologies. In this way, users will be protected against malicious code that spreads through these networks, even if they have not attacked before.
- Keep the computer updated: you have to know and solve all the vulnerabilities that affect the programs we have installed on the computer.
- Do not share confidential information: If you access forums or chats to exchange information, chat, etc., you must remember that you should not give confidential information (email addresses, passwords, etc.).
- Teach minors: In the case of minors, they must know what information they can share and what they cannot. To do this, parents must know the social networks they access and teach them the correct and safe way to move around them.
- Do not give more information than necessary in the profiles: When making user profiles, you do not have to give more information than necessary. In case it is mandatory to give private data such as the email address, the option of "not visible to other users" or similar must be selected, so that no one except the player and the administrators can have access to that data.
- Report crimes: If any inappropriate or criminal conduct is observed (attempted contact with minors, inappropriate photos, modified profiles, etc.) it is necessary to let the administrators of the social network know.
You can check if you are infected by visiting the infected or not website (http://www.infectedornot.com)
Spanish-speaking social networks
Active Networking: It brings together a series of entrepreneurs and entrepreneurs complemented by a printed magazine and different face-to-face events.
Neurona: proclaims that its objective is to expand and improve the professional network of contacts, a virtual space in which more than half a million professionals present in more than 50 productive sectors and more than 100 professional communities interact daily. It was acquired by Xing, although it has not yet been merged.
Tuenti: Recently created and accessible only by invitation, it has aroused great interest and a very accelerated growth to connect young university and high school students.
eConfection: it is presented as a tool that allows you to contact thousands of professionals through your trusted acquaintances and where you can access new opportunities to develop your professional career. It was also acquired by Xing, recently merging with that network.
Sky: It seems like the most complete network, it combines online contacts with a face-to-face community where these media complement each other.
Dejaboo.net: which is a culture-oriented social network, in which users can share their reviews and literary, musical or film tastes, which they announce is still in the testing phase.
Qdamos: it is advertised as the new portal to search for a partner and friends in Spanish. Registration and all services are free.
Festuc.com: This is a mobile-based social network. Festuc promises you that you will meet new people through friends or by geographical proximity through service on the mobile phone.
Spaniards: it is presented as the Community of Spaniards in the World. They indicate that the mission of this network is to help and put in contact all Spaniards living abroad, whether for study, work or pleasure, as well as all those who seek to leave Spain, temporarily or permanently.
Linkara: focused on friendship relationships, it is presented as the first social network to meet people through hobbies and opinions. And as for the operation they explain it very simply, saying." Express your opinion, connect with your friends, meet new people."
Gazzag: is a mixture between professional social network and social network of personal contacts. The appearance and usability are quite good and allows the creation of photo galleries and blogs, unlike other social networks in Spanish that do not allow it.
Notable people: Another network of meetings.
