This week I experimented. I tested how freely we as a society are willing to give up our personal information without thinking about it. I know many of you will say it wasn’t personal information that was given up but I would have to disagree. I logged into my personal Facebook account and decided to send 50 friend requests presented to me. A couple of the people I knew but most of the people I didn’t know. Within 3 hours 37 of the 50 requests I sent out were accepted and I had a lot of people Facebook feeds on my wall. I could see pictures of their families, their top friends, all their Facebook check-ins, and I could piece so much information together. Luckily, I am an ethical hacker and would not use the information I collect maliciously. The information I could have gathered would be useful against pharming attacks, phishing scams, and even identity theft. The tip of the day will be on social media.
Social media has become an integral part of most of our lives. We share, tweet, and post many aspects of our lives that could be used by attackers. Many people would think that they are no one. Why would an attacker attack them? Well, the beauty of the digital world is automation. Attackers no longer need to dig through your garbage or have you followed to collect information. Now you post all the information about your private life freely. I can find who your mom is, your favorite food, or even where you like to hang out on Friday nights. All this information you share freely. Better yet, with automation, I could build scraping scripts that can do this to millions of people at once. These bots will build profiles of all my victims. I can use the data or sell it to the highest bidder on the dark web. This information is absolute gold to Fortune 500 companies. They will buy this information and advertise products and services to you. The information you shared freely is manipulated to victimize and target you as the consumer. This technique ends up using social engineering to create influential campaigns.
As I worry about society, I see that we have given up on privacy. We care more about the number of likes, or reshares we receive than keeping our data safe. I am by no means perfect. I am human and fall victim to that burst of happiness you get when someone likes your post. Sadly, I am one of those who enable fortune 500 companies to utilize your PII data for profit. You wouldn’t walk down the street handing out your social security number, address, and some of your most secret fetishes to anyone you meet. Why would you do it on the web where the attackers can easily exploit you and everything you own? You may not understand how to protect yourself. I understand that. Ignorance is not an excuse for your actions. Follow security best practices, know what social engineering is, don’t share sensitive information with the world.
Let’s keep the attackers questioning what is behind our door of life and ensure that we are making smart choices. Next time you are to post something on the internet ask yourself, Would I send this to my boss? Would I want my neighbor to see this? Would my grandmother be ashamed of me? If you answered yes to any of these, do not post. There are better ways of sharing information with those we are close with. Let’s use better judgment when it comes to social media and ensure we are responsible internet users.
All with love,
JT