Social Networking

You are currently browsing the archive for the Social Networking category.

The Implications of Predictable SSNs

August 17, 2009 in Social Networking

social_security_626_article

Two researchers from Carnegie Mellon University recently released a showing that social security numbers (SSNs) can be predicted with a fairly high degree of accuracy by knowing just a few bits of personal information.  For example, with knowledge of a person’s birth date and town of birth, they were able to predict the SSN of 8.5% of people born between 1989 an 2003 with fewer than 1000 attempts.  The reason that this works is that SSNs are not randomly assigned, but instead are based on a complex yet regular (and thus predictable) pattern.

This research is of more than just an academic interest.  It has real implications for identity fraud and how to protect yourself from becoming a victim.  So how could a malicious person or organization could use this research to commit identity theft?  Since all one needs to know to be able to predict someone’s SSN is date of birth and hometown, the best place to begin is on a social networking site such as Facebook or Myspace.  Many people freely provide this information not only to their “friends”, but often to everyone.  It is easy to find out when and where just about anyone was born on these types of sites.  And even if you are careful about sharing this information only with friends, many people accept friendship invitations from just about anyone.  If I were targeting someone in particular who’s identity I wanted to steal, I would simply try to befriend some of their contacts before sending them a friend request.  This would lend credibility to the friendship request and make them more likely to accept it.  With a little social engineering, it would not be very difficult to determine the necessary personal information for just about anyone.

The next step would be to use the methods described in the research to predict a set of SSNs for the targeted victims.  Once a list of probable SSNs has been generated, it is possible to use online resources, such as instant online credit approval services or the Social Security Administration verification database, to verify correct SSNs.   Once someone has the name, birth date, hometown and SSN of someone, it is then very easy to steal their identity or obtain credit in their name.  All of this could easily be automated to increase the speed and efficiency of obtaining SSNs, making this a legitimate threat to the safety of personal information.  To protect yourself, be very careful about how much information you share on social networking sites and only accept known people into your online networks.

The (In)security of Social Networking Sites

August 31, 2008 in Social Networking, Web

With the advent of Web 2.0, social networking sites with all their wonderful interactive capabilities have become extremely popular.  MySpace, Facebook, LinkedIn and others have enjoyed great popularity as they offer unique opportunities for collaboration and information sharing.  However, with this new technology comes fresh security concerns.  Below I will outline some of the more common security issues associated with social networking sites.

Social Engineering

By their very nature social networking sites encourage its users to post personal information about themselves such as home town, place of employment, birth date and more.  However, this information can be used by criminals to commit fraud or identity theft.  For example, it is not difficult to search a variety of social networks to obtain enough personal information on individuals to open a financial account in their name.  Gunter Ollman wrote an excellent outlining how to perform this type of social network hack.  The lesson here is to limit the amount of information you share about yourself and who you network with.

Malicious Content

Many social networking sites, MySpace in particular, allow users control over the content they provide on their pages.  This includes the ability to add banners, links, and other web content.  This provides the ability for the creators of those pages to embed malicious software or links to malicious sites on their pages.  A recent study by found that the number one host for malware on the Internet is the highly popular blogging site Blogspot.  This is indicative of the opportunities created for hackers by web sites that allow its users the ability to post their own content.

Worms

Recently, Facebook has been battling a new worm that infects users of the popular web site.  The worm, called , spreads when a user logs into his or her Facebook account and sends messages to their Facebook friends with links to malicious web sites.  When the friend clicks on the link they are asked to install an application to view a supposed video.  Of course this application is a trojan which allows the worm to continue to spread.  A similar worm is also affecting MySpace users.  These are not the first worms to target social networking sites as this has been an ongoing problem for several years.  In all likelihood worms will become a bigger problem as these sites grow in popularity.

Social networking sites can be useful tools for collaboration, keeping in touch, making new friends and growing your network of business associates.  However, these sites are not without risks and should be used carefully to avoid becoming a victim of fraud and/or an attack on your computer.

Copyright © 2011 InfoSecStuff.com — All Rights Reserved