A product marketing manager at your company just posted a photo on LinkedIn. The problem? In the background of the image, there’s a Post-It note that contains his network passwords. You can barely see it, but using artificial intelligence algorithms, hackers can scan for the publicly available image, determine there are network passwords, and use them for data theft.
According to data security expert David Maynor, this is not rocket science. In fact, the AI program is easier to use than a search engine. “The AI can identify objects in an image and the environment of the photo, guess at a description of the image contents as well as your likely age, gender, facial expression, and more,” says Maynor. “And these tools are becoming increasingly powerful with every image they scan, learning and becoming more accurate.”
While it might be easy to dismiss sites like Facebook, Twitter, and LinkedIn as harmless diversions for employees, they reveal a wealth of actionable intel to a hacker.
James Maude, a senior security engineer at the endpoint security company Avecto, told CSO about another troubling development with social media hacks. Hackers can now scan a Twitter feed to find out information about an employee’s preferences and tastes. If that same marketing manager posts all day about his new iPhone 7, the hacker can then create a phishing scam that looks like a product announcement for an iPhone 7 case. Suddenly, the trick is more effective because the hacker knows there is an existing, verified interest.
“The increased targeting of social media and personal email bypasses many network defenses such as email scanning and URL filtering,” says Maude. “One of the most dangerous aspects is that the attacker is manipulating the victim by using employment offers or illicit content, ushering victims to not disclose the incident to their organization’s security team.”
Of course, part of the issue is that social media is an incredible large attack vector -- the largest ever created. Facebook has 1.79 billion users. Twitter has 317 million users. It’s becoming hard to find people who are not using social media in a business setting. Like moths to a flame, hackers know they can find gullible victims who release unusually sensitive data.
Social media hackers rely on age-old techniques as well, as security expert Mike Baukes -- the cofounder of IT automation company UpGuard -- explained to CSO. Because sites like Facebook are considered “consumer grade” by many users, employees don’t think as much about security, so they don’t bother with two-factor authentication (say, receiving an unlock code by text). And, employees grant access to countless third-party apps which may not be secure, either.
Sign up for Computerworld eNewsletters.