170 likes | 843 Views
Social Networking hacks. Austin Enfield. Overview. Noted Hacks Session Hijacking Social Engineering Identity theft. Noted Hacks. Linkedin hack Myspace hacker Samy Worm. Hacked. 6.4 million passwords stolen Uploaded to Russian language forum.
E N D
Social Networking hacks Austin Enfield
Overview Noted Hacks Session Hijacking Social Engineering Identity theft
Noted Hacks Linkedin hack Myspace hacker Samy Worm
Hacked 6.4 million passwords stolen Uploaded to Russian language forum http://www.wordtracker.com/attachments/LinkedIn-Logo.png
Myspace Hack Myspace Hacker Phishing and XSS http://www.countryvillageresort.com/httpdocs/assets/images/myspace-logo.png
The Samy Worm • Samy Kamkar • Over 1 million affected • Shutdown Myspace October 4, 2005 • Added friends automaticaly • Added “but most of all, samy is my hero” to heros section http://richardvelazquez.files.wordpress.com/2010/10/myspace-primary_logo-blue_clean.jpg
Samy Worm • Grew Exponentially • Shut down the site in <20 hours • First web 2.0 worm • Entered Plea agreement to the felony charge on January 31, 2007 • Three years probation with no non work based computer use • 90 days community service • undisclosed amount restitution payment
Session Hijacking • Phishing • XSS • sidejacking • DroidSheep • Firesheep
FireSheep • Firefox addon • Oct 24, 2010 • Free open source • Gui based Sidejacker • Forced facebook and twitter to require HTTP secure http://www.mozilla.org/en-US/press/image-library/firefox-wordmark-vertical.png
Social Engineering • Gain access to personal info by Posing as friend • Use links in personal messages with redirects • Identity theft
Social-Engineer Toolkit (SET) • Attacks the human element • Part of standard penetration tests • Preforms phishing, man in the middle
Identity Theft • 15 million victims a year • Average of $3,500 in loss • Stronger trend towards social engineering to gain information
Identity Theft • Common information found • Full name (particularly your middle name) • Date of birth (often required) • Home town • Relationship status • School locations and graduation dates • Pet names • Other affiliations, interests and hobbies
Prevention • Education • Don’t post anything personal • Verify sources before giving any info
Review • Noted Hacks • Session Hijacking • Social Engineering • Identity theft
Works Cited • Butler, Eric. "FireSheep." Code Butler. N.p., 24 2010. Web. 3 Dec 2012. < http://codebutler.com/firesheep/>. • . "Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering Framework. N.p., 13 2010. Web. 3 Dec 2012. < http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>. • Curry, Coleen. "6.4 Million Passwords Reportedly Stolen From LinkedIn Website." ABC News. ABC, 06 2012. Web. 3 Dec 2012. < http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728> • dipman44, . " hack anyones myspace(WORKING!!)." 2007. N.p., Online Posting to All-nettools forums. Web. 3 Dec. 2012. <http://www.all-nettools.com/forum/showthread.php?5753-hack-anyones-myspace(WORKING!!)> • "How it Works." Myspace Hacker Pro. N.p.. Web. 3 Dec 2012. <http://myspacehackerpro.com/p/how-it-works/> • . "Identity Theft Victim Statistics." IdentityTeft.info. N.p.. Web. 3 Dec 2012. <http://www.identitytheft.info/victims.asp&xgt;.
Works Cited cont. • . "I'll never get caught. I'm Popular." namb. N.p., October 2005. Web. 3 Dec 2012. <http://namb.la/popular/>. • Lewis, Kent. "How Social Media Networks Facilitate Identity Theft and Fraud ." Entrepreneurs' Organization. N.p.. Web. 3 Dec 2012. <http://www.eonetwork.org/knowledgebase/specialfeatures/pages/social-media-networks-facilitate-identity-theft-fraud.aspx >. • McMillan, Robert. "MySpace Hacker Tells His Story." PCWorld. N.p., 20 2007. Web. 3 Dec 2012. <http://www.pcworld.com/article/139812/article.html> • Roba, . "How to Hack Facebook: The Trick is Social Engineering." thought pick. N.p., 09 2009. Web. 3 Dec 2012. <http://blog.thoughtpick.com/2009/12/how-to-hack-facebook-the-trick-is-social-engineering.html>. • . "Samy (computer worm)." Wikipedia. N.p., 27 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Samy_(computer_worm)>. • . "Session hijacking." Wikipedia. N.p., 09 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Session_hijacking>.