Inside the Ring: FBI on social-network risks

By Bill Gertz

-

The Washington Times

Wednesday, May 30, 2012

The FBI recently published a report warning of the dangers posed by social-network sites that it says are being exploited by digital “con artists, criminals and other dishonest actors.”

The FBI report, made public earlier this month, states that social-networking criminals are “exploiting this capability for nefarious purposes,” using two main tactics.

They include computer hackers who specialize in writing and manipulating computer code to gain access or install software on computers and phones. The second method involves hackers who specialize in exploiting personal connections through social networks.

“Social hackers, sometimes referred to as ‘social engineers,’ manipulate people through social interactions (in person, over the phone, or in writing),” the report said.

“Humans are a weak link in cybersecurity, and hackers and social manipulators know this. They try to trick people into getting past security walls. They design their actions to appear harmless and legitimate.”

Social-networking sites such as Facebook and others are Internet-based services that are used to share information and communicate.

According to the FBI, the risk of using social-network sties is that “once information is posted to a social-networking site, it is no longer private.”

“The more information you post, the more vulnerable you may become,” states the report, posted on the National Counterintelligence Executive site. “Even when using high-security settings, friends or websites may inadvertently leak your information.”

Personal information obtained by hackers and criminals on social networks can be used to conduct attacks on people or organizations; and the more information that is shared, “the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites,” the report said.

Foreign intelligence agencies, predators, hackers and business competitors are among those who use social-networking sites that can be targeted in attacks. The information may not be used to attack the social-networking site, but could be used in other attacks.

Among the tactics used are infected USB flash drives preloaded with malicious software that are provided to people as part of an attack.

Another method is the use of messages from a friend on the social network that directs you to view a video on another site. However, when you view the video, a message appears asking you to download a new version of the software that is in reality a virus that will then take over your computer.

The malware then communicates to all “friends” on the network directing them to the same virus and thus giving them control of multiple computers.

The FBI report warns computer users to avoid “phishing” scams by not opening email or email attachments or click on links from people you do not know.

“Spear phishing” was behind the March 2011 hacker attack in emails sent to a small group of employees of the security firm RSA, which provided banking and other corporate-security software.

“They only needed one employee to open an infected file and launch the malware,” the report said. “The malware downloaded information from RSA that then helped the hackers learn how to defeat RSA’s security token.”

That attack led to the compromise of “a number of defense contractors’ networks” that were broken into as a result of the compromised RSA security token.

U.S. officials said at the time that China was thought to have been behind the RSA hack and the subsequent breach of the networks of the defense giant Lockheed Martin.

Another cyberthreat in the FBI report is called “click-jacking,” or concealing hyperlinks beneath legitimate clickable content that, when clicked, causes a user to unknowingly download a computer virus or send a user’s identification to a site.

Facebook “like” buttons and digital “share” buttons have been used for this purpose.

The FBI suggests using high-security settings on all social-networking sites to avoid being hacked.

SCRAMBLS ENCRYPTION

To deal with the problem of unauthorized access to digital communications, especially risks linked to social-networking sites such as Twitter and Facebook, a new, free software was released this month and is rapidly catching on within U.S. and allied intelligence agencies.

The software is called Scrambls. It automatically encrypts messages sent on social-networking sites using software added to Web browsers.

Once installed, all text between two @ signs is scrambled so that only the intended user can read it.

The software was developed by Wave Systems Corp. and is designed to help computer users regain control of messages posted to the Web and social-network sites.

One key feature is that using Scrambls allows users to take back messages that were sent, an option currently unavailable for most digital communications.

The company also hopes that the use of the technology will help protect children online by boosting the security of their conversations and communications.

At least one U.S. intelligence service is using the product, and another North American intelligence agency and one Asian service also are interested.

“Greater control enables greater use of social media,” said Michael Sprague, Scrambls co-creator.

“Post confidently, knowing your boss won’t see messages meant for high school friends, and permanent records of what you say online won’t come back to haunt you in the future.”

Scrambls uses key-encryption, where decryption keys are provided to recipients through a browser plug-in. The result is that messages posted on Facebook and Twitter will only be legible to friends who are given the decoding key.

The software is available from www.scrmbls.com

By Clarence Fanto, Berkshire Eagle Staff
Posted: 04/22/2012 12:05:31 AM EDT

LENOX – Information rules. Content is king.

Phrases I’ve always lived by, so it was encouraging to hear that mantra espoused by one of the county’s leading website gurus, Kevin Sprague.

His firm, Studio Two (S2) in Lenox, is responsible for revamping and rebooting websites designed to sort out the deluge of outdoor and indoor events that showers residents and tourists as the “on-season” arrives.

Even in the off-season, a misnomer now because there’s so much activity year-round in the Berkshires, residents, visitors and nonprofit leaders have long clamored for a one-stop clearinghouse to showcase events and prevent scheduling conflicts through a constantly freshened database.

During an informal chat at the Lenox Chamber of Commerce’s “housewarming” for its spiffy new digs at the town library, Sprague demolished some myths about website design and content update. As a low-to-medium tech kind of guy (some would call me “no-tech”), I was impressed by his knowledge and his ability to explain the rules of the road for a layperson.

Sprague stressed that the key to success — accurate, up-to-the-minute data — must be combined with attractive design and presentation. A dowdy-looking site, even with rich content, can be a turnoff for visitors.

His own site is state-of-the-art, as one would expect, and it showcases his two major partnerships with the Berkshire Visitors Bureau and the Greater Miami Convention & Visitors Bureau. The BVB’s is set up by event category, and seems as comprehensive as any tourism-oriented site I’ve seen. It’s also visually inviting and easy to navigate, a major asset for those of us who grew up at a time when computers were the stuff of science fiction and fantasy.

Sprague, under contract to the Chamber, is about to unveil a redesigned lenox.org site that holds great promise as a gateway to all things Lenoxian. The town has been struggling to figure out a Web presence with “search optimization” (a high rank when folks launch a Google search for area activities) and with up-to-date events listings.

Keeping a site freshened day by day is a much simpler, less expensive project than many people realize, according to Sprague. Given his expertise, I don’t doubt it.

Studio Two’s long client list of nonprofits and businesses encompasses The Mount, Shakespeare and Company, Guido’s Marketplace, the Berkshire Natural Resources Council, the Berkshire International Film Festival, the Norman Rockwell Museum, Hancock Shaker Village, and now the Lenox Chamber, among others.

“Imagine Yourself in the Berkshires” is one of the slogans found on studiotwo.com, which promises “strategic branding and creative thinking for dynamic organizations.”

While I have no skin in this game, it seems obvious that if you promise compelling events to visitors and residents and then deliver, the only “marketing” needed is getting the word out to as many people as possible.

To accomplish that, everything in the digital toolbox needs to be used effectively. It gives people a bad impression, obviously, to showcase a long-past event on a website designed to promote a town and its offerings.

Give people a bad experience, online or in real life, and they won’t return. Give them a well-functioning, one-stop website with a rich trove of information and a cool-looking design, and you’ll reel them in.

When it comes to promoting the Berkshires through the Web, social media, mobile apps and all the rest, there’s first-rank talent to be found right in our figurative backyard. Hiring local isn’t knee-jerk parochialism. It’s basic logic and common sense.