Social Networking hacks Austin Enfield. Overview Noted Hacks Session Hijacking Social Engineering Identity theft.

Social Networking hacks

Austin Enfield

Overview

Noted Hacks Session Hijacking Social Engineering Identity theft

Noted Hacks

Linkedin hack Myspace hacker Samy Worm

Hacked

6.4 million passwords stolen Uploaded to Russian language forum

http://www.wordtracker.com/attachments/LinkedIn-Logo.png

Myspace Hack

Myspace Hacker Phishing and XSS

http://www.countryvillageresort.com/httpdocs/assets/images/myspace-logo.png

The Samy Worm

• Samy Kamkar

• Over 1 million affected

• Shutdown Myspace October 4, 2005

• Added friends automaticaly

• Added “but most of all, samy is my hero” to heros section

http://richardvelazquez.files.wordpress.com/2010/10/myspace-primary_logo-blue_clean.jpg

Samy Worm

• Grew Exponentially

• Shut down the site in <20 hours

• First web 2.0 worm

• Entered Plea agreement to the felony charge on January 31, 2007 Three years probation with no non work based computer use

90 days community service

undisclosed amount restitution payment

Session Hijacking

• Phishing

• XSS

• sidejacking

• DroidSheep

• Firesheep

FireSheep

• Firefox addon

• Oct 24, 2010

• Free open source

• Gui based Sidejacker

• Forced facebook and twitter to require HTTP secure

http://www.mozilla.org/en-US/press/image-library/firefox-wordmark-vertical.png

Social Engineering

• Gain access to personal info by Posing as friend

• Use links in personal messages with redirects

• Identity theft

Social-Engineer Toolkit (SET)

• Attacks the human element

• Part of standard penetration tests

• Preforms phishing, man in the middle

Identity Theft

• 15 million victims a year

• Average of $3,500 in loss

• Stronger trend towards social engineering to gain information

Identity Theft

• Common information found Full name (particularly your middle name) Date of birth (often required) Home town Relationship status School locations and graduation dates Pet names Other affiliations, interests and hobbies

Prevention

• Education

• Don’t post anything personal

• Verify sources before giving any info

Review

Noted Hacks Session Hijacking Social Engineering Identity theft

Works Cited

• Butler, Eric. "FireSheep." Code Butler. N.p., 24 2010. Web. 3 Dec 2012. < http://codebutler.com/firesheep/>.

• . "Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering Framework. N.p., 13 2010. Web. 3 Dec 2012. < http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>.

• Curry, Coleen. "6.4 Million Passwords Reportedly Stolen From LinkedIn Website." ABC News. ABC, 06 2012. Web. 3 Dec 2012. < http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728>

• dipman44, . " hack anyones myspace(WORKING!!)." 2007. N.p., Online Posting to All-nettools forums. Web. 3 Dec. 2012. <http://www.all-nettools.com/forum/showthread.php?5753-hack-anyones-myspace(WORKING!!)>

• "How it Works." Myspace Hacker Pro. N.p.. Web. 3 Dec 2012. <http://myspacehackerpro.com/p/how-it-works/>

• . "Identity Theft Victim Statistics." IdentityTeft.info. N.p.. Web. 3 Dec 2012. <http://www.identitytheft.info/victims.asp&xgt;.

Works Cited cont.

• . "I'll never get caught. I'm Popular." namb. N.p., October 2005. Web. 3 Dec 2012. <http://namb.la/popular/>.

• Lewis, Kent. "How Social Media Networks Facilitate Identity Theft and Fraud ." Entrepreneurs' Organization. N.p.. Web. 3 Dec 2012. <http://www.eonetwork.org/knowledgebase/specialfeatures/pages/social-media-networks-facilitate-identity-theft-fraud.aspx >.

• McMillan, Robert. "MySpace Hacker Tells His Story." PCWorld. N.p., 20 2007. Web. 3 Dec 2012. <http://www.pcworld.com/article/139812/article.html>

• Roba, . "How to Hack Facebook: The Trick is Social Engineering." thought pick. N.p., 09 2009. Web. 3 Dec 2012. <http://blog.thoughtpick.com/2009/12/how-to-hack-facebook-the-trick-is-social-engineering.html>.

• . "Samy (computer worm)." Wikipedia. N.p., 27 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Samy_(computer_worm)>.

• . "Session hijacking." Wikipedia. N.p., 09 2012. Web. 3 Dec 2012. <http://en.wikipedia.org/wiki/Session_hijacking>.