Security Techniques

LinkedIn – How to exploit social media for targeted attacks

LinkedIn – How to exploit social media for targeted attacks: The professional social network LinkedIn is a mine of information for any king of attackers, a Websense post described a typical attack scenario.
Recently I read an interesting post published on the Websense security labs blog on the use of social network LinkedIn for the reconnaissance phase of an attack. The concept is not new, LinkedIn is a mine of information for OSINT activities and attackers could use it to acquire a huge quantity of personal information on the targets, the social media is ideal for long term cyber espionage operation.

I’ve coined in the past a very interesting concept, the social network poisoning, to indicate the way to abuse of social network platform to spy on specific profile or to modify the sentiment of a topic of interest (e.g. PSYOPs and social both).

It’s easy to build a network of fake profiles to attract “person of interest”, to monitor their professional activity and obtain precious information for further targeted attacks (e.g. partnership, collaboration and involvement in specific projects).

Let’s imagine that someone decides to attack my profile and note that within my last publications there is a work I made for banking sector evaluating the impact of cybercrime on modern online-banking. The ill intentioned hackers could collect information in the context where I made the presentation an the person who appreciated it or that work in the same area. Well LinkedIn gives to the attacker all the instruments and knowledge to try to compromise targeted profile.