Gilmer Free Press

TechNews: FBI Details Worst Social Networking Cyber Crime Problems

According to FBI, the following are some the most serious social networking cybercrimes:

Phishing
Phishing attacks on social networking site users come in various formats, including: messages within the social networking site either from strangers or compromised friend accounts; links or videos within a social networking site profile claiming to lead to something harmless that turns out to be harmful; or e-mails sent to users claiming to be from the social networking site itself. Social networking site users fall victim to the schemes due to the higher level of trust typically displayed while using those sites. Users often accept into their private sites people that they do not actually know, or sometimes fail altogether to properly set privacy settings on their profile.  Social networking sites, as well as corporate websites in general, provide criminals with enormous amounts of information to send official looking documents and send them to individual targets who have shown interest in specific subjects. The personal and detailed nature of the information erodes the victim’s sense of caution, leading them to open the malicious email.

Data Mining
Cyber thieves use data mining on social networking sites as a way to extract sensitive information about their victims. This can be done by criminal actors on either a large or small scale. For example, in a large-scale data mining scheme, a cyber criminal may send out a “getting to know you quiz” to a large list of social networking site users. While the answers to these questions do not appear to be malicious on the surface, they often mimic the same questions that are asked by financial institutions or e-mail account providers when an individual has forgotten their password. Thus, an e-mail address and the answers to the quiz questions can provide the cyber criminal with the tools to enter your bank account, e-mail account, or credit card in order to transfer money or siphon your account. Small-scale data mining may also be easy for cyber criminals if social networking site users have not properly guarded their profile or access to sensitive information. Indeed, some networking applications encourage users to post whether or not they are on vacation, simultaneously letting burglars know when nobody is home.

Cyber Underground
The cyber underground is a pervasive market governed by rules and logic that closely mimic those of the legitimate business world, including a unique language, a set of expectations about its members’ conduct, and a system of stratification based on knowledge and skill, activities, and reputation. One of the ways that cyber criminals communicate within the cyber underground is on website forums. It is on these forums that cyber criminals buy and sell login credentials (such as those for e-mail, social networking sites, or financial accounts); where they buy and sell phishing kits, malicious software, access to botnets; and victim social security numbers, credit cards, and other sensitive information. These criminals are increasingly professionalized, organized, and have unique or specialized skills.

Beyond Cyber Crime
Valuable information can be inadvertently exposed by military or government personnel via their social networking site profile. In a recently publicized case, an individual created a fake profile on multiple social networking sites posing as an attractive female intelligence analyst and extended friend requests to government contractors, military and other government personnel. Many of the friend requests were accepted, even though the profile was of a fictitious person. According to press accounts, the deception provided its creator with access to a fair amount of sensitive data, including a picture from a soldier taken on patrol in Afghanistan that contained embedded data identifying his exact location. The person who created the fake social networking sites, when asked what he was trying to prove, responded: “The first thing was the issue of trust and how easily it is given. The second thing was to show how much different information gets leaked out through various networks.“ He also noted that although some individuals recognized the sites as fake, they had no central place to warn others about the perceived fraud, helping to ensure 300 connections in a month.

The FBI’s director, Robert Mueller this week told the Senate Judiciary Committee that the FBI’s response to growing cyber crime threats begins with its cyber squads in each of the FBI’s 56 field offices with more than 1,000 specially trained agents, analysts, and digital forensic examiners. “The FBI has also led the development of the National Cyber Investigative Joint Task Force, which now includes 17 intelligence and law enforcement partners working side-by-side to identify the source of national security threats and significant Internet schemes. In support of victims of Internet crime, the FBI has expanded the IC3, which continues to receive, track, and refer for prosecution the ever-increasing wave of Internet crimes, from child exploitation to fraud,“ he stated.