April 22, 2010, 12:11 PM

Hackers find high-ranking friends in social networks, report finds

Cyber-criminals are befriending social networks, according to a new report from Symantec Corp., the maker of Norton computer security products. Specifically, they are using the networks to mine for data about individuals to gain access to corporations. And that’s just one sophisticated technique criminals are using to reach more PCs worldwide, Symantec says.

Katie Evans

Managing Editor, International Research

Cyber-criminals are befriending social networks, according to a new report from Symantec Corp., the maker of Norton computer security products. Specifically, they are using the networks to mine for data about individuals to gain access to corporations. And that’s just one sophisticated technique criminals are using to reach more PCs worldwide, Symantec says.

“Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” says Stephen Trilling, senior vice president, Security Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across the world makes this a truly international problem requiring the cooperation of both the private sector and world governments.”

Such attacks threaten any business connected to the Internet, including companies that sell online. They also can happen at the vendors that serve e-commerce companies. In fact, earlier this year, Google Inc., which offers a myriad of services to e-retailers ranging from analytics to paid search, was the target of a hacking scheme.

The highly publicized Hydraq attack on Google targeted a small number of employees and used data about them to gain access to company information. While it’s uncertain exactly how such attackers gained access, Garry McGraw, chief technology officer of Cigital Inc., a software security and quality consulting firm, says the attack is widely believed to have started with a social network. He says LinkedIn, the online social network popular with business associates, is the perfect spot for a crook to get a foot in the door to an executive’s computer and the data that comes with it.

“The first thing a crook attacking a company does is to try and find the people in the organization and where they stand in it. LinkedIn is perfect because it has a lot of business people on it,” McGraw says.

To gain access to an exec’s PC, a criminal might search for a company on such a network, find a high-ranking employee, and look for details to establish common ground. For example, if the hacker sees that the professional spoke at a recent conference, he might send an e-mail or message via the social network, mention the conference, and ask the executive to take a look at a false presentation on a similar topic, McGraw says. The malicious document, once opened, could infect a computer and give the criminal access to private company information. The more important the individual, the more juicy the information, McGraw says.

Hackers don’t need don't to try to take over all computers within a corporation, the Symantec report says, all they need is one computer to enter a company’s intranet and thus its private data. An intranet is a computer network that uses Internet technology behind a firewall.

David Drummond, senior vice president, corporate development and chief legal officer for Google, announced the Hydraq attack in a blog post in January. But Symantec says it’s just the latest in a line of similar attacks including the Shadow Network attack in 2009 when hackers accessed the Dalai Lama’s e-mails.

Symantec says such attacks were especially common with PDF viewers last year. PDF’s accounted for 49% of observed Internet attacks in 2009, up from 11% in 2008, the company says.

Another frightening note in the research: Not all attacks come from the minds of the tech-savvy. The Symantec report notes the rise of attack tool kits which can be bought online for just $700. One such tool kit, called Zaus or Zebot, automates the process of creating customized malware capable of stealing personal information. Attackers have created millions of variations of malicious codes with such kits attempting to get around security software detection, Symantec says.

Cyber-attacks are popping up in more regions, Symantec also notes. As developing countries add broadband infrastructure and progress, so too does their fraud activity, Symantec says. Brazil, India, Poland, Vietnam and Russia all moved up in rankings of sources of cybercrime. The report also suggests government crackdowns in developed areas have led cybercriminals to launch their attacks from developing countries, where they are less likely to be prosecuted.

Other findings in the Internet Security Threat Report include:


  • Malicious code is on the rise: In 2009, Symantec identified more than 240 million new malicious programs, a 100% increase from 2008.
  • Top threats. The Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most frequently blocked by Symantec security software in 2009. Sality infects files and attempts to download malicious files from the Internet; Brisv infects media files and may cause Windows Media Player to access malicious URLs; and The SillyFDC worm copies itself to removable media and downloads malicious applications.
  • The Downadup or Conficker threat, which looks for unsecured computers and then takes advantage of a security vulnerability to gain access to a computer, is estimated to be on 6.5 million machines. Thus far, machines infected with Downadup/Conficker have not been used for any significant criminal activity, but the threat remains, Symantec says.
  • Hacking is huge: 60% percent of all data breaches in which the culprit was exposed were found to be the result of hacking. 75% percent of enterprises surveyed by Symantec experienced some form of cyber-attack in 2009.
  • Spam lives—and thrives. In 2009, spam accounted for 88% of all e-mail observed by Symantec, with a high of 90.4% in May and a low of 73.7% in February. Of the 107 billion spam messages distributed globally per day on average, 85% came from botnets. A botnet is a group of computers controlled and manipulated by one central source, often used by criminals to commit online fraud. The 10 major botnet networks now control at least 5 million compromised computers. Throughout 2009, access to botnet-infected computers were being advertised on the black market for as little as 3 cents each, Symantec says.
  • Applying security patches continues to be a challenge for many users. For example, Symantec says, one Microsoft vulnerability was published in August 2003 and patches have been available since July 2004, but it was still the second-most attacked vulnerability last year.


Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!




Relevant Commentary


Seth Barnes / E-Commerce

Commissions are for closers

A Savings.com executive responds to an Internet Retailer article describing a web merchant’s decision to ...


Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...