Report: Attackers sent Google workers IMs from 'friends' [CNET News]
As computer forensics experts continue to dissect the December hacking attack against Google and other U.S. companies, additional levels of the hackers' sophistication are being revealed. The attack was perpetrated against a flaw in the Internet Explorer browser that allowed hackers to take control of a user's computer. In order to take advantage of the browser vulnerability, the hackers relied upon phishing emails and web sites that encouraged a user to click on a malicious link.
Britain's Financial Times is now reporting that the hackers chose their victims' systems after careful research about them on social networking web sites. The hackers conducted reconnaissance on the victims' friends, using their research to create phishing attempts that the victims were likely to respond to by clicking on the malicious link. Using simple psychology that a person would be more likely to trust an email from someone that appeared to be an acquaintance, hackers were able to exploit that trust.
Computer scientists call this type of attack spear-phishing - using online research to create a front that tricks an otherwise careful user into giving a hacker access to their system. It success against a tech giant like Google shouts for the need for users to increase their vigilance - even if it means asking questions about emails and web sites from sources that appear to be trusted.
Comments