Facebook 'stalker' tool uses Graph Search for powerful data mining - topic here ..
Facebook 'stalker' tool uses Graph Search for powerful data mining: on infoworld.com : http://www.infoworld.com/d/security/facebook-stalker-tool-uses-graph-search-powerful-data-mining-229063
When a high-profile public figure living in Hong Kong hired the security company Trustwave to test if its experts could get his passwords, they turned to Facebook.
While the dangers of sharing too much data on Facebook are well-known, it is surprising how little data can give hackers a foothold. The man gave Trustwave's team no-holds barred permission to try and snatch his data, a so-called "Red Team" test.
[ Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
"We found out through Facebook who his wife was," said Jonathan Werrett, a managing consultant for Trustwave's SpiderLabs in Hong Kong. "We found out through her likes -- her public likes -- that she ran a pilates studio. We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring."
The man's wife opened an email with a video demonstration of the bogus job candidate conducting a class. The malicious attachment infected her computer with malware, which gave Trustwave's analysts access, known as a spear-phishing attack.
The computer she was using was a hand-me-down from her husband. The passwords he wished to protect were in the Apple computer's keychain, so the hacking exercise "turned out to be a lot easier than we otherwise expected," Werrett said.
Mining small details from Facebook has become even easier with Graph Search, the site's new search engine that returns personalized results from natural-language queries. Graph Search granularly mines Facebook's vast user data: where people have visited, what they like and if they share those same preferences with their friends.
Graph Search immediately prompted warnings from security experts, who said its powerful data aggregation abilities could make people uncomfortable even though the exposed data is public.
For penetration testers as well as bad guy hackers, Facebook is invaluable for spear-phishing attacks. ..
..
Facebook 'stalker' tool uses Graph Search for powerful data mining: on infoworld.com : http://www.infoworld.com/d/security/facebook-stalker-tool-uses-graph-search-powerful-data-mining-229063
When a high-profile public figure living in Hong Kong hired the security company Trustwave to test if its experts could get his passwords, they turned to Facebook.
While the dangers of sharing too much data on Facebook are well-known, it is surprising how little data can give hackers a foothold. The man gave Trustwave's team no-holds barred permission to try and snatch his data, a so-called "Red Team" test.
[ Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
"We found out through Facebook who his wife was," said Jonathan Werrett, a managing consultant for Trustwave's SpiderLabs in Hong Kong. "We found out through her likes -- her public likes -- that she ran a pilates studio. We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring."
The man's wife opened an email with a video demonstration of the bogus job candidate conducting a class. The malicious attachment infected her computer with malware, which gave Trustwave's analysts access, known as a spear-phishing attack.
The computer she was using was a hand-me-down from her husband. The passwords he wished to protect were in the Apple computer's keychain, so the hacking exercise "turned out to be a lot easier than we otherwise expected," Werrett said.
Mining small details from Facebook has become even easier with Graph Search, the site's new search engine that returns personalized results from natural-language queries. Graph Search granularly mines Facebook's vast user data: where people have visited, what they like and if they share those same preferences with their friends.
Graph Search immediately prompted warnings from security experts, who said its powerful data aggregation abilities could make people uncomfortable even though the exposed data is public.
For penetration testers as well as bad guy hackers, Facebook is invaluable for spear-phishing attacks. ..
..
