The Use of Social Networks for Cyber Espionage

Tuesday, March 13, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

A few days ago I wrote an article on cyber espionage and its higher incidence in comparison to computer crimes. Who are the figures who most frequently perform operations of this type?

An upsurge in interest in cyber espionage has been demonstrated by governments in search of sensitive information relating to military and industrial technologies used by hostile countries, but also by groups of criminals who seek to engage in fraud against individuals and companies.

Of strategic importance for espionage activities are social networks, a valuable wealth of information through which one can trace the profile of an individual, understand their relationships, their habits, and even their spatial and temporal location. 

For this reason, I believe that the use of social networks by key persons in the military and critical industrial environments must be subjected to a stringent regulation to avoid security problems.

Let me focus attention on a case that has been discussed in recent days related to espionage activities intended to harvest the NATO Chiefs’ details. How did they attack the profile? Let me invite you to read my proof of concept on the argument published on Wikipedia under the subject "Social Network Poisoning".

The post is in Italian because the English Wiki deleted it in an act of censorship and attempt to avoid documenting such methodologies. And to think, they say they are for freedom of expression.

First of all, one must build a parallel network of fake accounts that are related to the victim and his activities. In the case of NATO'S most senior commander, several of his colleague's fake profiles were created on Facebook, apparently by Chinese spies.

In the second phase of the attack, the fake accounts try to contact to the target and thus establishing a relationship. This is happened when Senior British military officers and Ministry of Defense officials accepted "friend requests" from the bogus accounts for American Admiral James Stavridis.

In this way, part of attack has been successfully completed and it is possible to steal sensitive information like private email account credentials, photos, messages and also gaining access to target's network of friends who will be the targets in the following phases of the attack.  Similar incidents have been documented and show how vulnerable the higher echelons of strategic commands can be.

If you think the information obtained in this way is inconsequential, you are mistaken. Think about how is now able to find photos of a victim's residences, or track their location at any given time.It is possible to know the weaknesses of any target, such as gathering information on a target's family.

We all tend to want to exercise control of everything happening around us, but it is impossible, except for in rare occasions, and we cannot necessarily affect the behavior of those we love. From gaining the knowledge of the private mail account of a target, it is possible to attack a the people close to them who may be misled by fake mails.

This is a potential disaster in terms of security.

Of course, similar operations are hampered by the controls carried out by the managers of social networks as stipulated with with major institutions and law enforcement. The stakes are high and control of social networks is strategic. Many agencies and law enforcement agencies like the FBI are working to prevent such exploits, and they have commissioned the development of a complex analysis system that will monitor social networks.

In an article published in "The Telegraph" I read that these kinds of social engineering operations have nothing to do with hacking  espionage. Well I say whoever wrote that did not understand much of the concepts mentioned. It is impossible to separate concepts like social engineering from the acts of hacking and espionage. 

The battlefield has changed as well in the way nations make war, as they have introduced military concepts to cyberspace. The intelligence community and the Western corporations are still too vulnerable to these kinds of attacks, so it is absolutely necessary to define cyber strategies to deal with these incidents.

In the last year, it has been observed that an impressive growth in state-sponsored attacks is aimed at stealing information to gain an economic, political and military advantage.

Hostile countries, cyber criminals, and groups of terrorists could launch a cyber attack against military targets and critical infrastructure, and they have a large collection of option to use like designer viruses. Last year McAfee uncovered a major string of attacks designed to steal sensitive data from targeted organizations called "Night Dragon".

Chinese hackers were working regular business hour shifts to steal sensitive intellectual property from energy companies for as long as four years using relatively unsophisticated intrusion methods. The attacks are thought to have originated from IP addresses in Beijing between the hours of 9 a.m. to 5 p.m local time, suggesting that the authors were regular company employees or mercenary hackers.

Once again, China has is suspected in coordinating these dangerous attacks.

It is time to wake up, because these attacks can be devastating, and the notion that the attackers are not using leisure components such as social networks in these operations is wrong.

I conclude by quoting from the article on "The Telegraph":

"Last year an executive at a key US defense firm, RSA, opened a personal email with the subject line '2011 Recruitment Plan' and clicked on the attached Excel spreadsheet. The attachment contained a virus, apparently engineered by the Chinese, which opened up RSA's system and allowed access to all its secrets, including its work for the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon and the Department of Homeland Security(DHS). Such is concern over the cyber-attacks that the DHS now sees it as a key priority along with tackling terrorism."

Is this sufficient enough evidence to be alarmed? Have not cases like Startfor and Nortel  taught us anything?

Cross-posted from Security Affairs

Possibly Related Articles:
24709
General
Information Security
China Social Engineering Government Military Cyberwar Intellectual Property Cyber Crime Attacks hackers Cyber Espionage
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.