http://www.mid-day.com/lifestyle/2009/nov/231109-Priyanka-Chopra-Twitter-account-Security.htm [Ankit Fadia, India's uber hacking expert, appears to heavily promote Viagra, or been hacked by evil spammers that found a way to subtlety deface the web page. - http://attrition.org/errata/sec-co/fadia01.html - WK] By Kumar Saurav Mid Day 2009-11-23 Mumbai Not just Priyanka Chopra, but any celebrity or public figure's Twitter updates can jeopardize national security, claims 24 year-old ethical hacker Ankit Fadia Mumbai-based cyber security consultant Ankit Fadia, who claims that his website Hacking Truths was judged as the second best hacking site in the world by the FBI, says social networking sites are the latest threat to India's security. The potency and penetration of social networking in the country has made it possible for anyone to track and connect with film stars, politicians and other public figures who were once beyond reach. Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor and Barack Obama are just a few from a whole bunch of celebrities who update their Twitter status regularly. But "are they doing it wisely?" is what Fadia asks. Why are you apprehensive about celeb tweeting? If you follow celebs, you'll observe that they disclose information on where they are shooting, what their shooting schedule looks like and the hotel they are put up at. Unintentionally, they are inviting trouble, because troublemakers are hungry for such information. Any instances? Singer Britney Spears' account on Twitter is hacked almost once every two months. One of the hackers even claimed on her wall, that he's her public relation officer and that Britney is dead, with details about the date and venue of her funeral. Indian politico Shashi Tharoor's account has been hacked several times too. Even Big B and Aamir Khan's blog were hacked. Once a blog, website, social networking account is hacked, a hacker has full control over it. He can spread rumours, communicate with fellow criminals, and indirectly make you a partner in their crime. How would you rate the technical stylishness of terrorists? They are far ahead. When I was asked by the US intelligence to decode some scripts after the 9/11 attacks, I was stunned to see the kind of technology they used to communicate. The agencies had tracked some emails where a few individuals were frequently exchanging photographs of Canadian rockstar Avril Lavigne. Hidden text messages that aren't visible to the naked eye, were being exchanged through these pictures. What about Mumbai's 26/11 terror attacks? For 26/11, they had used highly secured Voice Over Internet Protocol (VOIP) like Skype to communicate with each other. The data on VOIPs' servers is so huge that by the time you track them, the damage has been done and criminals are out of reach. The 26/11 terrorists had used the "proxy bouncing" technique, where in they were sending messages through a Saudi Arabia based server, while they were actually sitting in Pakistan. Why is tracking such messages so difficult? They know the loopholes, and how to use them affectively. Suppose three terrorists A, B and C want to communicate with each other, what they do is create a Twitter account and follow each other, thus forming a closed group. So if A posts a message saying "Plant Bomb at Parliament at 11 am", just B and C will be able to see the message. And since Twitter is based in the US, Indian authorities wouldn't have control over this exchange of messages. Tracking messages is another problem. I will track a suspicious mail only if it's sent. If A wants to communicate with B, he will type an email and save it as a draft instead of sending it. Now B, whose has A's password will log in to A's account, read the mail in the "Draft" folder. Since the mail hasn't been sent, it becomes almost impossible to track it. How do spammers and hackers operate in social networking sphere? There are viruses, worms, spyware and malware that spread through social networking websites. One day, you receive a private message from one of your friends (who is already infected) containing a link to a Youtube video. Halfway through the video, it will prompt you to download some video plugin. Since the message comes from your friend, you trust it, but the moment you click it, you get infected. Get rich quick schemes, earn money online scams and various money laundering attacks now come through social networking sites. ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Dec 01 2009 - 01:10:21 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 01:17:36 PST