Pen Testers Break Into Gov't Agency With Fake Social Media ID

Posted by timothy on Thursday October 31, 2013 @03:42AM from the open-government dept.

itwbennett writes "Security experts used fake Facebook and LinkedIn profiles to penetrate the defenses of an (unnamed) U.S. government agency with a high level of cybersecurity awareness. The attack was part of a sanctioned penetration test performed in 2012 and its results were presented Wednesday at the RSA Europe security conference in Amsterdam. The testers built a credible online identity for a fictional woman named Emily Williams and used that identity to pose as a new hire at the targeted organization. The attackers managed to launch sophisticated attacks against the agency's employees, including an IT security manager who didn't even have a social media presence. Within the first 15 hours, Emily Williams had 60 Facebook connections and 55 LinkedIn connections with employees from the targeted organization and its contractors. After 24 hours she had 3 job offers from other companies."

1 of 109 comments (clear)

Min score:

Reason:

Sort:

Re:Since when ... by quietwalker · 2013-10-31 04:07 · Score: 5, Informative

(and then I read the article)
Okay, the point where they then use the connections to send out xmas cards linked to an attack site which people went to, and how they somehow scammed someone into sending her a work laptop and network access credentials.
That might be better to lead with the actual attacks in the summary, and not just some sort of information gathering setup.