Post on 29-May-2018
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 1/33
CSIS Security GroupResearch & Intelligence
Social Networking Risk – Who Do You Want to be Today?Dennis Rand – Senior malware/Security researcher
rand@csis.dk
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 2/33
Agenda
Short introduction to CSIS
Social networking (based on LinkedIn case)
Risks of Social Networking
Best Practices
Revelation of the ”fake” LinkedIn profile
becomming ”friend” with 1000’s of people
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 3/33
CSIS – introduction
CSIS is a Danish owned IT-Security company
Specialises in the following areas:
- Anti-phishing and Cybercrime services
- ”Command and Control” stolen data recovery (M.A.S.H)
- Vulnerability- and applicationstests (PCI Vendor approved)
- Log- monitoring og consolidation and IDS
- Brandmonitoring
- Mailfirewall services
- SecDNS services
- CSIS Platinum alert service
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 4/33
Social networkingSocial networks is globally geeting more popular.
– Plaxo
– Xing– CollectiveX
– Viadeo
– Facebook– MySpace
– SkyRock
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 5/33
Risks of Social networks
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 6/33
Risks of Social networksThe threats against the users of Social Networks:
– Employees can bring client information if they leave
– Competitors use of your social network
– Hackers use of your Online Social Networks
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 7/33
LinkedIn is an online network of more than 20million experienced professionals from around theworld, representing 150 industries
With a Linked account/profile you can:
Find and meet potential clients, service providers, subject experts, andpartners who come recommended
Be found for business opportunities
Search for great jobs Discover inside connections that can help you land jobs and close deals
Post and distribute job listings
Find high-quality passive candidates
Get introduced to other professionals through the people you know
Source: http://www.linkedin.com/static?key=company_info
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 8/33
Employees can bring client informationif they leaveEmployee contracts often states ”you are notallowed to use customer information if you leave”,but!
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 9/33
Competitors use of your social
networkThe use of Social Networks are getting more andmore common around the world, and are used forkeeping a list of clients, friends, co-workers and
business partners.
The problem with LinkedIn is that the abovefeature is a default setting.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 10/33
Hackers use of your Online Social
Networks A hackers approach towards “abusing” LinkedIn would be forthe purpose of gathering information, since LinkedIn and anyother Social Networking solution, you can be whoever you wantto be, or you can take the identity of whoever you want to be.
– Building up a large network
– Email harvesting
– Personalized malware and attacks (social engineering)
– Information disclosure of products and vendor usage
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 11/33
Building up a large network
No check of data entered from the Social Network service
– We created a profile with an interesting profile:
– The profile had worked at 3 large organisations
– A college degree
– Long work experience
– Sent an invite to random people who had made their email public
– Within 3 hours we recieved the first invites back
– Sent out a lot of invites
– Accepted everything
– Joined Groups
– Added my profile to ”Toplinked.com”,”opennetworkers.pbwiki.com” and other LinkedIn websites
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 12/33
Date of statistics: 21 April 2008 – Profile been active for allmost a year
Building up a large network As of today my profile has 3601 direct connections, 1115 of
these invited me. 10,449,800+ connections in 3rd level
2486
1115
132
0
500
1000
1500
2000
2500
Accepted Invi tation Invi ted me Rejected Invi tation
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 13/33
Date of statistics: 21 April 2008 – Profile been active for allmost a year
Building up a large network
Top 30 Industry
0
100
200
300
400
500
600
700
S t a f f i n g & R e c r u i t i n g
C o m p u t e r s o f t w a r e
C o m p u t e r a n d N e t w o r k
s e c u r i t y
M a n a g e m e n t c o n s u l t i n g
H u m a n R e s o u r c e s
I n t e r n e t
F i n a n c i a l S e r v i c e s
T e l e c o m m u n i c a t i o n s
B a n k i n g
M a r k e t i n g a n d a d v e r t i s i n g
O u t s o u r c i n g & O f f s h o r i n g
P
r o f e s s i o n a l t r a i n i n g a n d
c o a c h i n g
C o m p u t e r n e t w o r k i n g
S e c u r i t y & I n v e s t i g a t i o n s
I n f o
r m a t i o n T e c h n o l o g y a n d
S e r v i c e s
C o m p u t e r h
a r d w a r e
A c c o u n t i n g
V e n t u r e c a p i t a l &
P r i v a t e
R e a l e s t a t e
I n v e s t m e n t b a n k i n g
P h a r m a
c e u t i c a l s
R e s e a r c h
L o g i s t i c s a n d s u p p l y c h a i n
I n v e s t m e n t m a n a g e m e n t
I n f o r m a t i o n
S e r v i c e s
R e t a i l
S e m i c o n d u c t o r s
D e f e n s e
& S p a c e
W i r e l e s s
O i l & E n e r g y
Numbers
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 14/33
Date of statistics: 21 April 2008 – Profile been active for allmost a year
Building up a large network
Interesting industries where myprofile have friends
People in my network with
Security related certifications
5Law enforcement
4Military
4Government Administration
4Government Relations
18Defense & Space
34Security & Investigations
25Investment banking
94Banking
110Financial Services
192Computer and Network security
12ISSMP
18CEH
50CISM
95CISA
173CISSP
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 15/33
Some interesting groups I have joined
– By joining groups, I also strengthen the trust of the profile, currently
a member of 790 groups
Date of statistics: 12 March 2008 – Profile been active for allmost a year
Building up a large network
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 16/33
Email harvesting If you create an interesting profile, and through your profile appear to
be a previous employee, then you can get a list of employees that youcan send an invite to without having to know their email address.
All contacts can be exported from LinkedIn, and (ab)used.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 17/33
Personalized malware and attacks
Scenario 1
A malicious person would use the contacts connected through the
network and send mails that includes information available about
the people in the network.
Hey Jack, We connect through LinkedIn and I wanted to send you
this information.
Please view the attached file or download it from
http://www.xxxxxx.dk/MyPersonalCV
Best regards
Frederick Hanson
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 18/33
Personalized malware and attacks
Scenario 2
Publishing a question to specific groups within the trusted LinkedInnetwork and add a URL to a malicious website that would infectthe user when they visit the website by doing drive-by or socialengineering (tricking the user to open a malicious file).
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 19/33
Personalized malware and attacks
Scenario 3
Add a link to my public profile which point to a website that couldcollect information about people visiting the website or perhapsadd a malicious file for download e.g. resume.exe describing it asa self extracting file containing a PDF with my resume. You can
ever abuse vulnerabilities in say Adobe or Microsoft Word, Excelto make this attack more effective.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 20/33
Personalized malware and attacks
Scenario 4
Targeted attacks against country, industries or businesses andagain it is possible to use LinkedIn to filter and export the data:
We have over the last few years seen more and more targeted attacks(spear phishing), on businesses like Research and financialcorporations.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 21/33
Information disclosure of products and vendor usage
Another security threat concerning Social Networks is that people put in way to
much information which potentially could be abused by hackers to gain ainsight about the network and infrastructure prior to a targeted attack.
The resume reveals a lot of information as shown below:
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 22/33
Best Practices
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 23/33
Best Practices
Companies should implement policies regarding theuse of Social Networks in their Security Policy.
– If using social networks is allowed, a guideline orprocedure describing how these are to be used,to protect your company from informationdisclosure, would be advise able.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 24/33
Best Practices
The following issues should be taken intoconsideration– People will write too detailed and possibly confidential
information within their profile.
– People will allow everyone to see all connections made, againallowing possible confidential information to leave the company.
– Employees can bring client contacts with them, if they decide toleave the company, “without stealing any information” in the waywe usually see; they have just connected to the clients.
– People will trust their connections and click on everything that
they receive from these people.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 25/33
Best Practices
Are Social networks like LinkedIn good or bad?It all depends on the usage!
I find Social networks to be a good thing as long as you rememberthat your information is to some extend public to the world, so
beware of what you write about yourself and your company since thisinformation potentially could be abused by hackers.
Also when you accept connections ensure that people are, who they
say they are, and whether or not you really want them as aconnection.
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 26/33
Revelation of the LinkedIn profile
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 27/33
I will like to present to you
John Smith
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 28/33
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 29/33
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 30/33
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 31/33
I found you while I was searching my network on LinkedIn and found you.
In the future I might be interested in contacting you regarding a possible job/business
connections, so this is my way to keep a list of interesting people/possible futurebusiness partners/connections.
A little about myself I'm currently doing projects all around the world, withIT-security related work, primarily around ITIL, Auditing, Forensic and malware parts.
I'm an “Open networker”, since I find it fascinating to get to know people from all aroundthe world.
Currently I work as a freelance consultant, for a large company not mentioned inmy profile, due to my contract :)
I’m currently looking for a full-time job, when I’m finished with the contract that I’m under, theProject ends around April 2008.
In my spare time I enjoy reading fiction, and running, I’m also an astronomer, with too little time to spare forthat area.
I’ve been married to my beautiful wife Lynn since 2006 and we have a small girl named Kathryn, who is now1½ years of age.
Hope you will take the time to read my profile and accept my invite :)
Best regardsJohn Smith
Invitaion sent out
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 32/33
So close, yet so far away
8/9/2019 LinkedIn Threats
http://slidepdf.com/reader/full/linkedin-threats 33/33
Questions ?