US cyber security specialists have expressed concern that hackers can use professional networking site LinkedIn to launch targeted attacks against unsuspecting individuals.
At a conference of US computer and network security company RSA, cyber crime investigators indicated that LinkedIn might be used as an ideal hacking toolkit because of the kind of information professionals share on the site: workplace, job profile and employer.
Following two instances of high-profile hacking last year, the experts cautioned that the risk of spear phishing – a term coined to denote the new form of cyber hacking – is too real to ignore anymore.
In the opinion of author of Spies Among Us Ira Winkler, “Businesspeople are using LinkedIn for research purposes, and headhunters and marketers use it to recruit. Why wouldn’t Chinese intelligence agents use it as well to spear phish?”
Self-proclaimed hacker Ryan O’Horo showed how to penetrate an apparently secured corporate network using LinkedIn. He first opened a fake account with the networking website before sending 300 connection requests to the employees of a particular firm. Then he sought permission to access a private discussion thread within the company’s network, to which he was granted access without anybody verifying his identity.
The job was virtually half done for O’Horo as he could submit a link that asked for a test sign-up with a ‘new project’. O’Horo then received 40% hits from the employees of the firm he targeted to crack.
Commenting on the matter, a LinkedIn spokesman said all account holders must understand that the risk of phishing attacks drops significantly when they add only known and trustworthy contacts. “People should use common sense and tools available to them to ensure that they don’t fall prey”, he advised.