Intelligence Office: Don’t Trust Your Facebook Friends

antb/Shutterstock.com

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
Kaveh Waddell By Kaveh Waddell,
National Journal

By Kaveh Waddell,
National Journal

|

An educational video from the Office of the Director of National Intelligence is warning people to be wary of foreign spies on social-media sites

Sit­ting at his desk in a bleak of­fice build­ing, a tired-look­ing work­er in a polo clicks around a so­cial-me­dia site. Sud­denly, a chat win­dow pops up in the corner. It’s a re­cruit­er. “We have two high level po­s­i­tions open right now that you are qual­i­fied for,” she types. “Do you have a mo­ment for some ques­tions?”

Be­fore long, the of­fice work­er, per­haps des­per­ate to get out of his dead-end job, has turned over all the in­form­a­tion the re­cruit­er asks for: his clear­ance level, his com­pany’s fin­an­cial per­form­ance, his com­pany’s cor­por­ate struc­ture, and even con­tracts he’s re­cently worked on.

But the per­son on the oth­er end isn’t a re­cruit­er after all. In­stead, our friend the of­fice work­er is be­ing duped by a man in fa­tigues and a red ber­et, clearly a state-sponsored hack­er some­place sin­is­ter halfway across the globe.

The mes­sage, which comes in an edu­ca­tion­al video re­leased Fri­day by the Of­fice of the Dir­ect­or of Na­tion­al In­tel­li­gence, is simple: “Don’t be this guy.”

“As with all emer­ging tech­no­lo­gies, so­cial me­dia has provided some won­drous ad­vances, but also new vul­ner­ab­il­it­ies that could be ex­ploited by our ad­versar­ies,” a gov­ern­ment spokes­wo­man warns in a re­lated video.

The gov­ern­ment’s “Know the Risk—Raise Your Shield” cam­paign, which began with a video about “spear phish­ing” and will con­tin­ue to cov­er face-to-face tar­get­ing and travel aware­ness, sprung from the pair of high-pro­file hacks at the Of­fice of Per­son­nel Man­age­ment that re­vealed the per­son­al in­form­a­tion of more than 22 mil­lion in­di­vidu­als, in­clud­ing cur­rent and former fed­er­al work­ers—and even people who had simply ap­plied for a fed­er­al job.

In­tel­li­gence and law en­force­ment of­fi­cials have said that for­eign hack­ers and crim­in­als can use the ever-grow­ing data­base of stolen per­son­al in­form­a­tion and cre­den­tials to tar­get in­di­vidu­als and ex­tract more in­form­a­tion from them. By of­fer­ing con­fid­en­tial in­form­a­tion, a hack­er can gain a tar­get’s trust and ex­ploit them.

The large-scale breach of tax in­form­a­tion at the IRS last year was based on that prin­ciple, al­though in­stead of fool­ing a hu­man in­to trust­ing them, the hack­ers fooled a soft­ware tool that was sup­posed to veri­fy users’ iden­tit­ies. By feed­ing the sys­tem in­form­a­tion like So­cial Se­cur­ity num­bers, ad­dresses, and fin­an­cial in­form­a­tion, hack­ers were able to gain ac­cess to past tax fil­ings and even file fraud­u­lent re­turns.

On a much smal­ler scale, the breach of CIA Dir­ect­or John Bren­nan’s per­son­al email ac­count is an ex­ample of how eas­ily so­cial en­gin­eer­ing can be used to gain ac­cess to sup­posedly se­cure areas. The group that got in­to Bren­nan’s email—at least one of whom says he is a teen­age stoner—claims to have im­per­son­ated Ve­r­i­zon em­ploy­ees to get the in­form­a­tion they needed to con­vince AOL to re­set Bren­nan’s email pass­word.

(Image via antb/Shutterstock.com)

NEXT STORY: OPM Pilots ‘Resume Mining’ for USAJobs