Social Media Accounts Security Breach

News just came out today from IT NEWS concerning the social media accounts security breach on Skype’s social media accounts.  Not surprising that social media accounts are the target of hackers everywhere.  Business and personal postings provide a wealth of information and whether or not someone can get to this information depends on the strength of the security.

Dynamic Worldwide Training Consultants  www.dwwtc.com believes in security training and offers:

Get your company ready in 2014 to ward off these types of breaches.

 

Skype’s social media accounts targeted by hacker group

Jan 02, 2014 12:56 am | IDG News Service

User information was not compromised, Skype said

by John Ribeiro

 

.Skype said its social media properties were targeted, with a group styling itself as the Syrian Electronic Army appearing to claim credit for the hacks.

“You may have noticed our social media properties were targeted today,” Skype said in a Twitter message late Wednesday. “No user info was compromised. We’re sorry for the inconvenience.”

Skype’s Twitter account, blog and Facebook page appeared to have been attacked by the SEA, a group that supports the Syrian government, according to reports. The Skype blog was still inaccessible late Wednesday and redirected users to the Skype home page.

The SEA reproduced in a Twitter message a copy of what appeared to be its message using the Skype account on Twitter. The message read: “Don’t use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments.More details soon #SEA.” It did not figure by late Wednesday on Skype’s Twitter feed.

SEA later posted on Twitter contact information purportedly of Microsoft CEO Steve Ballmer, stating: You can thank Microsoft for monitoring your accounts/emails using this details.

The attack on Skype’s social media accounts appears to be linked to disclosures through newspapers by former U.S. National Security Agency contractor Edward Snowden that Internet companies allegedly provide the agency real-time access to content on their servers for surveillance purposes.

The SEA has targeted previously many high-profile websites and Twitter accounts. In August, an attack purportedly by SEA on Melbourne IT, an Australian domain registrar, affected the websites of The New York Times, Twitter and other top companies.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is john_ribeiro@idg.com

Social Media Attacks: The Pretty Face that Invaded a Government Agency through Social Media and How to Avoid Falling into the Same Trap

by Dr. Scott A. Wells and Justyna La Pay, Ultimate Knowledge Institute

As we just learned from Cyberdefense specialist Aamir Lakhani, Robin Sage social media attacks are alive and well. By creating a fake social media account under the name “Emily Williams” and tricking government personnel into accepting his requests, Lakhani, a penetration tester for World Wide Technology, gained access to passwords, sensitive documents, and even the computer of the head of information security at an unnamed government agency. It took only 15 hours for Lakhani to gain over 55 connections to his targets via Facebook and Linkedin. After a short time, male employees offered to help “Emily” get a laptop, and, most surprisingly, offered her a job and gave her early access to their network. Read more about this penetration testing attack.

Insidious, simple social media attacks that rely on penetrating social networks aren’t new, either. In 2009, security specialist Thomas Ryan tricked hundreds of defense specialists into giving him sensitive information by crafting the fake online persona “Robin Sage.”

One would think that national security professionals would be more careful about who they allow into their social networks. This latest example shows how vulnerable our data networks are to these types of attacks, and underscores the value of comprehensive cyber security training programs.

Here are three ways to prepare your organization against attacks like these:
1) Avoid allowing unknown people into your social network.

Often users tend to spend too little effort to ensure that the friendship requests are from actual friends. It’s been shown that 78 percent of all Facebook users use the number of friends they have in common with their current friends as the most compelling reason to accept an incoming friendship requests.

Google Image search can be used to help validate unknown social media requests.

We all know about Google Images, but do we all know about Google’s reverse image search engine? It’s a service that allows users to search by images. No, that isn’t search for images per se — it is search by images: you input an image URL or upload an image, and then Google finds similar looking images. Although the service may sound simple, it can be very useful.

Let’s say you have a profile picture of a person and you want to verify that they are who they claim to be.  Simply copy their picture to your desktop, drag it into the Google Image search field and there you go.  It either verifies their identity or you may find yourself in the middle of a catfish attack. A catfish attack is when an individual pretends to be someone they’re not, like in the case of “Emily Williams”. We can use Google Image search as a quick counter measure to those attacks. It is a great tool for confirming someone’s identity on Facebook, LinkedIn, Social Dating sites,  and any other venue in which a friendship is established based on a profile.

URL: http://images.google.com
Use: Google Chrome or Firefox Browser

2) A social media network is only as strong as its weakest link.

Be aware of connections in your network that may be compromised – even real associates or friends may be allowing bad actors in their network to view your data. If your friend hasn’t checked the authenticity of the friend request prior to accepting it and you’re approached by the same person, you may be dealing with a hacker.

3) Stress the importance of social media security awareness.

There are few technologies out there that will protect you from threats coming through social media. User security training is the best way to fend off attacks. Everyone can fall prey to social media attacks, even the very cyber security-savvy professional as evidenced by Lahkani’s research.

Learn more about Social Media Security Professional (SMSP) certification powered by CompTIA

http://www.dwwtc.com/outline/uki/social-media-security-professional

About Scott A. Wells, Ph.D.

Co-Founder / Director of Training,  Ultimate Knowledge Institute (UKI) | Chief Architect of the Social Media Security Professional (SMSP) Certification Powered by CompTIA

Dr. Scott Wells is recognized throughout the industry as a world-renowned instructor and consultant known for his commanding presence in the classroom and breadth of knowledge in the world of Information Technology and Information Security. Dr. Wells achieved his doctorate in Applied Mathematics (Cryptology) and has worked for and consulted industry leading corporations such as Microsoft, Digital, and Cisco as well many other Fortune 100 companies. For the past 12 years Dr. Wells has developed and taught hundreds of Information Technology and Cybersecurity training programs for the Department of Defense, Federal Agencies and Fortune 500 enterprises.

Dr. Wells leads the initiative to establish Ultimate Knowledge Institute as the industry leader in providing Social Media Security, Forensics, and Governance training as well as a renowned certification body awarding cybersecurity experts with the Social Media Security Professional (SMSP) Powered by CompTIAcertification, the Social Media Engineering & Forensics (SMEFP) and Social Media Management & Governance (SMMGP) certification.

Locking Down Social Media

Ultimate Knowledge Institute is our learning partner who is responsible for the Social Media Security Professional course. UKi has developed course materials for Cyber Security training and offering consulting services to the Department of Defense, Federal Agencies, DOD Contracting Partners, and Fortune 500 companies (they know what they are talking about).

UKi is currently offering a free webinar for Locking Down Social Media – Next Generation Security Enhancements. If you manage social media for your company, manage security, or just want to know more about the current state of security in social media, register to save your spot today!