Sharing Information Online: Falling Prey to Social Engineering
Information forms the very basis of any criminal activity, the more intimate and personal it is, the more critical & the more potential it has to cause damage. While sharing information online it’s very much difficult to decide that what information you should choose to share and what not to, even if you chose not to share any of your information you will leave traces of information about yourself unknowingly while surfing through the internet. To cut the long story short when you go online you can control some of the information and some of it, you simply cannot. So the question that needs to be answered is “What information should be shared?” – I will say NO. Actually if you look at it from the security perspective sharing any type of information can put you in harm’s way, an incident happened in Nashua area of New Hampshire where three burglars robbed over a dozen houses based on the victims Facebook status who flagged it on Facebook that at what time they were not going to be at home [2]. This incident clearly emphasizes the fact that it’s up to the audiences that how they perceive the information that you share online. For example in this case for some it was just that the victims were going on a vacation and for some it was an invitation to rob their houses while they were not at home. Thus I believe that when one goes online sharing information they should know how much can be too much and what should be protected or in simple words what information must not be shared. Attackers use a variety of techniques to extract information from their victims and that too on selected victims. What makes a person prone to become a victim to such attacks, the answer is the fashion in which these individuals share their information online. Sometimes the attacker easily get the information that they require from blogs, social media etc. but sometimes they don’t get all of it or they get a part of the information and the remaining they need to acquire.
One of the common techniques used now a day by attackers to infiltrate the privacy of people and exploiting it for their personal gain, for causing damage to the victims falling prey to this technique is Social Engineering. Social Engineering usually refers to the technique of gaining access by manipulating the human behaviour. It basically involves fooling the individual and gaining confidential information without letting the person know that he has been conned. This technique involves psychological manipulation for acquiring required information. Social Engineering is typically a technique that has not been evolved from computer crimes rather it is related to social sciences but due to its ability to gain information it has found its application in information related crimes as well.
A Social Engineering technique involves studying the target for weeks, analyzing his patterns, gathering relevant information and then conducting the attack. With social media rising and becoming a necessity with each passing day, gathering information about an individual is no big deal. The more people post online the easier it becomes for a social engineer to victimize them. A recent survey by Trend Micro [3] reveals six major risks that can occur to any individual due to the information they post online, Social Engineering being the top of them poses the biggest threat. Social media being the easiest and most effective way to share information becomes the major information repository for attackers.
Social Engineering is one of those attack vectors which does not have any rigid or in other words appropriate technical preventive or corrective solution. The USP of this attack is that it can bypass all the technical controls that were invested for ensuring security and sometimes non-technical ones also. To stay safe from such threats there is only one solution i.e. “Awareness”. In order be safe it is really essential to understand that how an attacker gathers the information and how he/she uses it against an individual, an organization or any social or corporate body. An attacker usually gathers all the necessary information about the victim, this information can come from different sources like social media, blogs, and forums being the top of them. In order to extract information the attacker might use various tactics like to begin with trying to get email or phone number of the victim from any social media website, blog, forum or he might create a rogue web page just to get this information based on the interest of the victim, after getting this information he might search for other relevant information using the pieces of information he already has. He might also use techniques like phishing to get more confidential information like username and password of the victim for some social networking sites etc. from where he can get a lot of information, also in this process the attacker utilizes the information that he has gathered from the online resources to the maximum. Once the attacker has gathered all the relevant information he now proceeds further on and gets into contact with the chosen victim. Now it’s up to him how he wants to exploit the victim. Social Engineering is such a sophisticated attack which when done correctly and properly has the capability to cause severe losses. The attacker can cause monetary loss, social loss, defamation, loss of confidential information and much more.
As mentioned earlier the only effective solution to be safe from Social Engineering attacks is Awareness. Everything that you post online remains on the web forever, no matter even if you delete it. The best practice to stay safe would be to post information which cannot be harmful to you, like you must not post real information about yourselves, family, and your social life on public domains. Also you must lock down your profile on Facebook, twitter and LinkedIn and other social platforms to the maximum and must not allow any unknown entities to view that information.
Separate email Id’s must be used for blogs and forums and for subscribing newsletters and updates from websites like YouTube, LinkedIn etc. Also if possible use a different mail ID for Facebook as if you are using your regular mail id for logging into face book then you might face severe repercussions if your mail Id is compromised which can also result in a compromised Facebook profile. Many apps and services also prompt users to allow them to share their photos, location information etc. and post on their profiles, such applications must be used with caution, also users must lay less social trust online while talking to strangers or even known ones if they sound or seem suspicious.
The bitter truth about the Social Engineering attacks is that, there is no technological solution available that can prevent these attacks effectively. The only solution available that can prevent you from falling prey to Social Engineering is awareness. If the user proceeds with caution while posting any information online and does not respond to malicious and suspicious looking invitations, mails, apps, links etc. he/she can stay safe from such attacks.

References:
[1]Wikipedia

http://en.wikipedia.org/wiki/Society

[2] Source: The New York Times. http://bits.blogs.nytimes.com/2010/09/12/burglars-picked-houses-based-on-facebook-updates/?_r=0
[3] The Risk of Posting on Social Media.

http://about-threats.trendmicro.com/us/infographics/infograph/the-risks-of-posting-in-social-media-networks

Ravi Raman Tiwari
MSCLIS
IIIT Allahabad

First heat map , shows some numbers depicting the intense of surveillance by NSA .The data tracked by Boundless Informant is 14 billion reports for Iran followed to it 13.5 billion from Pakistan. At third place , Jordan came with 12.7 billion, followed by Egypt with 7.6 billion at fourth and then India stands at fifth position with 6.3 billion reports.
In the heat map, India is placed between Iran and Pakistan with red color both and China and the U.S. with light orange. Brazil and Russia shaded in light green, while China in light orange.
Third heat map, depicting collection of telephone records (DNR), Deep orange color is shaded in Indian region where 6.2 billion pieces of information collected from telephone networks. India is the only country among BRICS who share same amount of color as other highly monitored nations like Saudi Arabia, Iraq and Venezuela whereas other members of emerging nations came in green zone.
So When India came to know this, raised the issue of NSA Surveillance to U.S. Secretary of State John Kerry when he visited New Delhi on June 24 then in explanation “Mr . Kerry said that no content has been sought or received of any email… So there is no matter to concerned ” said by Indian minister.
But as per the top-secret document passed by former NSA contractor Mr. Snowden who took asylum in Russia after the revelation of surveillance it clearly shows that NSA tool focuses on tracking people .As the metadata is machine readable hence therefore searchable, makes records of persons.
Now In whole world this issue has been raised so sensitively that many relations between US to other nations are in rift. Brazil president had already cancelled their meeting with the US President Obama due to revelation that US spied on Brazil oil company, Petroleo Brasileiro in Sept,2013. Allegations creates bitterness for Canada’s trade and business plans in Brazil .In Aug, Washington US President Obama held a secret meeting with top tech giant Apple, Google, Microsoft , Facebook , AT&T to discuss government Surveillance and discussion lead to fulfill the need for counterterrorism Surveilllance by the Administration. Hence Tech Giants have united against US government’s spying programme. And urged the administration to provide needed transparency and help rebuild the belief of Internet users around the world.
References:
The Guardian Newspaper, The Hindu, Bloomerg.com, The Washington Post Newspaper, Al Jazeera america News.

Ayush Gupta
MSCLIS
IIIT Allahabad