Client-Side Hacks: Fake Sites Keep Companies Vulnerable - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
8/16/2012
04:34 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Client-Side Hacks: Fake Sites Keep Companies Vulnerable

BYTE talked to security expert Raphael Mudge about how hackers "social engineer" their way into companies. Using a fake LinkedIn site, he showed us how all it takes is one computer to compromise the security of an entire organization.

Raphael Mudge, founder of Strategic Cyber LLC, a startup company that creates software for "red teams"--independent groups hired to break an organization's security--says firewalls work great. But it's still awfully easy for an attacker to take control of a company's entire network. To prove it, Mudge demonstrated how a hacker can compromise one user's computer by sending a trick email, and from there break into the organization.

"Usually our goal is to break into a network as an adversary would do and go after the crown jewels of an organization," said Mudge, who once worked as a penetration tester. "Maybe that is social security numbers or maybe it is proving that we can do something they don't want done. And we do that to demonstrate risk and understand how well their security systems work. The most common way into an organization today is through a client side attack," he said.

See the video below for Mudge's demonstration of how a hacker can take control of a company.

An attack that uses LinkedIn to fool a victim would follow these basic steps:
-- The attacker sends an email and generates a LinkedIn invitation to take over one computer.
-- The fake LinkedIn site redirects traffic to capture usernames and passwords.
-- The attacker uses that computer as a gateway to infiltrate other computers on the network.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll