By posting fake profiles of prominent computer security professionals, two hackers showed Black Hat hacking conference attendees how even skeptical security experts can get scammed.
The ruse was simple.
Shawn Moyer, chief information security officer for Agura Digital Security, and Nathan Hamiel, senior consultant for Idea Information Security, created fake profiles of prominent computer security professionals, posted them to various social networking sites, and then sent out plenty of friend requests to other security experts.
They were so astounded by the results they presented to the Black Hat hacking conference yesterday in Las Vegas, according to the Associated Press :
Moyer and Hamiel said they did it three times, each time impersonating a different person. Each time they lured in more than 50 new friends within 24 hours. Some of those people were chief security officers for major corporations and defense industry workers, they said. They declined to identify any of those people.
According to the AP, security professionals are known for their skepticism, some say paranoia, but even these knowledgeable denizens of the net fell for the same scams they warn the average Web surfer to avoid, especially on social networking sites.
Accepting friends on social networking sites you haven't authenticated as real is dangerous, says the AP. Cybercriminals and hackers masquerading as friends can then post malicious code on a person's profile page or simply post links to malicious Web sites.