Compromised Facebook accounts create scam events

Compromised Facebook accounts are being used in new ways to make sure that Spam reaches its intended audience.

As I was sitting working away at my computer, an event notification popped up on my screen that confused me.

OS Notification

This notification confused me for a number of reasons, firstly I was pretty sure I hadn’t accepted any invitation to knock-off designer goods events and secondly, on inspecting my calendar and inbox I could find no trace of the event in question.

While I was checking through my calendar, enabling and disabling feeds to try to track down the source, a second notification popped up, this time within Facebook, for the same event and all became clear.

The account of one of my old school friends had obviously been compromised and used to create a scam event, a new form of social media Spam. Of course I have notified my friend immediately and reported the scam event. Quite aside from the novel Spam delivery mechanism, evading traditional anti-spam and web filtering technologies, it got me to thinking about the future of information in the Internet of Everything.

The scam Facebook event, I do not recommend visiting any URLs in this image

The scam Facebook event, I do not recommend visiting any URLs in this image

 

IoE relies on a globally connected network of device and services, both consumers and businesses want to connect all of these information sources and we are already beginning to use the information generated to make automated decisions. For example apps such as IFTT (If This Then That) allow us to create smart rules combining discrete events and actions, “If someone tags me in a photo on Facebook, save a copy to my web storage” or “If the sun goes down, turn on the lights in my house”. This trend is set to continue and expand exponentially. With Gartner predicting 30 billion connected devices by 2020 and IDC predicting 212 billion the only thing we can really be sure of is that the growth of this interconnected ecosystem will be huge.

Attackers will continue to search for the weakest link. A compromise at any point in the chain of information will lead to amplified effects in unforeseen areas as devices, processes, people and services become increasingly both interconnected and autonomous. Complexity is the enemy of security, in the interconnected IoE, tracking down the source of misinformation and the point of compromise may become impossible for the average consumer of business.

Unless proper authentication of the integrity, provenance and validity of information can be designed into the processes, devices and decision-making of the future, we’re not just opening up a new attack vector, we’re opening up our lives, our enterprises and our homes.

It’s time to quarantine infected computers

Image credit: Roy Costello used under Creative Commons

Image credit: Roy Costello used under Creative Commons

Quarantine is a word derived from the the 17th century Venetian for 40 (quaranta). The purpose of quarantine is to separate and restrict the movement of otherwise healthy organisms who may have been exposed to disease, to see if they become ill. The 40 day period was designed to identify carriers of the Bubonic plague or Black Death, before they could go ashore and spread the contagion more widely.  Desperate times call for desperate measures, nevertheless the concept was widely adopted and remains with us to this day.

The word quarantine has been thoroughly misused by the well-meaning security industry, where known infected files or systems are moved to a protected area until they can be examined and cleaned-up. More accurately we should be calling this “isolation” as in most cases we already know the subject to be compromised or infected.  Nonetheless, this serves an equally important purpose of containing the spread of compromise and it’s consequences; abuse of compromised systems for sending Spam, theft of sensitive information and spread of infection just for example.
Continue reading

Oy vey, eBay! Five questions for you…

Image courtesy of Richard Elzey used under Creative Commons

If you’re making a list of high profile data breaches, you now have a new name to add to that list; eBay. In a posting in the “in the news” section of their web site eBay clarified to some extent the scale of the breach, although even the headline seems incapable of telling it like it is.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth

Although investigations are of course still ongoing, the current posting indicates that eBay are relatively sure that unauthorised access was only to one database, or certainly the wording of the article presents that view. For now, if you’re an eBay user, you need to change your password there and if you used that password on any other web site, you’re going to need to change it there too (yes, again). Unfortunately changing your name or address is not so easy, that’ll have to stay compromised I’m afraid.

Continue reading