Social Media, Security, and Cybercrime
Over the past several months, terrorist groups, criminal elements, and various other imposters have used social media to influence public debate. In a story in the Baltimore Sun, Scott Dance discussed the various actions of hacktivists and other troublemakers in the aftermath of the Baltimore rioting. Using hastag #BALTIMORELOOTCREW, numerous Twitter and Facebook posts were made by individuals or automated accounts from Russia, China, India, and the Middle East. Leveraging social engineering techniques, these tweets and post can be used as clickbait to lure others to malware sites or to just inflame public opinion. In the Baltimore case, upwards of 100 accounts were created to impersonate Baltimore and Maryland officials and organizations. Photos were tweeted of old file phots from different parts of the world. Fictitious incidents could be created using readily available web resources such as Google Maps and online news stories. These were at least confusing and at worst could pull resources from real events.
Leveraging of real world activities for cybercrime is nothing new. In the aftermath of the Nepal earthquake the FBI warned of an increased potential for cybercrime linked to relief efforts. Similar warnings have been issued with previous natural disasters and even with known cyber breaches such as the Anthem health insurance data breech. Fraud is nothing new, the earliest recorded history of a fraud dates to 300 BC. What has changed is the speed and reach of cyber criminals. With well tested business models, it only takes a few minutes to establish a new phishing attempt or fraudulent charity website.
Prudent self-defense measures such as donating through reputable charities directly, verifying website addresses, and never blindly clicking on links in email will help. In an era of weak international protections against cybercrime, caution is always a prudent course of action. Critical inquiry and assessment of news reports, social media activities, and fund-raising appeals is essential to keeping yourself safe in cyberspace.
Check out mine and other blogs on the National Cybersecurity Institute website.
IC3 The Internet Complaint Center http://www.ic3.gov/default.aspx
The FBI http://www.fbi.gov/sandiego/press-releases/2015/fbi-warns-public-of-disaster-scams
The Baltimore Sun http://touch.baltimoresun.com/#section/-1/article/p2p-83444496/