Your birthday. The names of your friends and family. The name of your hometown or where you live. If someone knew these things about you, you might expect them to be an acquaintance or a friend; someone you would trust with this information. However the information that once formed the social currency of trust is now exposed to the anonymous denizens of the Internet thanks to social networking sites like Facebook, LinkedIn, and MyLife.
Since their advent, social networking sites have attempted to realize Arthur C. Clark’s vision of the future — one where technology eliminates geography’s limitations on social interaction and productivity. However, this environment lacks the social and behavioral cues which mediate the attribution of trust in the physical world. Thus, information that was once shared among trusted parties is shared freely in an attempt to create the illusion of connectedness.
The consulting war stories in this session describe how social engineers leverage information from social networking sites to build a profile of target companies that focus on their employees and customers. Armed with employee names, vocabulary from the corporate lexicon, and recent organizational events, miscreants can gain access to physical and information assets by blending into the corporate culture.
Attendees will leave this session aware of how social networking sites can be used to attack an organization by exploiting the perception of trust. The session will arm the users of social networking sites with tips on how they can use these tools productively and securely. Lastly, the session will highlight training and policy strategies that have helped organizations manage the impact of social networking on their operations.