Cybercrime

aliEnRIK · 27 May 2011 at 12:33AM

Ive been reading a book on crime in the UK (one of 2 I have by the same author, and they make incredibly interesting reading)

His section on cybercrime opened my eyes a little to things that have happened under my nose

For example -
Many people here will use social networking. So a 'friend' might post on their wall for all thier 'friends' to take part in the pornstar name game. The name of their first pet and their mothers maiden name

I genuinely thought nothing of this until I read the reason it exists at all - many people use their mothers maiden name as a security question for online banking!

This friend isnt a friend at all.....

The scariest one ive just read is one that could be happening a lot, we just dont know it -
Many of us do online banking etc. Weve all seen spam emails, but things are getting very sophisticated.
In example -
You log in and use paypal as normal. Nothing seems 'out of the ordinary' at all
But whats really happened is that a 'script' has infected you, let you goto paypal as normal, but your 'piggybacked' as you use paypal. Someone elsewhere is also logged in using your details to do with has he or she pleases

Makes me wonder if this is why I seem to be seeing more and more threads along the lines of 'my paypals been hacked'!

diable · 27 May 2011 at 12:53AM

Use a MAC lol................... ;o)))))

asbokid · 27 May 2011 at 1:11AM

aliEnRIK wrote: »

Ive been reading a book on crime in the UK (one of 2 I have by the same author, and they make incredibly interesting reading)

His section on cybercrime opened my eyes a little to things that have happened under my nose

For example -
Many people here will use social networking. So a 'friend' might post on their wall for all thier 'friends' to take part in the pornstar name game. The name of their first pet and their mothers maiden name

I genuinely thought nothing of this until I read the reason it exists at all - many people use their mothers maiden name as a security question for online banking!

This friend isnt a friend at all.....

They call that a "social engineering attack"... From wikipedia..

wikipedia wrote: »

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. In the United Kingdom, social engineering using impersonation (e.g. to gain information over the phone, or to gate-crash an event) is known informally as blagging. In addition to criminal purposes, social engineering has also been employed by debt collectors, skiptracers, private investigators, bounty hunters and tabloid journalists

The scariest one ive just read is one that could be happening a lot, we just dont know it -

Many of us do online banking etc. Weve all seen spam emails, but things are getting very sophisticated.
In example -
You log in and use paypal as normal. Nothing seems 'out of the ordinary' at all
But whats really happened is that a 'script' has infected you, let you goto paypal as normal, but your 'piggybacked' as you use paypal. Someone elsewhere is also logged in using your details to do with has he or she pleases

Makes me wonder if this is why I seem to be seeing more and more threads along the lines of 'my paypals been hacked'!

There are loads of techniques to 'piggyback'.. Cross Site Scripting, Keystroke Logging, Man-in-the-Middle attacks, Packet Sniffing, etc..

Who is the author of the books?

RussJK · 27 May 2011 at 1:13AM

Come to think of it... it does seem a bit silly that we've all taken part in the one of those name games. How does all the information get harvested though, unless one friend has their account hijacked?

Name of first pet is often an extra security question as well.

aliEnRIK · 27 May 2011 at 1:15AM

asbokid wrote: »

Who is the author of the books?

Tony Thompson

They make for truly fascinating (And scary) reading

aliEnRIK · 27 May 2011 at 1:17AM

RussJK wrote: »

Come to think of it... it does seem a bit silly that we've all taken part in the one of those name games. How does all the information get harvested though, unless one friend has their account hijacked?

Most guys would let a seemingly 'pretty girl' become thier online 'friend' id say

As the cyber hacker put it - anyone with over 100 friends on facebook means at least some of them theyve probably never even met
(I disagree with the 100 figure personally, but the point made is sound)

asbokid · 27 May 2011 at 1:19AM

aliEnRIK wrote: »

Tony Thompson

They make for truly fascinating (And scary) reading

tony thompson, crime correspondent for the guardian newspaper?

RussJK · 27 May 2011 at 1:23AM

aliEnRIK wrote: »

Most guys would let a seemingly 'pretty girl' become thier online 'friend' id say

Oh um, whatever do you mean... :whistle:

I've only seen the word games come from known friends, but it's easy to put it out of your mind that anyone else can be reading it depending on privacy settings. All they need to do is start the meme with some other people, and collect the results with a quiet account that draws less suspicion.

Facebook's a giant cluster**** for privacy isn't it. Every app or game wants to know everything about you before it'll do anything (if that).

aliEnRIK · 27 May 2011 at 1:27AM

asbokid wrote: »

tony thompson, crime correspondent for the guardian newspaper?

That would be him yes (Not that ive ever read his Guardian articles)

aliEnRIK · 27 May 2011 at 1:31AM

RussJK wrote: »

Oh um, whatever do you mean... :whistle:

I've only seen the word games come from known friends, but it's easy to put it out of your mind that anyone else can be reading it depending on privacy settings. All they need to do is start the meme with some other people, and collect the results with a quiet account that draws less suspicion.

Facebook's a giant cluster**** for privacy isn't it. Every app or game wants to know everything about you before it'll do anything (if that).

Ive seen legit friends post the 'word games', purely for fun. But they must have originated somewhere down the line.

I find it incredible how much information people post online at times. Some people need to wake up to online crime.

As for facebook apps - I joined facebook years ago before most people in the uk even knew it existed. When apps started to become cool I added some here and there, but not long after facebook said id been hacked.
Now I dont add any apps beyond what I already have. Especially as apps are far easier to hack into to obtain information from facebook, than hacking facebook itself.

ChiefGrasscutter · 27 May 2011 at 8:08AM

Check out this thread for a possible example of a man in the middle attack at Nationwide
including a screen capture image.....looks as if they are logged in to a secure site but part of the screen shows something not recognised: - assuming the picture is genuine that is - well it is the interweb.....who knows what people post.

https://forums.moneysavingexpert.com/discussion/3253708

Incidentially when I'm asked to supply mother's maiden name as part of any security setup I always use another name.

Cybercrime

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free