Social networks ripe for hackers, says security firm

PUBLISHED : Thursday, 21 April, 2011, 12:00am
UPDATED : Thursday, 21 April, 2011, 12:00am


Computer users are facing more cyber attacks - and the battlefield is increasingly Facebook and other social media, according to internet security firm Symantec.

The global cyber attackers' most common weapon is a post containing a shortened URL (uniform resource locator), the company says.

The warning comes as figures from the Hong Kong Computer Emergency Response Team Co-ordination Centre show an increase in security alerts published from 220 in 2009 to 308 last year - the highest on record. The centre had 1,153 incidents reported last year, most involving hacking.

Shortened URLs are web addresses only a few characters long, which redirect users to a website with a longer address. The shortened URLs can be used to deceive friends on social media networks.

An infected account may post the shortened URL and entice people to follow it. If friends unwittingly click on it, they may be led to a fake website that looks like, for example, a bank website. When users key in their user name and password, the details go straight to the hacker. At the same time, they post the same URL, exposing their friends to the same threat.

'This is a major trend - not just in 2010, but an ongoing trend,' said Michael Chue, managing director of Symantec's global business in the region. Symantec found last year that 73 per cent of shortened URLs that led to malicious websites were clicked over 11 times. More than one in five were clicked over 100 times.

The results came in Symantec's annual Internet Security Threat Report, detailing the most potent global online risks last year. Over 286 million new threats hit the web last year and attacks on social media networks were a recurring theme.

China went from having 9 per cent of the world's infected computers in 2009 to 16 per cent last year, second only to the US with 19 per cent.

Once hackers get hold of credit card information, it is sold for as little as 30 US cents on the internet's black market. E-mail accounts fetch between US$1 to US$18 and bank account details are sold from US$10 up to US$900.

Lawrence Li, a Symantec systems engineering manager, advises against adding unknown people to Facebook and clicking out of curiosity onto suspicious looking links posted by others. 'By sneaking in among our friends, hackers can learn our interests, gain our trust and convincingly masquerade as friends,' says the Symantec report. 'Long gone are the days of strange e-mail addresses, bad grammar and obviously malicious links. A well-executed social engineering attack has become almost impossible to spot.'

Cyber risk

In 2009, China had 9 per cent of the world's infected computers. Last year, the figure increased to: 16%