Social Networking/Engineering is key cause of Google hack
Early reports that Google employees were tricked into installing malware which allowed the hackers to steal information have been corroborated by McAfee.
The attackers are alleged to have identified friends of the Google employees via social networks (like Facebook, LinkedIn etc) and then posed as those friends to trick the employees into installing the malware as they believed it was trustworthy. The industry is claiming this is a watershed in the sophistication of attacks, and undoubtedly it is very sophisticated, however it seems to me that its more evolutionary: for years spammers have been sending email which claims to be from someone else, indeed the most sophisticated spammers have obtained address lists from users (either via unpatched machines or more regularly now by tricking them into sharing their username/password for their email [see my post about Threadsy]) and send emails to all their contacts as if it came from that user. The clever (?) thing about this attack is the fact they used social networks specifically to get users to believe an IM was trustworthy.
There is no new lesson here, keep practicing the safe internet usage guidance which hasn’t changed for several years:
- Always install updates for your software (Windows/OS X, IE/Sarafi/Firefox, Flash etc)
- Run AV (AVG or Microsoft Security Essentials are good free versions)
- Enable the firewall
- Dont click on anything which looks suspicious or you’re not expecting, even if its from someone you know – always check the person sent it.