Increasing trend of "social hacking" -- cracking password reminder questions

www.escapistmagazine.com...

"Social Hackers" On The Rise
Mike Grace posted on 3 Apr 2009 18:45


According to Trend Micro, an internet security firm, more than 40% of teens are "social hackers".

The idea of a hacker as being a solitary geek in their parents' basement has long been pushed to one side, but the new generation of hackers probably wouldn't know a shell script from a sea shell.

The "new" idea of "social hacking" is that many social details are on view via social networking sites such as Facebook. A competent social hacker can find information which tends to give away security question answers. So that rather than rummaging through dustbins for passwords, social hackers simply rely on their Google-Fu.

According to the survey undertaken by Trend Micro, thirty percent of 12 to 18 year olds have also been tempted to socially hack for money, and some have even been approached by cyber-criminals. (They're the one's carrying the hard drive marked Swag, by the way.)

The "social hackers" are still split by gender though. Boys are twice as likely to go for the profile assassination, while girls are three times more likely to go straight for the PayPal.

Rik Ferguson of Trend Micro said, "It's the online version of kids breaking into school to change their reports, it's just so much easier now."

It does sort of take the fun out of sneaking into school in the middle of the night, though. Allegedly.

Interesting. I never thought about it before, but a lot of those security questions wouldn't be too hard to figure out with a little bit of searching.

Social hacking is the same thing as social engineering, but without direct contact.

Back in the "chat room" days, certain people I knew were excellent at getting people's passwords. The service we used had those hint questions. It was simply a matter of pretending to be a cute girl or boy and striking up a conversation with the "mark" until you could steer the conversation around to the hint question.

Some of those guys were so good that just for kicks, they'd copy and paste the hint question in the mark's own words and the poor fool wouldn't even think twice about answering it.

That was mostly juvenile boredom though. These days, many "hackers" aren't just bored and curious. These days you have to be careful, because the hackers are out to cause real world harm for their own profit.

You have to be careful what you tell people, in addition to what you post online about yourself. Even giving away the silliest information can get you into trouble.

reply to post by vcwxvwligen

Heh...most of the time the "Question" is completely blank, so the answer is also blank, and just by using that, they can get the password.

Sometimes my friends (thinking I'm some sort of uber-geek hacker because I'm reasonably computer-savvy) ask me "Can you hack hotmail?". Just for simplicity's sake I say "no".

Occasionally when they do get the password through some weird means, they use it for stupid stuff, like getting into a girlfriend's email, deleting messages from some other guy, sending messages themselves, etc.