Not all hacking requires code-cracking programmers who can slip through complex algorithms. No, sometimes all you need to do to pull out a map—a digital map.
WIRED has an excellent profile on a type of cyber attack that takes advantage of a service’s social aspects in an effort to divert, damage or destroy another business. These attacks can come in the form of a proper hack, where coding or a certain level of skill is needed, or a hijack, where an attacker poses as its victim on an online repository like Facebook or Google Places. Regardless, by playing on people’s expectations, hackers can achieve their desired effect.
This type of attack can also be considered, under certain circumstances, to be a social engineering attack. Typically, social engineering attacks use personal information that can be found online to play on your emotions to get you give away sensitive information like bank accounts or passwords. But they can also, much like a real-life Denial-of-Service Attack (DoS), be used to deprive a service or person’s resources.
The attack in question centers on an exotic meat restaurant called Serbian Crown in Great Falls, Virginia. The restaurant, in operation for 40 years, according to the article, was a popular spot. But in early 2012, the exotic meat emporium had a precipitous drop in customers—up to 75% on the weekend, its most frequented days. The manager of the restaurant, Rene Bertagna, was puzzled.
Bertagna didn’t know something sinister was happening until a regular patron called asking why the restaurant was closed on the weekends. That sinister activity: a community edit to his restaurant’s business hours on Google Places. Instead of reading as “open” during its busiest hours, the online profile read “closed.” Unfortunately, Bertagna’s epiphany came too late to save the restaurant.
This type of attack, unfortunately, is more common than one would like to think. Local rivalries, malicious political activists and cutthroat deception often drive information wars on sites like Google Places and Yelp where anyone in the community can make edits or comments. These wars often result in damaged reputations and lost business from illegitimate comments, hijackings and misleading claims.
It’s a problem that likely won’t go away soon thanks to the need for crowdsourced information. Google, Yelp and others, as technologically savvy as they are, cannot differentiate between legitimate contributions to the accuracy of their services and malicious ones.
So how can you defend yourself from social attacks of this nature? Sadly, there isn’t much. These attacks are hard to detect—and hard to fix—especially when parsing legitimate complaints against malicious ones. But there are steps you can take to save your skin from callous online comments.
- Be conscious of social media. Social media is a great way to communicate with a large amount of people instantaneously, but it can also provide a massive headache. Consciously monitoring most—if not all—social networks is a great way to protect both your reputation, and your business’ reputation.
- Protect your identity online. Protecting your identity online isn’t as easy as it sounds. Monitoring for malicious websites that steal your information and for malcontents trying to give you a bad name is an impossible task. Make that task possible with McAfee LiveSafe™ service, which protects your identity from risky applications and malicious websites.
- Know the signs of an attack. Some social attacks are difficult to detect. Others, not so much. The more sinister and widespread social attacks usually try to divert victims to malicious websites or applications. If you see a suspicious website trying to pass itself off as a legitimate brand, then run away! You can also use McAfee SiteAdvisor™ to protect your devices from known phishing sites.