Posts Tagged ‘“Social Engineering”’

If you have been anywhere near a TV, Radio, or Internet news site you have probably heard the word ConFlicker. I’m not here to talk about this internet terror itself, but I am here to talk about the actions that people are taking. As the title of this post says, the state is scrambling to fix an issue that cannot be fixed. What I mean bythat statement is that although ConFlicker can be stopped technically, it was built to thrive on societal ineptitude of internet culture by means of social engineering. 

The infections scheme is based on Social Engineering concepts. A time honored tradition of thieves, rouges, and conartists. Social engineering has the power to make people accept totally believable, yet factious, stories which gain information and confidence of victims to further the personal greed of criminals. I would like to say that this rare, but with AIG, Madoff, Enron, and Katrina scandals in the news I believe it is more common place now than ever before. Here in America, our society is built on the fact that you’re innocent until proven guilty. I believe that is the correct way to view the world, but this leads us to trust the good in people and hinders our skepticism. This innate idea to trust sometimes blinds us to the reality that there are harmful people, whose only intentions are to steal our identities and money.
Enter Conflicker, a computer worm that infects your unpatched computer through visiting bogus websites setup by hackers. Most people who visit these malicious websites are steered there through cleverly disguised social engineering techniques such as spam emails, hacked accounts social network accounts, and variety of other unassuming methods. 60 Minutes recently did an episode that showed how a hacked Facebook account was used to direct friends of that account to infect websites. As soon as I saw that computer generated Facebook message from the hacked account it sent warning signals off to me, but probably 90% of people would have clicked the link. This type deception is the true danger of Conflicker and other virus like it. The major way the virus is effective is if your unpatched computer is tricked in to visiting an infected site.  
You might be wondering what all this has to do with government. As much as the government tries to patch all their machines and cut internet usage to their workers this will not be enough. Conflicker, while nasty, is not the issue, it’s the methods that spread Conflicker that need to me addressed. Until we start teaching internet users to be savvier or law enforcement can eliminate the threats at the source, Conflicker is just the means of this attack and not the solution for stopping the problem.

So what are we to do about this threat???  It is a two pronged solution, education and punishment. I will not go into punishment here, but I’ll only say that most of these cyber attacks come from Russia and China which we have few options for recourse even if we know who is the criminal. Education, Conflicker is not a technical issue; it is a computer/internet education issue. Patched computers with updated antivirus software are at little to no risk. The systems that are at risk are the ones that do not patch the OS or the Anti Virus protection is outdated. This is why we need to better instruct people why they need to keep their Antivirus up to date. We need to show computers users how to keep their operating systems patched. We need to educate people on what to be suspicious of when they receive emails, IM’s, text messages, tweets, etc…. The power these hacker are given is because overall society of internet users are oblivious to simple, but crucial steps to deter criminals. This is not saying that by teaching the mass how to be safer on the internet will end all problems. There have been and will always be people that prey on the uneducated, the less fortunate, and trusting. 
For> more information on Conflicker or a means of scanning your computer to see if you are infected 
For more information on Conflicker or a means of scanning your computer to see if you are infected read Adrian Kingsley-Hughes – “The ‘no bull’ guide to Conficker
Advertisements