Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

LinkedIn hacking: What you need to know

Change passwords immediately and look out for spear phishing emails in the future, warn experts

Following the hacking of business social networking website LinkedIn, security industry analysts and experts share their top five insights on what this password leak means for Australian users and the company.

Loss of privacy

“LinkedIn is an old school social networking site, and still very popular with many senior executives who don't see value in either Twitter or Facebook,” said IBRS Australia adviser, James Turner.

“Consequently, LinkedIn has a lot of information about some very senior people,” he said. “All this background information enables an attacker to craft an email, or make a phone call, that sets a context that appears legitimate.”

Pure Hacking chief technology officer, Ty Miller, said it was “yet another reminder” for individuals and enterprise that no website, nor social media network of any capacity, was immune to security breaches--large or small.

According to Dimension Data director of solutions Neil Campbell, the breach was a reminder that every time individuals provided information to a business online they were trusting the business’s security arrangements.

“Therefore you are almost guaranteed that at some point, on at least one of the sites you have chosen to share information with, your information will be compromised,” he said.

Business information

The impact of the hack could be more pronounced to a company's senior executive, according to IBRS's Turner, as hackers could also gain information on the company through its senior executive.

“If the senior executive is using the same password on LinkedIn as they do for their email, or other corporate systems, then the attacker has gained valuable intelligence against their target,” he said.

Dimension Data’s Campbell warned that companies and its employees needed to be on the lookout for targeted phishing emails (spear phishing) that appear to come from a colleague or associate and provide a seemingly legitimate reason to click on a link or open an attachment contained in the email.

“Before clicking on a link or opening an attachment, think about whether this is something that you would normally expect to receive from the sender and if it seems at all suspicious call the sender to ask them about the email,” he said.

Campbell added that the single weakest link in an IT security environment is people as they can not be programmed to respond consistently to a given set of circumstances.

LinkedIn’s security lessons

Password strengthening and getting every user to change their password is a good start for LinkedIn, according to Trend Micro US security threat researcher, Paul Ferguson.

“They are also continuing their investigation to determine the source and reason for this breach. That's really about all they can do at this point in the process,” he said.

Pure Hacking’s Ty Miller added that the breach could point to a significant vulnerability within LinkedIn.

“The first thing that LinkedIn will be doing is a digital forensic investigation to determine how the security breach occurred, what actions were taken by the attacker, and whether the attacker still has control of their systems,” he said.

According to Miller, LinkedIn should then review the security of all of its systems, applications and processes from a high level right down to its detailed security implementation to minimise the risk of this type of attack occurring again.

Social media

Protecting the user base should be one of the highest priorities for a social media site because losing the user base means losing assets, said IBRS’s Turner.

“The second aspect of this attack is that social media sites are trying to position themselves as a single point of authentication against other services. This means that if your LinkedIn account is compromised, so are the other sites that you use your LinkedIn account to authenticate to,” he said.

According to Turner, if social media sites wanted to be the single source of truth for identity, then the companies “better get their act together” and protect the authenticity of users.

Enterprise and individuals also need to realise that any sensitive information placed into online and Cloud-based systems is placed there with a certain level of risk that is outside their control.

According to Pure Hacking’s Miller, this means that users rely on third-party organisations to protect their data to a high level of security.

“Unfortunately this often isn't the case, which means that enterprise and individuals will continue to suffer the impact of social media security breaches,” Miller said.

Cyber criminal motivations

While it was still unclear how the compromise happened, IBRS’s Turner pegged the attack as a way to gain login credentials to use against other systems.

“If the attacker could use a LinkedIn password again to login to a corporate email system, then they would have access to a phenomenal amount of confidential information,” he said.

“This includes business deals, intellectual property, strategic plans for investment and acquisition, and pricing information. Even something simple like pricing in the right hands can make a massive difference when the negotiations are worth billions, so paying a hacker for this access could have a huge return on investment [ROI],” Turner said.

Trend Micro’s Paul Ferguson said cyber criminals could use these accounts to further other crimes such as targeted espionage.

“The hijacking of legitimate accounts amazingly works a lot better than a bogus one for criminals,” he said.

“They would much rather use your account to perpetrate another crime, than create one that simply looks like yours.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

More about Dimension DataFacebookIBRSPurePure HackingTrend Micro Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments

Comments are now closed

Computerworld
ARN
Techworld
CMO