Trust hacking

Trust networks contain valuable data that is vulnerable to hacking

Hackers have been targeting social networks for some time. Phishing for MySpace or Facebook identities they can use to sell ads. The idea is that if my friend tells me about how they just made $10,000 working from home, I’m far more likely to believe it than if a blinking banner ad is selling me on it. The only problem is that my friend didn’t send the message. Someone else did using their compromised account. Illegal networks of compromised accounts have become a profitable advertising vehicle for sketchy enterprises. And, they’re track record of proven value driven by duping undereducated consumers have driven the hustlers to new heights.

BusinessWeek recently published an article about hackers targeting social networks to gain trust information. It’s part identity theft and exploitation, and part trust hacking (my own moniker for lack of a better one). To quote the article:

In September, the names and contact information for tens of thousands of customers of Automatic Data Processing (ADP) and SunTrust Banks (STI) were stolen from Salesforce.com (CRM), which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password.

There are probably more than a few businesses willing to buy such information on the black market. And, once the information is out there, it remains exploitable for some time since trust networks have many roots that never die.

In this brave new digital world, digital identity management isn’t just about protecting your own identity, but you also now have to care about exposing the identity of your trust networks. Trust networks (commonly your friends) contain valuable information that can be exploited for marketing purposes in ways most members of the trust network would not approve.

Most people know not to share their social security number, but do you know how to tell if someone is phishing your MySpace login?

And what implications does trust hacking now represent for businesses? What kind of liabilities are businesses exposing themselves to by maintaining sensitive trust network data on 3rd party hosted services, like Salesforce.com?

Share This

Published in MySpace, Social Networking, facebook, indentity theft, phishing, trust hacking on November 12, 2007

Nice look at Trust Hacking. But I still don’t know how to tell if *my* account was hacked. I certainly have seen my friends’ accounts go crazy.

From AdamD on November 14th, 2007 at 11:34 am

If it was your MySpace account, then you should be able to look at your sent bulletins. If they harvested your data and didn’t use your profile, then you may not be able to tell.

From Justin on November 14th, 2007 at 4:57 pm

i want to hack my boyfriends myspace to see if he’s up to no good, am willing to pay for access to his account !!!!!!!!!

From kym mcewan on November 20th, 2007 at 6:37 pm

For what it’s worth, likely if you pay someone it is illegal. And, you’re more than likely to get scammed. Be careful!

From Justin on November 21st, 2007 at 12:13 am

What say you about all of this?

Trackback URL Comment feed


Recent posts

Subscribe

Find more posts in my archives