Marc Ambinder of the Atlantic reports an interesting theory of how the Chinese managed to penetrate Google’s security barrier, which should be about the best in the world. Very little of the attack was technologically novel, according to his source, University of Texas Computer Science Professor Fred Chang. The key steps were figuring out the names of key system administrators, and looking at their profiles on Facebook and other social networks. The attackers then masqueraded as social network “friends” of the sysadmins, tricking them to click on links that turned out to embed malware on their computers. From that point on the theft of passwords was easy. The masquerade required exploiting an unpatched security hole in Internet Explorer; we knew that part. But the sysadmins are presumably pretty sophisticated about suspect email, so getting the identities of their “Friends” was essential.

Of course, by Facebook’s new policy, there is no way to hide your Friends list. I wonder if stories like this one will put any pressure on Facebook to change that policy.

This is all speculation, Ambinder notes. But Chang used to have a high level job at the NSA, so it’s a fair guess he’s familiar with some of the tricks that cyberattackers have tried in the past.

This entry was posted on Saturday, February 6th, 2010 at 2:07 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.