I thought about this site while typing in technology section over photo sharing.
This web site is great on three different levels. Social Engineering, Intel, and as they point out for robbers.
http://pleaserobme.com
Social Engineering.
Okay if you don't know what social engineering is, we'll turn on the lights and check out social engineering.org With many of us on social networking sites as it was pointed out in the Rolling Stone article, so are open to online social engineering TTPs. Taking the classical sense of social engineering, in which refers to the social manipulation of a person, people or group(s) of people to meet social, political or economic means. Today we have to take a look at another meaning in the cyber security world. Your online information, in gaining access to information by exploiting human psychology rather than using traditional techniques. When I joined FB and other sites to get ready for retirement I was surprised at the amount of information military, SOF people had on these sites. A classic example is the "Robin Sage" female on LinkedIn two years ago, Google it, just WOW. So looking at pleaserobme.com you can see how online social engineering starts with a friend on your "network" or a Group sending you a message asking for help or gives you a story over a period of time, etc. This form of social engineering is surprisingly easy to achieve, and because of it many are easy targets. Social engineering isn’t limited to social networking, Google Sarah Palin and her email heckled. What happen to her is a great TTPS and during a Cyber Course we did just that, BTW great Team training IMO while at a bar or restaurant or best a convention.
Intel.
You have to be able look at social engineering and for anyone that knows a thing or two, you can see how it can be use very nicely. What you do F2F is now done online, it's an Environment. Now look at pleaserobme.com again, you can use this how? Think about those email phishing and how those techniques are used. Just as in phishing emails; FB, Twitter, SnapChat, LinkedIn, Google+, etc, in which perpetrators send out many (sometimes millions) of emails with the hopes of getting “bites” in return. This can, and is being done on the social media network levels. So tie what you know with social media, social engineering, BA/AD and Yeah a lot. So think outside of that box you call a laptop, the World Wide Web is your window. Think about using it.
Lastly on the robbers side, I'll go with this. I posted this on FB to tell friends about how easy they are linked through there FB and Twitter pages from the CheckIn or FourSquares during the holidays.
Quote:
Something to think about the dangers of publicly telling people where you are. If you have FB, which we know you do, but mainly Twitter, and use any of services like CheckIn, Foursquare, Brightkite, Google Buzz, etc, and link it to your Twitter page. This leaves one place you're definitely not... home. OMG, yeah. So here you are gone from home and your posting to Twitter with all those "friends." But you say they need your address.. on the internet.. No way. Go to your county home page and look up property tax or whatever they call it. Most are there for the taking. So now you have what, likely an address, heck google your name with your city. Now you know what to do when people reach for their phone as soon as they enter they out shopping with that great deal or food at XYZ place. "Please Rob Me" is a web site who's goal is to raise some awareness on this issue and to have people think about how they use FB and Twitter and other services. That's right, slap yourself across the face. I didn't think about this myself it till I read this. If you are curious if people can see your checkins? Enter your Twitter username on this page (top part) to see.
|
I have the link to
http://pleaserobme.com
So why does cyber warfare matter? The same as it does for yourself.