社交網絡上可不能隨便加好友,當心陷阱
Robert Hackett
2017-08-02
|
《財富》科技頭腦風暴大會和安全領域的黑帽大會結束了,通常來說就會進入面對面交際的下一步“儀式”——在領英上加好友(如果你熱衷社交的話)。 領英上會顯示自我介紹,方便專業人士交換電子名片并打招呼等等,但也要記住別放松警惕。社交媒體上交朋友是很方便,但也常有國家和敵對勢力開展間諜活動。真的,沒開玩笑。 總部設在亞特蘭大的網絡安全公司Dell SecureWorks最近的研究表明,伊朗黑客一直在用虛假身份網絡釣魚,發送的信息看似無害,實則暗藏入侵代碼。該公司的報告稱,攻擊者偽造假身份,自稱是倫敦一位年輕攝影師“米婭·阿什”,喜歡旅行和艾德·希蘭的歌。撰寫報告的研究者指出,間諜通過偽裝成性感女人勾引在中東工作的技術人員,通常身處對伊朗具有戰略重要性的行業,比如能源、航空以及通信等。 微軟旗下的領英并非唯一攻擊途徑。間諜在Facebook、WhatsApp以及谷歌的Blogger等社交網絡上也注冊了類似虛假身份。此舉讓人想起了幾年前曝光的另一次有關伊朗的間諜行動,當時秘密特工以招聘人員的身份在領英發帖,冒充的都是諾斯洛普格魯曼和通用汽車等大型技術公司。 也有其他國家利用社交網絡進行間諜活動。本周我們了解到,俄羅斯特工曾試圖通過虛假Facebook賬號追蹤法國總統埃曼努埃爾·馬克龍競選團隊成員的電話號碼。 我有自己的小竅門。每當有人向我發出添加好友的邀請,我就會想起2015年曾風靡網絡的一張搞笑圖,流行的原因是巧妙模仿《紐約客》漫畫風格調侃了領英的添加好友請求(I’d like to add you to my professional network on LinkedIn)。這張圖太有意思,我一直記著。 |
Now that Fortune’s Brainstorm Tech summit and the security world’s Black Hat conference have concluded, it’s time to commence that obligatory post-elbow rubbing ritual: adding connections on LinkedIn. (If you’re into that sort of thing.) As you swap digital business cards and extend e-handshakes across the self-described professional network, remember not to let your guard down. Social media isn’t just an ideal place to make contacts. It’s also a great place for nation states and other adversaries to conduct espionage. Really. Recent research from Dell SecureWorks, an Atlanta-based cybersecurity firm, suggests that Iranian hackers have been using phony online personas to lure phishing targets, sending them seemingly benign messages that contain computer-compromising code. According to the report, the attackers created bogus profiles for a supposedly young photographer from London, “Mia Ash,” who enjoyed traveling and listening to Ed Sheeran. The spies used the forgery of a femme fatale to seduce and ensnare technicians based in the Middle East who worked in industries of strategic interest to Tehran, ranging from energy to aerospace to telecommunications, the researchers said. Microsoft's LinkedIn wasn’t the only attack vector. The spooks created a similar persona on social networks such as Facebook, WhatsApp, and Google’s Blogger. The campaign was reminiscent of another Iran-linked operation that came to light a couple of years ago, which involved secret agents posing on LinkedIn as recruiters for big tech companies like Northrop Grumman and General Motors. Other countries use social media to spy too. This week we learned that Russian agents attempted to track members of French President Emmanuel Macron’s election campaign using bogus Facebook profiles. Here’s my trick. Whenever I receive an invitation to connect, I call to mind a meme that made the rounds on the web in 2015. The premise is that LinkedIn’s generic connection request tagline pairs exquisitely well with any New Yorker cartoon. The rib below always stuck with me. |
奇怪。我沒約過馬啊。
(財富中文網)?
譯者:Charlie
審校:夏林
?
財富中文網所刊載內容之知識產權為財富媒體知識產權有限公司及/或相關權利人專屬所有或持有。未經許可,禁止進行轉載、摘編、復制及建立鏡像等任何使用。
