Social media has always been a hot topic because of privacy concerns, but at last month’s RSA Conference, an annual security conference held in San Francisco, several speakers honed in on LinkedIn, in particular, calling it a “hacker’s dream.”
The crux is the kind of information individuals share on LinkedIn and how directly it relates to their work ? place of employment, coworkers, even software tools, experience or industry certifications are listed on the site. All of that information is a dream for hackers and overseas intelligence shops, who can use the information to find, and trick, targets in the national security and defense industries.
At last year’s DefCon conference hackers played a game of social engineering “capture the flag” in which LinkedIn was the second most-used resource, next to Google.
At the RSA conference, one hacker for hire revealed how he used LinkedIn to target a client, making connections with company employees and a sending out a link to a supposed sign-up page for a new company project that got a number of hits from directly inside the company’s network.
The moral of the story? The more personal, and company-related information you post on social networks and LinkedIn, in particular, the more likely you are to be a target of spear phishing campaigns. This doesn’t mean you can’t use popular social networking sites, such as Facebook and Twitter. But it does mean that you should be incredibly cautious about what information you disclose, and use only a secure, vetted, private forum such as the Cleared Network for career networking. Posting personal details, employment history or resumes on a public site is only likely to open you up to increased risk. That’s precisely why security-cleared job seekers and employers are turning to The Cleared Network. It’s restricted access and “no public information” policy means protection from prying eyes who may want to do you harm.