Hacking usually describes the malicious activities technologists engage in to steal information such as social security numbers from individuals. Hacking into social media networks is more about temporarily causing damage to a product or brand and not usually directed at an individual. The latter requires far less technical talent but they do have an advanced set of particular skills called “Social Engineering.”
What are social engineers? They are sort of like Vampires. If you are up on your folklore you know that legend has it a Vampire cannot enter your home unless invited in. A social hacker uses social engineering in much the same way. They use influence, deception, and manipulation of small details to exploit the human element in a social networks security infrastructure. An untrained and ill-prepared person is no match for the psychological skills of an intent hacker. It shouldn’t be surprising to learn how easy it can be for them to walk right in.
Consider that an employee might be tempted to discuss in public a project they are working on or where they have some significant responsibility, Pride and a desire to be recognized for accomplishments can cloud the judgment of what should and should never be shared. It begins at the proverbial water cooler and most times end there. But occasionally it finds its way into social media channels. Maybe a little TMI, “too much information?” The social media hacker finds it, and begins to work the vulnerability of the system. Perhaps it is posing as an employee of the company. In large organizations it isn’t possible to know everyone. It is plausible that armed with enough information about you and what you are working on the hacker can win over your trust. Although we never imagine this would happen to us, the average unsuspecting person will succumb to persuasion and be a little too willing to discuss sensitive information. The hacker pieces it together and penetrates further into the organization until they have what they need to attack. In fact as hardware and software continue to be made more secure, the social engineer will rely more heavily on the human element.
In the recent Burger King and Jeep hacks, the lack of an additional level of user verification doomed their ability to prevent the take-over. Additional security in the form of a two-factor verification system for example, could possibly have prevented it. Two-factor verification is simply a second stage of authentication. It involves an initial password but then the user generates a single use code sent electronically to verify the user is authorized. The method of code generation is secure as is the database used for authorization.
As Burger King and Jeep also found out, once a Social Vampire has been invited in they don’t usually follow human etiquette. A prank might be a prank as in these cases, but the consequences can be much more severe. The industry will benefit from analyzing how these occurred and learn from them. But beyond upgrades, like two-factor authentication, companies are considering applying the same practices to social account security they do to more sensitive customer data. That’s the best course of action to take because after watching a recent episode of True Blood on HBO I am reminded that mixing it up with Vampires is not very pretty.