Wednesday, September 28, 2011
Compromise of digital certificate authorities (CA's) leading to fake blogs, fake social networking profiles, to steal PII and phish
Byron Acohido has an alarming story on the front page of USA Today on Sept. 28, “Hackers shake web to core: security at top levels questioned” in print, and “Authenticity of web pages comes under attack” online, here.
The story concerns the hacking of at least three companies that function as Digital Certificate Authorities, or CA’s. At least one firm in the Netherlands was put out of business by the hack.
More interesting is that hackers don’t seem to be targeting services that banks and payment service use. Instead they seem to be going after social networking and blogging sites, sometimes impersonating legitimate sites or blogs, apparently as another scheme to harvest PII (personal information). It sounds as if this activity links into the problem of “spam blogs” and associated “link farms”, since these are often formed by scraping legitimate blogs and are difficult to detect reliably (this was a big issue for bloggers in the summer of 2008, including an incident where fake reports on a couple of disturbing national security-related slayings in the DC area were circulated). It would also bring up the subject of faked or hacked profiles.
For example MSNBC today reported a Facebook scam where a woman was conned out of $2000 by someone impersonating her sister, link here.