订阅

多平台阅读

微信订阅

杂志

申请纸刊赠阅

订阅每日电邮

移动应用

领导力

社交网络上可不能随便加好友,当心陷阱

Robert Hackett 2017年08月02日

社交媒体上交朋友是很方便,但也常有国家和敌对势力开展间谍活动。真的,没开玩笑。

《财富》科技头脑风暴大会和安全领域的黑帽大会结束了,通常来说就会进入面对面交际的下一步“仪式”——在领英上加好友(如果你热衷社交的话)。

领英上会显示自我介绍,方便专业人士交换电子名片并打招呼等等,但也要记住别放松警惕。社交媒体上交朋友是很方便,但也常有国家和敌对势力开展间谍活动。真的,没开玩笑。

总部设在亚特兰大的网络安全公司Dell SecureWorks最近的研究表明,伊朗黑客一直在用虚假身份网络钓鱼,发送的信息看似无害,实则暗藏入侵代码。该公司的报告称,攻击者伪造假身份,自称是伦敦一位年轻摄影师“米娅·阿什”,喜欢旅行和艾德·希兰的歌。撰写报告的研究者指出,间谍通过伪装成性感女人勾引在中东工作的技术人员,通常身处对伊朗具有战略重要性的行业,比如能源、航空以及通信等。

微软旗下的领英并非唯一攻击途径。间谍在Facebook、WhatsApp以及谷歌的Blogger等社交网络上也注册了类似虚假身份。此举让人想起了几年前曝光的另一次有关伊朗的间谍行动,当时秘密特工以招聘人员的身份在领英发帖,冒充的都是诺斯洛普格鲁曼和通用汽车等大型技术公司。

也有其他国家利用社交网络进行间谍活动。本周我们了解到,俄罗斯特工曾试图通过虚假Facebook账号追踪法国总统埃曼努埃尔·马克龙竞选团队成员的电话号码。

我有自己的小窍门。每当有人向我发出添加好友的邀请,我就会想起2015年曾风靡网络的一张搞笑图,流行的原因是巧妙模仿《纽约客》漫画风格调侃了领英的添加好友请求(I’d like to add you to my professional network on LinkedIn)。这张图太有意思,我一直记着。

Now that Fortune’s Brainstorm Tech summit and the security world’s Black Hat conference have concluded, it’s time to commence that obligatory post-elbow rubbing ritual: adding connections on LinkedIn. (If you’re into that sort of thing.)

As you swap digital business cards and extend e-handshakes across the self-described professional network, remember not to let your guard down. Social media isn’t just an ideal place to make contacts. It’s also a great place for nation states and other adversaries to conduct espionage. Really.

Recent research from Dell SecureWorks, an Atlanta-based cybersecurity firm, suggests that Iranian hackers have been using phony online personas to lure phishing targets, sending them seemingly benign messages that contain computer-compromising code. According to the report, the attackers created bogus profiles for a supposedly young photographer from London, “Mia Ash,” who enjoyed traveling and listening to Ed Sheeran. The spies used the forgery of a femme fatale to seduce and ensnare technicians based in the Middle East who worked in industries of strategic interest to Tehran, ranging from energy to aerospace to telecommunications, the researchers said.

Microsoft's LinkedIn wasn’t the only attack vector. The spooks created a similar persona on social networks such as Facebook, WhatsApp, and Google’s Blogger. The campaign was reminiscent of another Iran-linked operation that came to light a couple of years ago, which involved secret agents posing on LinkedIn as recruiters for big tech companies like Northrop Grumman and General Motors.

Other countries use social media to spy too. This week we learned that Russian agents attempted to track members of French President Emmanuel Macron’s election campaign using bogus Facebook profiles.

Here’s my trick. Whenever I receive an invitation to connect, I call to mind a meme that made the rounds on the web in 2015. The premise is that LinkedIn’s generic connection request tagline pairs exquisitely well with any New Yorker cartoon. The rib below always stuck with me.

奇怪。我没约过马啊。

(财富中文网) 

译者:Charlie

审校:夏林

 

我来点评

  最新文章

最新文章:

500强情报中心

财富专栏