Hackers apparently can be just as careless as their victims.
A new study finds that people with technical backgrounds are very inclined to disclose sensitive information like addresses and passwords to strangers they meet online, even though they should know better.
Dr. Sabina-Raluca Datcu, who conducted the study, used a sample of 100 people, half of them working in the IT security industry and the other half being hackers selected from forums for “bad guys.” She created two fake 25-year-old female profiles with photos to present to either the IT experts or hackers to analyze “friendship trust-rate.” For the IT pros, the “woman” had interests in security, psychology and literature. The profile for hackers showed she was into hacking, psychology, reading news and “trying new things.”
The second step involved an ongoing conversation as “friends” to see what information the subjects would disclose to an unknown person.
At the beginning of the interactions, both the IT subjects and the hackers were more concerned about their personal privacy. As time went on, however, the subjects appeared to trust the test profiles more, although the hacking group was generally more skeptical than the IT group. (See “After Stuxnet, a Rush to Find Bugs in Industrial Systems.”)
The researcher found that 75 percent of those contacted disclosed personal information such as addresses, phone numbers, information about their children and their parents’ names. Nearly all of those contacted also offered up a description of their password and 13 percent of IT professionals contacted actually disclosed various passwords to online accounts.
Datcu makes the point that social networks, forums and online chat rooms “create ideal worlds, in which users have the ability to transform themselves into very attractive people or very communicative ones, and in which everybody can confide in everybody and be everybody’s friend.”
For more information about the study, visit Virus Bulletin.