Thursday, September 6, 2007

Virtual Vulnerability and the Big Bad Wolf!

Let’s go back to childhood, when mama told us time and again, ‘Do not talk to strangers!’ And we followed this advice in every way we could; ranging from responding with scowls to perfectly innocent smiles, to installing peepholes on the main door. This anti-social behavior might well have protected us from a range of unimaginable horrors, including abduction by the neighborhood psycho and being cheated by the ever-hovering conman. Amen!

A decade or so back, something changed. A new form of interaction entered our lives; the internet. And suddenly, everything in our lives had a virtual implication. Our mails went virtual, our classrooms went virtual and even social interaction went virtual. However, mama’s advice did not go virtual. Because the internet was all about talking to strangers! And talk to strangers we did; first through simple chat applications, then through VoIP applications and now via thousands of mushrooming social networking sites.

Popularity is no more about having a date of a Saturday night or the number of people hiding in your apartment to surprise you on your birthday. Popularity now lies in the number of connections/friends you have on your social networking website and how many of them blink online on your chat list.


Now, stop for a moment and think: How many of these ‘friends’ do you really know? How many of them have you met? How many of them do you know are real people?You will realize that you have indeed slipped and have been talking to strangers. People you do not know, people you would not recognize if you walked into them in office tomorrow, people who just might be completely different from who they say they are (and that cute photo with the puppy might well belong to another complete stranger!) And these people, in some measure, are privy to a lot of information about you.


Think for a moment about your virtual presence. Various mailboxes, chat IDs, social network profiles. Casual stuff, no worries! One step further. Postings on professional job sites or matrimonial sites, memberships in online forums and communities, a mention in employee listings of organizations you’ve worked for with all contact information listed. This might be a little more serious. But then you are not worried, right? Let’s try once more. Bank accounts (most banks offer online transactions), credit card accounts, phone accounts (again, online billing and transactions), Demat accounts, insurance accounts… Your entire life is at risk.


Having established your vulnerability, we now introduce, the Big Bad Wolf (yes, we didn’t forget him). Let’s call him BBW! Disguised in Grandma’s clothes, he is lurking online, just waiting for you to slip up. While all the anti-virus software of the world and your firewalls will keep him out of your computer, they cannot keep him out of your head. BBW holds a PhD in what is called Social Engineering. Social Engineering is defined as the art and science of getting people to comply with your wishes. And BBW does that very well. Here’s how!


BBW starts off by identifying a target group or a person. In this case, let us assume he is targeting you. He draws up a list of attributes and characteristics that will appeal to you. Using this list, he creates a virtual identity. This virtual identity has everything from a job to a social network. This new character, let’s call him Nice Joe, will be exactly the kind of guy you like. Soon enough, you will bump into Nice Joe in an online chat room or a discussion board. You might receive an add request, or a mail citing common friends. And if BBW has really done his homework, you will want Nice Joe for your friend and send him an add request!


Very soon Nice Joe, now NJ to you, will be your best buddy! NJ and you start spending hours together online. Online games, chats, putting up discussion boards, feeding each other’s BLOG traffic… the best virtual pals ever. Sending files to each other is a common occurrence. One of these files NJ sends you will have what is called a sleeper application. This particular application is the type that takes root in your system, and quietly records all your keystrokes and sends it to him. NJ, or rather BBW, now knows exactly what you wrote in that mail to your girlfriend/boyfriend, how many shares of that new public issue you bought and of course, the password to every account you have.


The story gets uglier by the minute. Through the benign NJ, BBW has broken into your life, and can do just about anything he wants. All your life is at the mercy of a Big Bad Wolf! This story might sound far-fetched, but is as easy to execute as a fried egg, sunny side up. Easier, actually. The BBWs of the virtual world have all the tools at their hands to execute such fraud, and if something like this never happened to you, it probably is because you have been lucky enough to go unnoticed by them so far.


Virtual identities are getting easier to fake day by day and social engineering is becoming an extremely dangerous menace. Stories of fraud are commonplace enough, and the odd tale of a psychopathic homicide that started off with an online flirtation seems to stress just how vulnerable we all are. Call it a raving paranoid conspiracy theory or call it a commentary on the dangers our daily lives expose us to; but the next time you accept an add request on your chat list or social networking site, do spend a minute to think to yourself – Do I really know this person?


Cogito Ergo Finito

2 comments:

Pooja Nair said...

Its scary when you think about it..considering the fact that people are socializing more over the net, statistics tell that 60 - 70 % of people prefer the virtual communities to make new friends, form groups et al.

plain boring jane said...
This comment has been removed by the author.