Tuesday, March 25, 2008

Listing: the Craigslist attack vector

Most of us don't worry about people looting our homes while we're at work - but a new form of attack can create more than a nuisance. A recent Craigslist hoax resulted in large numbers of people taking possessions from Robert Salisbury's Jacksonville, Oregon home. KGW.com's article on the event is worth a read.

This is somewhat similar to the "SWATters" who fake 911 calls using callerID spoofing, social engineering, and other tactics. In each case, the attack is reasonably easy to conduct anonymously, can cause great damage, and uses third parties to conduct the actual attack. In many ways, this is a physical manifestation of what security professionals are used to seeing from botnets and zombies conducting an attack.

Will we see a new term for Craiglist lootings and other attacks - Listing, perhaps?

Other events, such as the massive out of control party in England after it was announced online and by a radio DJ point to the power of broadcast media. Normal social controls are often ignored when people feel that they were invited to take advantage of a situation - and damages can be hard to calculate.

Have you updated your home inventory recently?

Creative Commons licensed Flickr image credit to user blmurch

No comments: