Vulnerabilities / Threats
10/22/2008
02:11 PM
Connect Directly
RSS
E-Mail
50%
50%

7 Fantastic Internet Hoaxes

Despite our increasing technological sophistication, we can't help falling for e-mail about Bigfoot, giant mutant cats, doomed tourists, and deadly butt spiders.

This story was originally published on October 25, 2008.

Admit it. Even you, a savvy veteran e-mail user, have fallen for one or more of these Internet rumors. Or, even if you weren't quite sure of the veracity of a particular story or photograph, you e-mailed it to your friends to amuse/warn them, or to see what they thought.

Don't be embarrassed, you're not alone. Despite our increasing technological sophistication, we seem to be as susceptible as ever to people determined to make suckers of us. After all, Internet hoaxes play on our human, not technical, vulnerabilities.

"These hoaxes use social engineering to trick people into doing what they otherwise wouldn't do," said Patrick Runald, chief security advisor for F-Secure, an Internet security firm. Graham Cluley, a senior security analyst with Sophos, a London-based security vendor, agreed. "The most successful hoaxes have been the ones that people had a real compulsion to forward. These things can't travel unless humans participate. And, unlike anti-virus software, we haven't found a way to upgrade the human brain," said Cluley.

A lot of times these hoaxes are based on engendering fear -- such as the virus hoaxes that periodically sweep over the Internet (keep reading). "At other times, they play off people's curiosity or vanity, or even desire to help others. In any case, although some might originate in a sense of lighthearted fun, "many are far from being harmless pranks," said Runald. "They can take a real financial and emotional toll."

Jim Graham, founder of the Web site HoaxBusters.org, which tracks and debunks Internet hoaxes, agrees. "Hoaxes can cause panic, anxiety, and stress to individual recipients," he said. "In the business world, they can lead to lost productivity, take up valuable network bandwidth, and present a serious security issue." Moreover, he said, "to a spammer, the addresses found in forwarded e-mails are like finding gold."

And the line between hoaxes and fraud can be very thin. Often attackers will build on the momentum that an especially widespread hoax has already achieved, said Zulfikar Ramzan, technical director at Symantec, which tracks online attempts to defraud consumers. "What often happens is that someone perpetrates a hoax -- say invents a fake news story -- and attackers take that and piggyback malicious code on top of it," he said. For example, the virus hoax claiming that opening an email with "An E-Card for You" would crash the recipient's computer eventually picked up an actual virus, said Bill Austin, who runs the Web site VirusHoaxBusters.com. "In effect, the hoax becomes the mechanism for the fraud," he said.

How common are Internet hoaxes? David Emery, the Urban Legends guide for About.com, hears about "several hundred a week. I can't begin to cover them all," he said. "It's quite a phenomenon and speaks to the nature of the Internet, about the gullibility of people, who tend to think that because something has been written down, or because there's a photograph, that it must be true."

Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio