Cybercrime from page 11 EDF fined for hacking Greenpeace EDF, the French energy firm, UK’s executive director, John was recently fined Euro 1.5 million Sauven, said: “The evidencesocial networks do not scan the by a Paris court for spying on presented at the trial showed thatURL’s and embedded content Greenpeace. It must also pay the espionage undertaken by EDFcoming from third party servers Greenpeace Euro 500,000 in dam- in its efforts to discredit Greenpeacesuch as Content Delivery Networks. ages. Two EDF employees were was both extensive and totallyTherefore, there is no mechanism jailed, along with the head of the illegal. The company should nowto detect the authenticity of URL’s company they hired to hack into the give a full account of the spyingthat are passed as message con- environmental charity’s computers. operation it mounted.”tent among the user objects in theonline social networks. In addition, it EDF was charged with complicity Whilst anti-nuclear activists areis easy to upload malvertisements, in concealing stolen documents and reportedly furious at what EDF did,and social networks fail to raise complicity to intrude on a computer a security expert has commentedany warning. Online social networks network. It was claimed the com- that the only real surprise is thatare not harnessing the power of pany had organised surveillance this sort of trojan-assisted industrialSafe Browsing API’s from Google not only of Greenpeace in France, espionage has not reached theor similar services to instantiate a but broadly across Europe since courts before.verification procedure before post- 2004. And it was stated that ining a URL back to a user profile. 2006, EDF hired a detective agency, Philip Lieberman said that the caseLack of such basic protections is Kargus Consultants, run by a former is notable because the saga starteda key factor in making the social member of France’s secret services, more than five years ago. And, henetworks vulnerable to exploitation. to find out about Greenpeace wondered, how many other cases ofFinally, many social network users France’s intentions and its plan trojan-assisted industrial espionageare not knowledgeable enough to block new nuclear plants in the have been carried out in recentto differentiate between real and UK. The agency allegedly hacked years. What does this case tell us?malicious entities. Ignorance not the computer of Yannick Jadot, Quite simply that trojan-assistedonly results in exploitation, but also Greenpeace’s then campaigns infections are almost certainly angreatly impacts the overall security director, taking 1,400 documents. integral part of the modern-dayof online social networks. Because private detective’s IT arsenal whenof the high connectivity and need At the trial, EDF said it had been conducting industrial espionage,”for trust in a social network users victim of overzealous efforts, and he said. And we should ask whetherare particularly dependent on the had been unaware anyone would terrorists are using the same tech-built-in security features of online hack a computer. But Greenpeace niques to assist their campaigns.social networks, but the securityfeatures are not tough enoughto thwart many malware attacks.ConclusionRobust security and privacy mecha-nisms are indispensable for safe Published monthly by Commercial Crime Services,online social networking. Built-in Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.security is necessary because Tel: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961attackers exploit the trust, curiosity Website: www.icc-ccs.org Email: firstname.lastname@example.org Website: www.icc-ccs.organd ignorance to garner maximum Editor: Andy Holder Email email@example.com. User awareness regardingsecurity concerns is important but ISSN 1012-2710can only spread gradually, so social No part of this publication may be reproduced, stored in a retrieval system, or translated in any form or bynetworks should be proactive and any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of the publishers.develop more sophisticated andstringent mechanisms to thwart While every effort has been made to check the information given in this publication, the authors, editors,malware infections. Safe and secure and publishers cannot accept any responsibility for any loss or damage whatsoever arising out of, ortransmission of the information and caused by the use of, such information. Opinions expressed in Commercial Crime International are those ofrobust user’s privacy should be the the individual authors and not necessarily those of the publisher.paramount concern of the social Copyright 2011. All rights reserved.networking companies.