Threat Intelligence Blog

Recently, reality TV star Kim Kardashian West was attacked and robbed at gunpoint in Paris, France[1]. Her assailants fled with an estimated $10 million worth of jewelry, including a $4 million diamond ring that Kardashian West posted a photo of on Instagram[2] the day before the attack. Kardashian West is known for frequently posting about her lifestyle and whereabouts on social platforms and after the attack, social media and traditional media outlets were rife with opinions and criticisms that the reality star’s oversharing of her lavish and public lifestyle are to blame for the incident. While we can’t be sure of how much social media played a role in the attack, the incident raises concern about the need for heightened cyber safety measures and the dangers of over-exposure through social media, particularly public personas, celebrities, and executives.

In the hours before the robbery, Kardashian West continuously posted videos on Snapchat updating her followers to her every move. She even posted a snap showing everyone leaving her (though you can’t see if her bodyguards are there or not) for the night. These videos, combined with various other posts on Snapchat and Instagram flaunting her lavish lifestyle, likely made her an opportune victim. Not only did her attackers not need to put much effort into discovering her whereabouts (it was apparent from her snaps that she was in Paris for Fashion Week), but she was alone, and had millions of dollars of expensive jewelry with her.

The Kardashian robbery serves as a good reminder of the importance of exercising caution while on social media. Even the smallest and most benign detail could be maliciously exploited. Constantly posting updates, in real-time, all while revealing your location makes you vulnerable to security threats.

How we use social media is changing threat actors’ tactics and behavior when targeting victims. They no longer have to do extensive collection and research because we freely give away that information. Our personal information found in readily-available data aggregator sources, public records, and through online searches can be coupled with tidbits of information posted on our social accounts to create a powerful profile on our pattern of life. Information obtained from our social media posts can also easily expose our passwords and answers to our security questions to threat actors. For example, Google reported that, pet names were the number one among popular passwords in 2013, and sports and Star Wars references made it to top 25 passwords in 2015. Now think about how many times you’ve posted about your pet, or any other interest of yours. We make our lives a low-hanging fruit for threat actors.

LookingGlass provides expert assessments of the risk and vulnerabilities of the online footprints of both our clients and their families. We work on identifying the weakest link in your online persona that can be potentially exploited either physically or digitally through spear phishing campaigns, online solicitations, and more. With the rise in popularity of social media in the last few years, we frequently see social media posing the highest risk of over-exposure – be it through a tweet announcing an executive’s overseas travel, a Facebook message boasting a new car, or an Instagram post revealing the names of children’s team members. All of this information, while seemingly harmless on its own, are pieces of a puzzle that can be misused by bad actors, giving away clues to your locations and possessions. We strongly urge social media users to curate their online presence and increase their security settings across platforms, namely:

  • Avoid posting content that can aid in identifying your location, personally identifiable information (PII), family information, and other sensitive details on social media. Settings such as “private” or “public” help keep user information under control.
  • Disable geolocation, turn off location services on your phones[3], and do not tag your exact locations. While geotags can be helpful for photo enthusiasts and travelers, the information can be easily extracted, disclosing your whereabouts.
  • Related to the above, if you want to tag a location, post when your phone is on airplane mode. This will keep followers from knowing your real-time location.
  • Avoid uploading photos or videos that could show the layout of your home or office. A bad actor could easily view these posts and determine a floor plan or see what security system you use.
  • Set parental controls on both Android and Apple for underage children.
  • Disable automated signatures (e.g. “Sent from my iPhone”) from appearing on your outbound emails. Automated messages, such as out of office alerts, can provide unnecessary and potentially revealing information about the user’s status to the public.
  • Routinely check and update settings for your social media channels, as those change frequently. Check the appropriate settings to make sure information is allowed for private or public viewing.
  • Delete the posts when in doubt.
  • Be in control of your content and remember: less is more.

By Olga Polishuk, LookingGlass Special Investigation Unit


You May Also Be Interested In:


[1] http://www.telegraph.co.uk/news/2016/10/03/kim-kardashian-west-held-at-gunpoint-in-paris/
[2] https://www.instagram.com/p/BK86_2ijyaS/
[3] http://www.techbout.com/turn-off-geotagging-for-photos-iphone-ipad-8738/

Additional Posts

Weekly Threat Intelligence Brief: October 12, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...

Navigating the Phishing Phloodwaters

Today's blog is a guest post from Larry Larsen, Director of Cybersecurity at Apple Federal Credit ...