dr. scott a. wells ph.d. [email protected] facebook: ultimateknowledge
DESCRIPTION
Ultimate Knowledge Institute’s. Social Media Security Course. Focusing on Social Media Foundations and Security Concepts. Dr. Scott A. Wells Ph.D. [email protected] Facebook: UltimateKnowledge Twitter: UKI_Twitter. Welcome. - PowerPoint PPT PresentationTRANSCRIPT
Dr. Scott A. Wells [email protected]
Facebook: UltimateKnowledgeTwitter: UKI_Twitter
Ultimate Knowledge Institute’s
Social Media Security CourseFocusing on Social Media Foundations and Security Concepts
Welcome
Social Media is the New Medium
By 2010 GenY will outnumber the baby boomers. And 96% of them have joined a Social network.
Social Media has overtaken porn as the #1 activity on the web
Three of the world’s most popular brands online are social-media related and the world now spends over 110 billion minutes on social networks and blog sites.
Socialnomics: How Social Media Transforms the Way We Live and Do Business
Socialnomics: How Social Media Transforms the Way We Live and Do Business
http://blog.nielsen.com/nielsenwire/global/social-media-accounts-for-22-percent-of-time-online/
850 million people using Facebook
account for 1 out of every 5 page views on the internet worldwide
250 million photos are uploaded to Facebook daily
There are an estimated………
These 850 million people……
And ….
Facebook Statistics ………
Facebook Statistics ………
As a country Facebook would be the third most populated country behind China and India
There are over 3 billion videos watched per day on YouTube.
Over 35 hours of video uploaded every minute.
5 billion – Photos hosted by Flickr (September 2010
3000+ – Photos uploaded per minute to Flickr.
and…
and…
25 billion – Number of sent tweets on Twitter
175 million – People on Twitter as of September 2010
and…
Vide
oIm
ages
Twee
tsSome Social Media Statistics by Category ………
Served as Mechanism for political change
Egypt
Tunisia
Yemen
Libya
Assists in disaster notification and response
The Dark Side of Social Media……….
Source: http://www.darkreading.com/insider-threat/167801100/security/privacy/225702468/index.html
Robin Sage gained roughly…….
LinkedIn ----- 148 connectionsFacebook ----- 110 friends Twitter ----- 141 followers.
Over a period of 28 days starting in late December and ending in January of this year.
The Dark Side of Social Media……….
Attackers are employing reconnaissance techniques to penetrate computer networks
Source: http://www.securecomputing.net.au/News/165600,hackers-ran-detailed-reconnaissance-on-google-employees.aspx
OPERATION AUROA
The Dark Side of Social Media……….
Attackers are employing reconnaissance techniques to penetrate computer networks
http://www.betanews.com/article/Personal-data-of-170-million-Facebook-users-exposed-collected-and-shared-without-any-hacking/1280439164
People who are using Facebook either do not care about protecting their information or do
not know how. This is a systemic problem across
the majority of Social Media platforms
The Dark Side of Social Media……….
Source: http://www.nytimes.com/2010/11/29/world/29cables.html?_r=1
Leveraging the Dark Side
The Matrix (1999 film)
Really More Like This
Attack Characterization & Anatomy
Ultimate Knowledge Institute 16
Data Profiling Malware Based Attacks Phishing Attack Evil Twin Identity Theft
Social Media AttacksCharacterization & Anatomy
Ref:
For the next slides we will characterize and walk through some typical attacks associated with Social Media
Ultimate Knowledge Institute 17
Social Media AttacksCharacterization & Anatomy
Data Profiling
Data profiling attacks normally include multiple threat activities defined earlier in this seminar. Data profiling attacks are used as a basis for many other attacks. Lets take a methodology employed in a data profiling attack.
Preparation Phase
Attack Phase
Back out Phase
During the the preparation phase the attacker develops the attack plan that will be used within the attack phase
During the attack phase the attacker employs Social Media focused attack techniques.
During the back out phase the attacker finalizes the attack phase and covers tracks.
1
2
3
Ultimate Knowledge Institute 18
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Engagement Timeline
Create a Dossier Repository
Identify the expected timeline for Social Media Dossier Attack. This will tie into the overall goals of the dossier build and how the information gathered will be used (extortion, blackmail, defamation, reputation attack preface for espionage activity etc….)
The amount of data that will be collected will be immense needs to be searchable. This data should be stored in a database with some form of frontend.
Ultimate Knowledge Institute 19
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Target Characterization Using open and closed sources identify the target’s personal information. Names, relatives, locations, public records etc. Closed sources include the hiring of private investigators or background investigation services.
Ultimate Knowledge Institute 20
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Social Media Presence Discovery
Using characterization information conduct a discovery of the individuals Social Media presence and document all Social Media profiles and activity.
Target: John Smith
Search for Presence
Output is a list of social sites
that the target is a member of.
Ultimate Knowledge Institute 21
Social Media AttacksCharacterization & Anatomy
Ref: http://www.paterva.com/web5/
Lets use Maltego-3and some
other internet based tools and do a little Open Source Intelligence Gathering. For this demo will start with a target, create a digital profile of activities, and determine locations and relationships.
Data Profiling Preparation Phase
Ultimate Knowledge Institute 22
Social Media AttacksCharacterization & Anatomy
Another great source of gathering information is GeoTagging. Many social media photo based websites allow you the ability to strip out geotag coordinates but others do not. Flickr is a great source for geotags.
Data Profiling Preparation Phase
Ultimate Knowledge Institute 23
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Document the Targets Social Context
Determine how the individual use Social Media, what type of social presence and the level of social activity.
• Unique Attributes of Social Media Presence• Images and Media• Relationships with people• 3rd Party Applications• External Links and Usage
Ultimate Knowledge Institute 24
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Determine Tools and Techniques
Identify the expected tools and techniques that will be used during the attack phase. These tools will need to integrate with data repositories
Ultimate Knowledge Institute 25
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Develop Social Actors• Develop actors that will be used in the Dossier
building.
• These actors should have their own Social Media character profile /context and they should align with the Social media context and profile of the target.
• Actors can assume the role of an individual, application, place or business.
• Time should be allocated to develop Social Media
actors.
Ultimate Knowledge Institute 26
Social Media AttacksCharacterization & Anatomy
Data Profiling Preparation Phase
Develop Social Actor Activity Plan
• Each actor’s activity should be carefully scripted.
• The activity plan will document the specific roles and activities of each actor when populated within the targets Social Media presence.
• Assurances should be made that each activity plan has a monitoring plan to detect for target anomalies such as switching Social Sites or actor realization.
Populate Social SitesUsing developed actors and activity plans populate Social Media sites
Ultimate Knowledge Institute 27
Social Media AttacksCharacterization & Anatomy
Data Profiling Attack Phase
Develop and Execute Supporting Attacks• The intent is to compromise the targets relationships.
• Supporting attacks include executing web based attacks against targets relations and impersonations (multiple actor types).
• Supporting attacks require dedicated plans and should be conducted outside of the dossier attack plan.
• Support plans should have a mechanism to feed information into the dossier attack plan.
Attacker
Target Target’s Relationships
Ultimate Knowledge Institute 28
Social Media AttacksCharacterization & Anatomy
Ref:http://en.wikipedia.org/wiki/Cross-site_scripting
Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware.
Persistent Non-Persistent (Reflected)
The code is upload to the vulnerable server within the application. The client
activated the script when the page is loaded
The code is delivered to the victim by the attacker via link embedded with malicious
JavaScript.
1
2
3 4
2
3
1
Ultimate Knowledge Institute 29
Social Media AttacksCharacterization & Anatomy
Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware.
Reflected
Input
Output
Ultimate Knowledge Institute 30
Social Media AttacksCharacterization & Anatomy
Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware.
Stored
InputOutput
Source
Ultimate Knowledge Institute 31
Social Media AttacksCharacterization & Anatomy
Ref:http://www.technewsworld.com/rsstory/68946.html
Malware Based Attacks Persistent XSS Attacks and Social Media - Twitter
1
Victim
Attacker Site
Attacker
View Infected Profile
3 Establish AJAX Connection
6Steal Auth Token
7 Post Status & Change More
Info. URL
2 Download Malicious JavaScript
5Image Request
4 Forward cookie and username
StalkDaily.ComMichael Mooney
Ultimate Knowledge Institute 32
Social Media AttacksCharacterization & Anatomy
http://www.zdnet.com/blog/security/hackers-selling-25-toolkit-to-create-malicious-facebook-apps/8104
Malware Based Attacks Hackers selling $25 toolkit to create malicious Facebook apps
The do-it-yourself toolkit offers a template for spreading malware, directing users to click-fraud accounts and for pushing Facebook users to bogus surveys to hijack personal information. This commoditization of Facebook malware is further confirmation that social networks are a happy hunting ground for cyber-criminals looking to hijack personal data for use in identity theft attacks.
TINIE VIRAL APP V3.6
Facebook Profile Creeper Tracker Pro
RAMNIT Zues
SpyEye
Ultimate Knowledge Institute 33
Social Media AttacksCharacterization & Anatomy
Ref:http://www.infowar-monitor.net/reports/iwm-koobface.pdfhttp://www.abuse.ch/?p=2103
Malware Based Attacks Koobface
Phase 1
Koobface Attack PhasesPhase 2 Phase 3 Phase 4
Koobface Monetization
Hijacked website with JS Fake Video
with .exe
The Koobface does not just exist for “fun”but for “profit” as well.
Koobface Mothership
Malicious AVAffiliates
Pay Per Click Affiliates
Compromised HostFake posts are
redirected to….
Malicious bit.ly and blogspot URLredirect
to….
User redirected to….
Server that spreads
Koobface
Ultimate Knowledge Institute 34
Social Media AttacksCharacterization & Anatomy
Ref:http://en.wikipedia.org/wiki/Phishing
Phishing Attacks
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication 3.2 Billion Lost in 2010 – Gartner Group
Anatomy of Generic Phishing Attack
Categories of Attacks
• Spearphishing• Phishing• Pharming• Vishing
Categories of Attacks
• Redirect Attacks• Disclosure Attacks• Impersonation• Unauthorized Usage
Phase IRedirect
Phase IIDisclosure
Phase IIIImpersonation
Phase IVUnauthorized Usage
Fraudulent Transaction
Impersonate Victim
Actual Site
Spoofed Site
Victim
Attacker
Steal Identity
Ultimate Knowledge Institute 35
Social Media AttacksCharacterization & Anatomy
Ref:http://en.wikipedia.org/wiki/Phishing
Phishing Attacks Phishing Attacks and Social Media – Facebook App.
User clicks on the link and is presented
with a Facebook login
The attack then returns you to Facebook, installs an app
called “Media Player HD”,and asks you to download the “FLV player” --- Malware!
Ultimate Knowledge Institute 36
Social Media AttacksCharacterization & Anatomy
Ref: http://www.gnucitizen.org/blog/social-networks-evil-twin-attacks/
Impersonation Attacks Impersonation Attacks involve the registering a username with the intent to mislead others as to the identity behind the username.
John Smith
Sam Hacker
Impersonation Individual or Organization
Compromise Relationships
Damage Reputation
Phishing Attack
Confidence attacks
John Smith
John Smith
Conduct Malicious Activities
Identity Theft Activities
37
Social Media AttacksCharacterization & Anatomy
Ultimate Knowledge Institute
Data LeakageSocial Media Data Leakage is characterized as the unauthorized release of organizational information.
Leak Distribution Propagation
Ultimate Knowledge Institute 38
Social Media AttacksCharacterization & Anatomy
Ref: http://codebutler.com/firesheep
Identity Theft Identity theft is the actual taking over the identity of an individual.
The Firefox plugin “Firesheep” is a tool that automates the capturing of a set of predefined Social Media session cookie’s. This allows an attacker to steal an unsuspecting victims Social Media identity.
Ultimate Knowledge Institute 39
OverviewUKI Social Media Program
Ultimate Knowledge Institute is offering both a training and certification program for Social Media Technologies.
Social Media Foundations Course
Social Media Engineering & Security
Course
Social Media for Managers Course
Social Media Practitioner Certification
Social Media Engineering & Security
Certification
Social Media Governance Certification
The Social Media for Managers course and certification encompasses the governance strategies policy development and processes that should be put into place to support Social Media initiatives within an organization.
The Social Media Foundations Course is designed for individuals who must indoctrinate other users and who work with Social Media on a daily basis
The Social Media Engineering and Security Course and Certification is meant for individuals who must design, implement and operate secure Social Media solutions.
Questions# Questions are not limited to one hundred and forty characters