the threats posed by social networks - abu dhabi … networking threats secure abu... · the...
TRANSCRIPT
The Threats Posed by Social Networks
Dr. A Jones MBE MSc MBCS CITP M.Inst.ISPAdjunct Professor Edith Cowan UniversityAdjunct professor University of South [email protected]
SECURE ABU DHABI CONFERENCE 2013
What is a Social Network Site?
• Web-based services that allow individuals to:– Network– ‘Meet’ new people– Keep in touch with and communicate with people who are already a part of their
extended social network• Consists of visible profiles (which often contain photographs) that display lists of
Friends who are also users of the system.• By default, profiles on sites such as Friendster and Tribe.net are crawled by search
engines, making the information visible to anyone, regardless of whether or not they have an account.
• Other sites such as MySpace allow users to choose whether their profile is public or restricted to "Friends only."
• On the Facebook site, by default, users who are part of the same "network" can view each other's profiles, unless a profile owner has decided to deny permission to those in their network. After recent changes, many users of Facebook are now confused with regard to the privacy policy of this site.
P2
SECURE ABU DHABI CONFERENCE 2013
Social Network Sites with more than One Million Subscribers• Adult FriendFinder• Badoo• Bebo• Bigadda – India• BlackPlanet• Buzznet• CafeMom• Care2• Classmates.com• CouchSurfing• DeviantART• Draugiem.lv• Facebook • Flixster• Flickr• Fotolog• Friends Reunited• Friendster - Popular in Southeast Asia• Fubar• Geni.com• Grono.net – Poland• Habbo• Hi5 -General. Popular in India, Portugal,
Mongolia, Thailand, Romania, Jamaica, Central Africa and Latin America.
P3
• Hyves - Most popular in the Netherlands.• Ibibo –• Imeem• Itsmy• iWiW –Hungary• Kiwibox• Last.fm• LinkedIn• LiveJournal• Livemocha• Mixi – Japan• MocoSpace• Multiply• MyHeritage• MyLife• My Opera• My Referral Network• MySpace – used to launch a malware attack –
terrorist recruitment• myYearbook• Nasza-klasa.pl - Popular in Poland.• Netlog• Nexopia - Canada• Odnoklassniki – Russia• Open Diary• Orkut - Popular in Brazil and India
• PalTalk – used by terrorists according to Evan Kohlmann
• Plaxo• Qzone - In Simplified Chinese; caters
for mainland China users• Renren - Significant site in China.• Skyrock - Social Network in French-
speaking world• Sonico.com - Popular in Latin America
and Spanish and Portuguese speaking regions.
• Stickam• studiVZ• Tagged.com• TravBuddy.com• Trombi.com• Tuenti.com - Very Popular in Spain• Twitter• \V Kontakte – Russia• Vampirefreaks• Viadeo• WAYN• Windows Live Spaces• Xanga
SECURE ABU DHABI CONFERENCE 2013
Tweets and Blogs (Weblogs)
• Usually maintained by an individual • Normally has regular entries of commentary, descriptions of events, or
other material such as graphics or video• Increasingly used to report on events at times and in locations where the
media are either not present or not allowed.• Increasingly used for political commentary• The rise of the citizen reporter
P4
SECURE ABU DHABI CONFERENCE 2013
Problems resulting from the use of Social Network Sites
• Once posted – it’s forever – you can’t take it back!• Posting material without due consideration• Data leakage• Scams• One in four users of social networking sites unwittingly leave
themselves open to crime by revealing personal details• Cyber Stalking• Crime - locations
P5
SECURE ABU DHABI CONFERENCE 2013
Data Leakage Newsclips
P6
• MI6 chief’s cover is blown by wife’s holiday snaps on Facebook – Jul 2009• Social networking sites leaking personal information to third parties, study warns –
Sept 2009.• Loudmouth workers leaking data through social networking sites – Apr 2009• 63% of Businesses Fear That Social Networking Endangers their Corporate
Security – Apr 2009.• Twitter was mentioned by 17 % of companies as a source of investigation due to the
exposure of confidential, sensitive or private information. – Sept 2010.• 51 % of companies said they are highly concerned about the risk of information
leakage on Twitter – Sept 2010.• Social networking leads to data loss, study finds – Sept 2010• Data stolen from 35 million South Korean social networking users – Jul 2011.• Corporate business secrets getting leaked on social media websites – Nov 2011.• Microsoft Leaked Its Own Social Networking Secret, Then Swore It Was Accidental
– Jul 2011.• LinkedIn: 6.5 million encrypted passwords – Jun 2012. • Facebook quickly fixes privacy leak in new timeline – March 2013.
SECURE ABU DHABI CONFERENCE 2013
Comment on Social Media by President Obama
• When asked by a teenager how to become president, President Obama replied:
– “Well, let me give you some very practical tips. First of all, I want everybody here to be careful about what you post on Facebook, because in the YouTube age, whatever you do, it will be pulled up again later somewhere in your life,”
– “And when you’re young, you make mistakes and you do some stupid stuff. And I’ve been hearing a lot about young people who — you know, they’re posting stuff on Facebook, and then suddenly they go apply for a job and somebody has done a search.”
P7 Courtesy of Reuters
SECURE ABU DHABI CONFERENCE 2013
Geolocation
• Increasingly popular• Sites such as Foursquare, Google latitude, Facebook Nearby
Friends, Gowalla, twitter(twitpic) or the more commercially oriented Shopkick, FourSquare, iPhone (Isonar)
• Cyberstalking potential• Uploading photos - metadata
P8
SECURE ABU DHABI CONFERENCE 2013
Geolocation
P9 Image Courtesy of Mashable/Social Media
SECURE ABU DHABI CONFERENCE 2013
Threats resulting from Social Networking
• CyberStalking• CyberBullying• Identity theft• Fraud• Blackmail• Use by criminals• Use by terrorists• Profiling• Spread of Malicious Software
P10
SECURE ABU DHABI CONFERENCE 2013
Fraud
P11 Graph courtesy of Florida Law Enforcement Analyst Academy
SECURE ABU DHABI CONFERENCE 2013
Spread of Malicious Software
• Twitter was attacked several times by malicious software in 2009. In February of that year, it was targeted by a clickjacking bug that spread when users clicked on a link in a Twitter post, causing the message to be posted to that user's account. When a follower clicked on the message, the bug would spread.
• In April 2009, a similar piece of malware called the Mikeyy Worm plagued the microblogging network.
• Facebook and MySpace have also been used to carry out a number of attacks, including the infamous Facebook Koobface worm, the MySpace QuickTime worm, and a number of phishing scams.
P12
SECURE ABU DHABI CONFERENCE 2013
A Social Networking Experiment
P13
SECURE ABU DHABI CONFERENCE 2013
Who is Mohammed Hassan?
• 27 Years Old• Dubai Based• Male• 100 people suggested by facebook were invited to be his friend • 23 accepted the invitation within 2 weeks
• He does not exist!• The identity was created in order to see how many friends someone that
does not exist could acquire
P14
SECURE ABU DHABI CONFERENCE 2013
The Numbers
• After 2 weeks – 23 ‘friends’• After 4 weeks – 38 ‘friends’ • This gives access to the personal information of the ‘friends’ of the
‘friends’ – a total of over 5000 people.• Approximately 90% gave their date of Birth• Approximately 25% gave their address (at least in part)
P15
SECURE ABU DHABI CONFERENCE 2013
Questions?
SECURE ABU DHABI CONFERENCE 2013
P17
Thank you
SECURE ABU DHABI CONFERENCE 2013