the threats posed by social networks - abu dhabi … networking threats secure abu... · the...

The Threats Posed by Social Networks

Dr. A Jones MBE MSc MBCS CITP M.Inst.ISPAdjunct Professor Edith Cowan UniversityAdjunct professor University of South [email protected]

SECURE ABU DHABI CONFERENCE 2013

What is a Social Network Site?

• Web-based services that allow individuals to:– Network– ‘Meet’ new people– Keep in touch with and communicate with people who are already a part of their

extended social network• Consists of visible profiles (which often contain photographs) that display lists of

Friends who are also users of the system.• By default, profiles on sites such as Friendster and Tribe.net are crawled by search

engines, making the information visible to anyone, regardless of whether or not they have an account.

• Other sites such as MySpace allow users to choose whether their profile is public or restricted to "Friends only."

• On the Facebook site, by default, users who are part of the same "network" can view each other's profiles, unless a profile owner has decided to deny permission to those in their network. After recent changes, many users of Facebook are now confused with regard to the privacy policy of this site.

P2


Social Network Sites with more than One Million Subscribers• Adult FriendFinder• Badoo• Bebo• Bigadda – India• BlackPlanet• Buzznet• CafeMom• Care2• Classmates.com• CouchSurfing• DeviantART• Draugiem.lv• Facebook • Flixster• Flickr• Fotolog• Friends Reunited• Friendster - Popular in Southeast Asia• Fubar• Geni.com• Grono.net – Poland• Habbo• Hi5 -General. Popular in India, Portugal,

Mongolia, Thailand, Romania, Jamaica, Central Africa and Latin America.

P3

• Hyves - Most popular in the Netherlands.• Ibibo –• Imeem• Itsmy• iWiW –Hungary• Kiwibox• Last.fm• LinkedIn• LiveJournal• Livemocha• Mixi – Japan• MocoSpace• Multiply• MyHeritage• MyLife• My Opera• My Referral Network• MySpace – used to launch a malware attack –

terrorist recruitment• myYearbook• Nasza-klasa.pl - Popular in Poland.• Netlog• Nexopia - Canada• Odnoklassniki – Russia• Open Diary• Orkut - Popular in Brazil and India

• PalTalk – used by terrorists according to Evan Kohlmann

• Plaxo• Qzone - In Simplified Chinese; caters

for mainland China users• Renren - Significant site in China.• Skyrock - Social Network in French-

speaking world• Sonico.com - Popular in Latin America

and Spanish and Portuguese speaking regions.

• Stickam• studiVZ• Tagged.com• TravBuddy.com• Trombi.com• Tuenti.com - Very Popular in Spain• Twitter• \V Kontakte – Russia• Vampirefreaks• Viadeo• WAYN• Windows Live Spaces• Xanga


Tweets and Blogs (Weblogs)

• Usually maintained by an individual • Normally has regular entries of commentary, descriptions of events, or

other material such as graphics or video• Increasingly used to report on events at times and in locations where the

media are either not present or not allowed.• Increasingly used for political commentary• The rise of the citizen reporter

P4


Problems resulting from the use of Social Network Sites

• Once posted – it’s forever – you can’t take it back!• Posting material without due consideration• Data leakage• Scams• One in four users of social networking sites unwittingly leave

themselves open to crime by revealing personal details• Cyber Stalking• Crime - locations

P5


Data Leakage Newsclips

P6

• MI6 chief’s cover is blown by wife’s holiday snaps on Facebook – Jul 2009• Social networking sites leaking personal information to third parties, study warns –

Sept 2009.• Loudmouth workers leaking data through social networking sites – Apr 2009• 63% of Businesses Fear That Social Networking Endangers their Corporate

Security – Apr 2009.• Twitter was mentioned by 17 % of companies as a source of investigation due to the

exposure of confidential, sensitive or private information. – Sept 2010.• 51 % of companies said they are highly concerned about the risk of information

leakage on Twitter – Sept 2010.• Social networking leads to data loss, study finds – Sept 2010• Data stolen from 35 million South Korean social networking users – Jul 2011.• Corporate business secrets getting leaked on social media websites – Nov 2011.• Microsoft Leaked Its Own Social Networking Secret, Then Swore It Was Accidental

– Jul 2011.• LinkedIn: 6.5 million encrypted passwords – Jun 2012. • Facebook quickly fixes privacy leak in new timeline – March 2013.


Comment on Social Media by President Obama

• When asked by a teenager how to become president, President Obama replied:

– “Well, let me give you some very practical tips. First of all, I want everybody here to be careful about what you post on Facebook, because in the YouTube age, whatever you do, it will be pulled up again later somewhere in your life,”

– “And when you’re young, you make mistakes and you do some stupid stuff. And I’ve been hearing a lot about young people who — you know, they’re posting stuff on Facebook, and then suddenly they go apply for a job and somebody has done a search.”

P7 Courtesy of Reuters


Geolocation

• Increasingly popular• Sites such as Foursquare, Google latitude, Facebook Nearby

Friends, Gowalla, twitter(twitpic) or the more commercially oriented Shopkick, FourSquare, iPhone (Isonar)

• Cyberstalking potential• Uploading photos - metadata

P8


Geolocation

P9 Image Courtesy of Mashable/Social Media


Threats resulting from Social Networking

• CyberStalking• CyberBullying• Identity theft• Fraud• Blackmail• Use by criminals• Use by terrorists• Profiling• Spread of Malicious Software

P10


Fraud

P11 Graph courtesy of Florida Law Enforcement Analyst Academy


Spread of Malicious Software

• Twitter was attacked several times by malicious software in 2009. In February of that year, it was targeted by a clickjacking bug that spread when users clicked on a link in a Twitter post, causing the message to be posted to that user's account. When a follower clicked on the message, the bug would spread.

• In April 2009, a similar piece of malware called the Mikeyy Worm plagued the microblogging network.

• Facebook and MySpace have also been used to carry out a number of attacks, including the infamous Facebook Koobface worm, the MySpace QuickTime worm, and a number of phishing scams.

P12


A Social Networking Experiment

P13


Who is Mohammed Hassan?

• 27 Years Old• Dubai Based• Male• 100 people suggested by facebook were invited to be his friend • 23 accepted the invitation within 2 weeks

• He does not exist!• The identity was created in order to see how many friends someone that

does not exist could acquire

P14


The Numbers

• After 2 weeks – 23 ‘friends’• After 4 weeks – 38 ‘friends’ • This gives access to the personal information of the ‘friends’ of the

‘friends’ – a total of over 5000 people.• Approximately 90% gave their date of Birth• Approximately 25% gave their address (at least in part)

P15


Questions?


P17

Thank you


the threats posed by social networks - abu dhabi … networking threats secure abu... · the...

Documents