The Threats Posed by Social Networks

The Threats Posed by Social Networks

Dr. A Jones MBE MSc MBCS CITP M.Inst.ISP Adjunct Professor Edith Cowan University Adjunct professor University of South Australia [email protected]

SECURE ABU DHABI CONFERENCE 2013 What is a Social Network Site?

• Web-based services that allow individuals to: –Network – ‘Meet’ new people – Keep in touch with and communicate with people who are already a part of their extended social network • Consists of visible profiles (which often contain photographs) that display lists of Friends who are also users of the system. • By default, profiles on sites such as Friendster and Tribe.net are crawled by search engines, making the information visible to anyone, regardless of whether or not they have an account. • Other sites such as MySpace allow users to choose whether their profile is public or restricted to "Friends only." • On the Facebook site, by default, users who are part of the same "network" can view each other's profiles, unless a profile owner has decided to deny permission to those in their network. After recent changes, many users of Facebook are now confused with regard to the privacy policy of this site.

P2

SECURE ABU DHABI CONFERENCE 2013 Social Network Sites with more than One Million Subscribers

• Adult FriendFinder • Hyves - Most popular in the Netherlands. • PalTalk – used by terrorists according to • Badoo • Ibibo – Evan Kohlmann • •Bebo • Imeem Plaxo • • • Bigadda – India Itsmy Qzone - In Simplified Chinese; caters • for mainland China users • BlackPlanet iWiW –Hungary • • Renren - Significant site in China. • Buzznet Kiwibox • • Last.fm Skyrock - Social Network in French- • CafeMom speaking world • LinkedIn • Care2 • Sonico.com - Popular in Latin America • LiveJournal • Classmates.com • and Spanish and Portuguese speaking Livemocha regions. • CouchSurfing • Mixi – Japan • Stickam • DeviantART • MocoSpace • studiVZ • Draugiem.lv • Multiply • Tagged.com • Facebook • MyHeritage • TravBuddy.com • Flixster • MyLife • • Trombi.com • Flickr My Opera • Tuenti.com - Very Popular in Spain • Fotolog • My Referral Network • • Twitter • Friends Reunited MySpace – used to launch a malware attack – • \V Kontakte – Russia terrorist recruitment • Friendster - Popular in Southeast Asia • Vampirefreaks • myYearbook • Fubar • Viadeo • Nasza-klasa.pl - Popular in Poland. • Geni.com • WAYN • Netlog • Grono.net – Poland • Windows Live Spaces • Nexopia - Canada • • Habbo Xanga • Odnoklassniki – Russia • Hi5 -General. Popular in India, Portugal, • Open Diary Mongolia, Thailand, Romania, Jamaica, • Orkut - Popular in Brazil and India Central Africa and Latin America.

P3

SECURE ABU DHABI CONFERENCE 2013 Tweets and Blogs (Weblogs)

• Usually maintained by an individual • Normally has regular entries of commentary, descriptions of events, or other material such as graphics or video • Increasingly used to report on events at times and in locations where the media are either not present or not allowed. • Increasingly used for political commentary • The rise of the citizen reporter

P4

SECURE ABU DHABI CONFERENCE 2013 Problems resulting from the use of Social Network Sites

• Once posted – it’s forever – you can’t take it back! • Posting material without due consideration • Data leakage •Scams • One in four users of social networking sites unwittingly leave themselves open to crime by revealing personal details • Cyber Stalking • Crime - locations

P5

SECURE ABU DHABI CONFERENCE 2013 Data Leakage Newsclips

• MI6 chief’s cover is blown by wife’s holiday snaps on Facebook – Jul 2009 • Social networking sites leaking personal information to third parties, study warns – Sept 2009. • Loudmouth workers leaking data through social networking sites – Apr 2009 • 63% of Businesses Fear That Social Networking Endangers their Corporate Security – Apr 2009. • Twitter was mentioned by 17 % of companies as a source of investigation due to the exposure of confidential, sensitive or private information. – Sept 2010. • 51 % of companies said they are highly concerned about the risk of information leakage on Twitter – Sept 2010. • Social networking leads to data loss, study finds – Sept 2010 • Data stolen from 35 million South Korean social networking users – Jul 2011. • Corporate business secrets getting leaked on social media websites – Nov 2011. • Microsoft Leaked Its Own Social Networking Secret, Then Swore It Was Accidental – Jul 2011. • LinkedIn: 6.5 million encrypted passwords – Jun 2012. • Facebook quickly fixes privacy leak in new timeline – March 2013.

P6

SECURE ABU DHABI CONFERENCE 2013 Comment on Social Media by President Obama

• When asked by a teenager how to become president, President Obama replied:

– “Well, let me give you some very practical tips. First of all, I want everybody here to be careful about what you post on Facebook, because in the YouTube age, whatever you do, it will be pulled up again later somewhere in your life,”

– “And when you’re young, you make mistakes and you do some stupid stuff. And I’ve been hearing a lot about young people who — you know, they’re posting stuff on Facebook, and then suddenly they go apply for a job and somebody has done a search.”

P7 Courtesy of Reuters

SECURE ABU DHABI CONFERENCE 2013 Geolocation

• Increasingly popular • Sites such as Foursquare, Google latitude, Facebook Nearby Friends, Gowalla, twitter(twitpic) or the more commercially oriented Shopkick, FourSquare, iPhone (Isonar) • Cyberstalking potential • Uploading photos - metadata

P8

SECURE ABU DHABI CONFERENCE 2013 Geolocation

Image Courtesy of Mashable/Social Media P9

SECURE ABU DHABI CONFERENCE 2013 Threats resulting from Social Networking

• CyberStalking • CyberBullying • Identity theft • Fraud • Blackmail • Use by criminals • Use by terrorists • Profiling • Spread of Malicious Software

P10

SECURE ABU DHABI CONFERENCE 2013 Fraud

P11 Graph courtesy of Florida Law Enforcement Analyst Academy

SECURE ABU DHABI CONFERENCE 2013 Spread of Malicious Software

• Twitter was attacked several times by malicious software in 2009. In February of that year, it was targeted by a clickjacking bug that spread when users clicked on a link in a Twitter post, causing the message to be posted to that user's account. When a follower clicked on the message, the bug would spread. • In April 2009, a similar piece of malware called the Mikeyy Worm plagued the microblogging network. • Facebook and MySpace have also been used to carry out a number of attacks, including the infamous Facebook Koobface worm, the MySpace QuickTime worm, and a number of phishing scams.

P12

SECURE ABU DHABI CONFERENCE 2013 A Social Networking Experiment

P13

SECURE ABU DHABI CONFERENCE 2013 Who is Mohammed Hassan?

• 27 Years Old • Dubai Based •Male • 100 people suggested by facebook were invited to be his friend • 23 accepted the invitation within 2 weeks

• He does not exist! • The identity was created in order to see how many friends someone that does not exist could acquire

P14

SECURE ABU DHABI CONFERENCE 2013 The Numbers

• After 2 weeks – 23 ‘friends’ • After 4 weeks – 38 ‘friends’ • This gives access to the personal information of the ‘friends’ of the ‘friends’ – a total of over 5000 people. • Approximately 90% gave their date of Birth • Approximately 25% gave their address (at least in part)

P15

SECURE ABU DHABI CONFERENCE 2013 Questions?

SECURE ABU DHABI CONFERENCE 2013 Thank you

P17

SECURE ABU DHABI CONFERENCE 2013