An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
Social Network Crime on Rise
1. Industry Trend: InfoSecurity September 2011
Social Network Crime on Rise
Today some of the worse cyber-crime incidents are classic case studies of social engineering.
This is expected to rise further with time unless curbed with strong privacy laws and measures.
It can probably go without saying that social networking environments such as Facebook, Orkut,
My space, Twitter, LinkedIn can be easily classified as one of the world's largest social
engineering and consumer profiling schemes that has ever been conducted. Ever since the early
days of Microsoft there has been a collection of a plethora of customer personal data which in no
doubt has been stored in a multitude of massive repositories used for all sorts of financial,
marketing, and other types of operational gains. Facebook, Google, Twitter, MySpace, etc. all
basically probably put most government owned and operated data repositories to shame because
they include far more information than financial transactions, employment, criminal, and
educational information. All most all the social network platforms run some of the most
sophisticated and well organised business on drugs, prostitution, propaganda against enterprise
and nations, cyber terrorism.
Paul Zak, Professor at Claremont College, believes that online scammers target social network
platforms such as Facebook users because they primarily do not know their victims. According
to Paul It is comparatively easier to hurt someone when you are not seeing them in person.
Neuroscience research shows that moral violations are less likely when interactions are personal
because people empathize with those they meet in person. In the online world, people are just a
number.
Internet Anonymity Complements Complexity
Recently Randi Zuckerberg, marketing director of Facebook urged the users to end on-line
anonymity. It is true that using real names and information will bring down cyber incidents. But
that goes against the very nature of the Web. There is definitely a correlation between the
Internet and democratization. No doubt about it. But not Facebook and democratization. In fact,
the so-called Facebook revolutions in the Middle East have only managed to topple dictators and
replace them with suspect leaderships, if any. The street reality remains grim.
If one has to restrict the use of anonymous input on the internet, should we not also make that a
condition of using the roads where every car and truck owners real name and address along with
their phone number is printed in large easy to read letters on the front and back of their vehicles?
This might cut down on road rage and bring everyone into "civil compliance" whenever they
operate their vehicle. Or whenever a newscaster says something on TV and their home address
and their private phone number and that of the station are displayed on the TV screen so that if
any untruths are stated we can "call them on it immediately". Same with any politicians that
speak disingenuously so we can also "call them on that statement" so as to explain themselves. I
think Facebook and its critics have stumbled onto a real solution to a modern problem.
2. According to the statement of Gordon M. Snow, Assistant Director, Federal Bureau of
Investigation before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland
Security on July 28, 2010 in Washington, D.C.
He stated that social networking sites, as well as corporate websites in general, provide criminals
with enormous amounts of information to send official looking documents and send them to
individual targets who have shown interest in specific subjects. The personal and detailed nature
of the information erodes the victim’s sense of caution, leading them to open the malicious e-mail.
Such e-mail contains an attachment that contains malicious software designed to provide
the e-mail’s sender with control over the victim’s entire computer. Once the malware infection is
discovered, it is often too late to protect the data from compromise.
Cyber criminals design advanced malware to act with precision to infect, conceal access, steal or
modify data without detection. Coders of advanced malware are patient and have been known to
test a network and its users to evaluate defensive responses. Advanced malware may use a
"layered" approach to infect and gain elevated privileges on a system. Usually, these types of
attacks are bundled with an additional cybercrime tactic, such as social engineering or zero day
exploits. In the first phase of a malware infection, a user might receive a spear phishing e-mail
that obtains access to the user's information or gains entry into the system under the user's
credentials. Once the cyber-criminal initiates a connection to the user or system, they can further
exploit it using other vectors that may give them deeper access to system resources. In the
second phase, the hacker might install a backdoor to establish a persistent presence on the
network that can no longer be discovered through the use of anti-virus software or firewalls.
Road Ahead
The state of Florida sells and gives away driver’s license information basically to whomever will
pay for it. And the fact that FB now collects and uploads your phone numbers is absurd. Many of
the FB apps will steal all of your private information. I know many people who have closed their
accounts. That of course does not mean the data is gone. It is all still there. Once you open an
account there is no real way to delete your information.
My prediction that is by mid-2012 to early 2013, privacy of information as well as and the
protection of personally identifiable information (PII) will no longer have or hold the same value
and meaning because abstract information and identity correlation with these massive data
repositories will allow for an extensive and quite accurate ability to establish identity via an
inference data mining model which will make it far more difficult to retain anonymity to any
degree. This will also make for an excellent resurgence for information sharing services where
multiple systems could do fee-based data correlation to build highly customized records and
online activity patterns. I wouldn't be surprised if many of these organizations are selling
information, but the real beauty is when you team up with other retention and mining partners,
you produce far more accurate and detailed information.
3. Imagine if identities were forced to be real, anything and everything you do will and can be used
to develop an extensive profile on you that can be used in far more ways than simple financial
gain, marketing strategy, but even more so as information that can serve in a specific warfare
tactic if they know enough about you, your habits, your friends, your decision making, etc. This
is not sensationalism in any way. Information is the warfare strategy of the present and future.
—By: Dominic K. Deputy Editor 'InfoSecurity' Bureau.