Professional Documents
Culture Documents
Prepared By:
Samia Saad
TABLE OF CONTENTS
1. ABSTRACT ................................................................................................................................................................ 3
2.
PURPOSE .................................................................................................................................................................. 3
3.
MOTIVATION ........................................................................................................................................................... 3
4.
5.
BACKGROUND ......................................................................................................................................................... 4
6.
HISTORY ................................................................................................................................................................... 5
7.
8.
9.
a.
b.
c.
d.
10.
a.
b.
c.
d.
e.
f.
g.
11.
12.
CONCLUSION ..................................................................................................................................................... 12
13.
BIBLOGRAPHY ................................................................................................................................................... 14
14.
APPENDIX .......................................................................................................................................................... 15
1. ABSTRACT
Social media has drastically changed our lives and our issues too. In todays world, we face a whole bunch of new issues
which the world has never heard of before. We need to solve our issues by keeping in mind that most of the new
problems are being caused through internet social media.
A mother from Texas wrote in Huffington post, that her teenager kid spends hours wasting his time on Facebook,
twitter and Instagram instead of studying and spending spare time with developing good hobbies. [2]
People nowadays are glued with their cell phones texting or using social media resulting lack of their level of
concentration and they can easily become addicted to it. Teens are more belligerent these days as the part of their
behavior is due to the social networking sites which gives them a freedom to hide their original identity that results in
cheating, aggression, cyber bullying and other harassment activities. [2]
The usage of internet social media is increasing day by day and there is no prediction for it to be slowing down in
coming future. This progression in technology have not only paved new ways for public and business communication
but also provided opportunities to several attackers at vast scale.
To mitigate the present and upcoming social media attacks and to prevent users from becoming victims to various
forms of attacks, awareness has to be spread and social media systems should be designed that are simple, more
secure and have set of rules that are transparent in security and available for the users.
The dilemma lies not just in controlling the usage of internet social media in the lives of kids and teenagers, but we
ourselves are not aware of the consequences that we could face through internet social media in our lives. We are not
aware of what data to share and what not and thus personal data could be used by anyone else for ID theft,
impersonation, abduction etc.
Most of the time in our daily lives is spent on surfing internet and we are no more a stranger to this whole wide world.
Global businesses are also affected to this as the data for several companies are shared on social network which can
be used by competitors and can also get hacked creating chaos in the companies. This could severely affect the revenue
of the companies thus causing its shares to go down.
2. PURPOSE
The purpose for this report is to highlight the dangers and threats of internet social media and to create awareness
about the global issues the world is facing today through internet social media.
3. MOTIVATION
The motivations to write this reports are listed below:
a.
b.
c.
To highlight the threats and vulnerabilities of future usage of internet social media.
To spread awareness among companies, business holders and youth to know about the issues faced through
internet social media and how to overcome it.
To overcome the social media attack by highlighting the new ways being currently used.
4. PROBLEM STATEMENT
Internet social media is a revolution and a best source to share information to the ones you know and to the whole
world but on the other side, there has been serious concerns on abusing this service as well. Today, there are billions
of people using internet social media and thus some of them are predators too. Such predators are always in search
of a person that they can take advantage of.
The problem lies in our understanding where the threat is and how we can avoid it to protect our young generation
from all these social media issues? People have to realize that the issues around misusing social media could prove to
be harmful for them and to the next generation. We do not want our next generation to become victim of social media
threats and live a fearful life, instead, we want them to be a confident human being and a generation who could build
this world to be a better place to live for everyone.
The Problem is not in using social media, it is merely the way how we use it and for what purpose. The main idea is to
analyze ways to mitigate the attacks and to devise ways to protect internet social media.
5.
BACKGROUND
Internet-based social networking sites have created a revolution in social connectivity. Nowadays the
social networks are used at large scale due to the fast progressing information technologies around the
globe [11]. In the initial years, the communication started with fax followed by emails, chat messengers and
now we are using social media i.e. Facebook, Skype video calls, snapchat, Instagram.
Moreover, it is pertinent to note the influence that has been produced as a result of combining the
Internet idea with mobile communications. This in fact should be considered a threat and a major generic
instability generator. The modern IT based social networks are practically associated with Facebook,
Twitter and LinkedIn which have more than a billions users and thus have to be used with care.
Internet Social Media has hijacked our personal space by fully transforming into identified interaction
through Internet cookies (temporary internet files that are housed in users temporary internet folders).
Thus in todays world, our cookies tell the advertiser about our like and dislikes.
HISTORY
Brief History
Vulnerabilities
Operated by google
Built in 2004.
Shut down in Sep. 30, 2014.
Main purpose was to connect Orkut users globally:
people.[13]
- 51% USA, 53% Brazil and 18.4 % India
In 2008 Orkut started its operation from Brazil [13]
Snap Chat
In 2010, Facebook's security team began expanding On November 6, 2007, Facebook launched Facebook
its efforts to reduce the risks to users privacy. The Beacon, which was a part of Facebook's advertisement
system until it was discontinued in 2009. Its purpose was
issue still exists.
to allow targeted advertisements
In November 29, 2011, Facebook settled FTC*
In 2010, the National Security Agency took publicly posted
charges that it deceived consumers by failing to
profile information from users Facebook profiles to
keep privacy promises [16].
discover user activities. [16]
Orkut
Although a lot of vulnerabilities have been identified in the usage of social media, but still the user usage trend has
been on the rise. Below graph validates the rising % of US population for social media from the years 2004 till 2016.
[3]The above data is taken from a Statics Portal (Statista). The link is shown in references
Facebook, twitter, google+ has a lot of popularity and are used by billions of people all over the world but this is also a
platform for the attacker to do nefarious activities. These can be used by people to develop social relationship, making
calls and also do conferences, but this can be used by the attacker too, attacker makes false node into your account
and he gains information about your accounts. Attacker impersonate itself and then the user believes him and share
information with him. The attackers are impersonating and when we befriend with strangers we invite cyber criminals
to attack our privacy. The above graph shows the percentage increase of users having social media profiles from the
year 2004-2016 is shown and the percentage of user with profile is increasing every year.
e. Social Engineering
Social Engineering is an art and science of manipulating people. There are many predators on internet social media,
they use social engineering to achieve their personal goals. Social Engineering predators are mostly internet
professional and computer security professional. Social Engineer requires a lot of high cognition attribute. [1]
f.
Phishing
Phishing is not directly related to social media, but some people use social media on cell phones which make it difficult
to distinguish between the fake sites and the original sites, Social media also allows the attacker to send phishing
messages by impersonating to be the victims friend. Then he obtains login and password of victims account, then
further he sends phishing emails to the other people connected that is mostly enticing for everyone and seems like it
is from the victim. [12]
g. Pretexting
This is a scenario built by the predator to trap a person do what he would not do under normal circumstances. This
technique can be used to fool the business holder to gain information about the business and to use it against the
company afterwards. Some methods to avoid pretexting [9]
h. Leakage of Information
Social media connect us all the time, its always on, we draw no line between where to use and what to share. The
young workers in office and home use it and they unintentionally leak information about company while using at work
i.
Flaw Injection
The social media technology has injection flaw which is similar to XML injection. The social media highly depends on
client side, so the client side validation can be bypassed by the attacker.
This occurs when user data to interpreter in the form of query, the attacker fabricate the data, it allows the attacker
to create, read and update any data [12].
j.
Information Integrity
Data integrity is the basis of information security. Malware can compromise the systems security; it occurs mostly
when the system is not updated in their anti-virus software. Attacker can manipulate and damage through malware.
But there are instance that honest mistakes can be done by the legitimate users, any unintentional information posted
on internet social media as there are many users all over the world they can take it in different ways. As the data is
accessible by many users all over the world this makes the data vulnerable to malicious attack and misinterpreted by
many, this compromises the integrity of data [12].
k. Insufficient Anti-automation
The Social media interface to prone to automated attacks, this attack automatically runs the query and all information.
Anti-automation like CAPTCHAs are used to defend against these automated attacks [ 12]
l.
Baiting
This is a type of Trojan horse, an attacker can make enticing free option on social media and put malware in it. If the
user is nave and follow all the links he gets infected with the malware.
m. Click jacking
This is a way to convince user to click on a link which is a trap, the user clicks on such link as he finds the content
interesting but after clicking he will not get what he expected from the link and he will lose his privacy.
n. Spam
Spammer use many platforms to spread spam, social media is one of them.
o. Sybil Attack
Spam and malware attack are still there, but there are fake account attacks too. Such accounts are created by attacker
to harm other people such an attack is called Sybil Attack.
Sybil attack have been proposed multiple solution, Sybil guard and Sybil limit. Social network can be used to spread
propaganda, could be political or personal. Social network ha variety of data from natural disaster to every little
information about any person. Data mining is used to study such dynamic data.
There is no way to measure the trustworthiness and honesty of information on social media.
how such dynamic data can be studied and how such dynamic data can be aggregated and made in a graph to
study the cybercrime.
how data mining can be used to differ between honest activities and malicious activities.
Authentication: Such attack like Sybil attack can be decreased if proper Authentication is done. Facial
recognition system can be user to verify user. If the person is not present in the facial recognition system, then
such person should not be allowed to make account
q. Spoofing
Spoofing is done by entering in to someone else account through IP and get personal details. This could lead to severe
damages to personnel and the company.
8. SCENARIOS / FACTS
There have been many instances like if someone running for presidential candidate and there is a sudden leak of video
or certain information that could demolish the image of the person.
a.
If there is any merger we usually see any news about the director suddenly outbreaks, these acts are done to
distort the image of such person, and these incident occur as we open our life to social media, so such predators
take advantage of the situation and they can easily distort our image in public.
b.
Facebook Abduction is another very deteriorating incident that occurred, teenager was abduct by a man
impersonating to be some other person. Such online friendship lead to such crimes.
https://www.youtube.com/watch?v=c4sHoDW8QU4
This is a YouTube experiment on child abduction for awareness in kids to be spread.
c.
Cyber bullying another very important issues on social media, leads to hate, anger and envy, which lead to leave
every person alone in their lives, such cases leads to depression and suicide. About 42% of kids are victims of cyber
bully.
d.
In 2009, the U.S. military considered a near-total ban on social media sites throughout the Department of Defense.
Military officials cited inherent technical security weaknesses and lack of security safeguards on social media sites
(Schachtman, 2009)[12]
10
d. What can happen next by this social media if awareness is not given?
If awareness is not provided to our next generation, then we will have a generation who will have no secrets, as a
result this generation will not trust anyone. They will not be able to build relationship. This will be the generation,
who will not be able to learn through mistake as we do because if a mistake is done on social media and if his
image is distorted then such person might suffer for this distorted image for life time.
Hence, a lot of awareness should be spread about using social media, article should be written, and there should
be free seminars to spread awareness among everyone.
a. Password protection
Our identity in cyber world depend on passwords which can be stolen and abused. This can lead to wide variety of
attacks on identity theft.
b. Protecting Anonymity
Everyones private life is lost and now people have to learn how to lead their lives in public domain. Lost Privacy
cannot be found.
11
d. Age Limit
As we have age limit in movies PG-13, NR, the user should be above age 18 to access social media websites. Some
specific forms should be filled by the user to access the website by agreeing on the age limit to be more than 18 years.
e. Password Cracking
Cryptographic hash functions can be used to authenticate information, but now CPU is combined with powerful
crackers to target password digest. Cloud cracker is also easily available. More research is needed to know how to
protect password.
f.
Hashing
Cryptographic hash function is used to protect password. A website can slow down the attackers by applying the
hashed password. The hashed password does not allow brute force and dictionary attack.
g. Service Decoupling
Service like Facebook, twitter is interconnected with each other. Twitter may post comments on Facebook and it is
configured like that. The service coupling provide new type of services but this is security sensitive. It is challenging for
researcher to study all interconnected services. Two Factor Authentication: Like SMS code and typing password is a
very effective way to protect password. Such two Authentications can be used for more security, to protect password
related issues.
12. CONCLUSION
The Internet social media has changed our lives in every aspect of our lives, the way of doing business, interacting with
people has changed a lot. There are some good aspects as it is convenient to use to interact with other peoples but it
offers huge range of disadvantages, risk and danger to life and money, as I have discussed earlier.
12
a.
The main issue is how to overcome such problems faced by internet social media and how to restrain ourselves and to
think twice before sharing any personal information. I have discussed in the paper that awareness is the main thing that
could change lives of many from facing such issue. These issues can be very deteriorating in ones life.
b.
There should be conferences, seminar and public service messages, still a lot of more research is needed to protect
individuals, companies to analyze each and every drawback of each and every act we do online.
Government or social worker companies can spread awareness to inform people the disadvantages of internet social
media. How we can use it for positive work only and how we can restraint from sharing private data. Such research can
be done for the welfare of the people. Social media forums are also used to spread different propagandas, of course
which is not real but such propaganda can change the life of many people. There should be awareness spread in people
to think out of the box, its not necessary what the crowd is doing is always right.
c.
Social media provides lack of anonymity and fear of unknown that might lead to damage our personal and professional
lives. Also, online shopping on social media can leads to identity theft and hence, could provide financial loss. The main
threats of social media are same as the traditional web application but some threats are unique to social media like
Cross site scripting, phishing, information leakage. These threats can be classified into two categories end user behavior
related threats (phishing, information leakage) and other classification is security vulnerability of social media (XSS,
CSRF, injection flaw anti automation etc.).
If a combination of proper end user security and secure coding practice is used to verify the flaws, this can mitigate most
of the flaws and risk offered by social media (user behavior/security vulnerabilities)
d.
To overcome such problems faced by internet social media we have to restrain ourselves and to think twice before
sharing any personal information, in order to keep away ourselves from destroying our own selves. Should learn to use it
positively.
13
13. BIBLOGRAPHY
[1] https://en.wikipedia.org/wiki/Social_engineering_(security)
[2]http://www.huffingtonpost.com/barbara-greenberg/8-problems-with-teens-social-media_b_3472816.html
[3] http://www.statista.com/statistics/273476/percentage-of-us-population-with-a-social-network-profile/
[4] http://www.engadget.com/2014/11/13/stuxnet-worm-targeted-companies-first/
[5] How to Stop Online Tracking and Protect Your Identity,Author: Larry Harison
http://www.pinow.com/articles/1721/how-to-stop-online-tracking-and-protect-your-identity
[6]TOP 5 ways to protect IP spoofing,Jonathan Hassell
http://www.computerworld.com/article/2546050/network-security/the-top-five-ways-to-prevent-ip-spoofing.html
[7] http://lightcyber.com/8-tips-to-prevent-social-engineering-attacks/
[8] http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
[9]The Social engineering framework
http://www.social-engineer.org/framework/influencing-others/pretexting/successful-pretexting/
[10] Three ways to protect from Clickjacking, By Chris Hinkley
http://www.securityweek.com/three-ways-prevent-clickjacking
[11] The Red book the syssec (Road map to system security Research)
http://www.syssec-project.eu/
[12] https://www.sans.org/reading-room/whitepapers/policyissues/reducing-risks-social-media-organization-33749
[13] https://en.wikipedia.org/wiki/Orkut
[14] https://en.wikipedia.org/wiki/Snapchat
[15] https://en.wikipedia.org/wiki/Twitter
[16] https://en.wikipedia.org/wiki/Facebook
14
14. APPENDIX
a.
Government could show public service messages on television for the betterment of public. I would provide as an
example of advertisement that could be shown for awareness.
https://www.youtube.com/watch?v=-5PZ_Bh-M6o
The above video is about cyber bullying. A message is given what are the effects of cyber bullying and how this can be
mitigated. This how youngster ridicule each other on looks and mock each other through it, this is leading to hatred,
envy and depression in everyone.
b.
https://www.youtube.com/watch?v=om93-2Ys3dA
Your card can now be tracked using RFID.Everything that is in air can be captured and read by the thieves. There are
multiple ways to avoid it, one is to ask your bank to do not give you RFID ATM card.There are wallets out there that
can be used to protect the cards from transmitting signals.
Thieves can pick PIN numbers to using special devices.
c.
Hacker can access and record your webcam. Nates point is a hacking program and a demo is given how to control
someones webcam virtually. That camera can record you to and you never know you are the victim.
Always secure wireless network, never rely on the firewalls that come with the operating system.
Only MacAfee is not enough, The Hacker checks the open ports and connects to the hackers computer. If a computer
is hacked then the IP address of the hacker can be seen in the log file of your computer. If hacker can access camera
they can access your all keystrokes. Mihackerproof.com can be used for free to scan your computer hackers free.
Advance Firewall and wireless encryption can prevent hackers.
https://www.youtube.com/watch?v=sC9xOBoGzc4
d.
Google is shut down in china, as the people teach their children how to hack at high school age.9 million people get
their identity hacked every year.
https://www.youtube.com/watch?v=aXDuEVAq_dc
e.
https://www.youtube.com/watch?v=Xc_pccRxAfc
Such more public service messages can be showed on television to spread awareness amoung the parents, so they
could teach their children the right way. The same point is given by the sheriff that in movies we have G Rating for
general, PG Rating for Parental Guard, PG-13 with parents can be watched R is restricted and NC-17 means No one
under 18 can be admitted.
Such rating is done for the movies, if such rating on internet social media is done a lot of problem can be resolved.
15