Internet Social Media-Final PDF

Internet Social Media

The risk involved in social networking and how to avoid it!!
Prepared By:
Samia Saad
TABLE OF CONTENTS
1. ABSTRACT ................................................................................................................................................................ 3
2.
PURPOSE .................................................................................................................................................................. 3
3.
MOTIVATION ........................................................................................................................................................... 3
4.
PROBLEM STATEMENT ............................................................................................................................................ 4
5.
BACKGROUND ......................................................................................................................................................... 4
6.
HISTORY ................................................................................................................................................................... 5
7.
COMMONLY USED METHODOLOGIES AND ATTACKS ON SOCIAL MEDIA ............................................................. 6

a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
l.
m.
n.
o.
p.
q.
8.
Insufficient authentication Controls: .................................................................................................................. 6

Cross Site Scripting (XSS)..................................................................................................................................... 6
Cross Site Request Forgery(CSRF) ....................................................................................................................... 6
Online behavior tracking .................................................................................................................................... 6
Social Engineering ............................................................................................................................................... 7
Phishing ............................................................................................................................................................... 7
Pretexting ............................................................................................................................................................ 7
Leakage of Information ...................................................................................................................................... 7
Flaw Injection ...................................................................................................................................................... 8
Information Integrity .......................................................................................................................................... 8
Insufficient Anti-automation .............................................................................................................................. 8
Baiting ................................................................................................................................................................. 8
Click jacking ......................................................................................................................................................... 8
Spam.................................................................................................................................................................... 8
Sybil Attack ......................................................................................................................................................... 8
Third party attacks .............................................................................................................................................. 9
Spoofing .............................................................................................................................................................. 9
SCENARIOS / FACTS ................................................................................................................................................. 9
9.
SOME QUESTIONS: TO THINK FOR THE SOLUTION .............................................................................................. 11
a.
b.
c.
d.
10.
Where does the problem lie? ........................................................................................................................... 11

Who gets affected by social media? ................................................................................................................. 11
What more worst can happen? ........................................................................................................................ 11
What can happen next by this social media if awareness is not given? ......................................................... 11
RISK AVOIDENCE STRETEGIES ........................................................................................................................... 11
a.
b.
c.
d.
e.
f.
g.
11.
Password protection ......................................................................................................................................... 11

Protecting Anonymity ....................................................................................................................................... 11
Checking profile ................................................................................................................................................ 12
Age Limit ........................................................................................................................................................... 12
Password Cracking ............................................................................................................................................ 12
Hashing .............................................................................................................................................................. 12
Service Decoupling ............................................................................................................................................ 12
RESEARCH GAP .................................................................................................................................................. 12
12.
CONCLUSION ..................................................................................................................................................... 12
13.
BIBLOGRAPHY ................................................................................................................................................... 14
14.
APPENDIX .......................................................................................................................................................... 15
1. ABSTRACT
Social media has drastically changed our lives and our issues too. In todays world, we face a whole bunch of new issues
which the world has never heard of before. We need to solve our issues by keeping in mind that most of the new
problems are being caused through internet social media.
A mother from Texas wrote in Huffington post, that her teenager kid spends hours wasting his time on Facebook,
twitter and Instagram instead of studying and spending spare time with developing good hobbies. [2]
People nowadays are glued with their cell phones texting or using social media resulting lack of their level of
concentration and they can easily become addicted to it. Teens are more belligerent these days as the part of their
behavior is due to the social networking sites which gives them a freedom to hide their original identity that results in
cheating, aggression, cyber bullying and other harassment activities. [2]
The usage of internet social media is increasing day by day and there is no prediction for it to be slowing down in
coming future. This progression in technology have not only paved new ways for public and business communication
but also provided opportunities to several attackers at vast scale.
To mitigate the present and upcoming social media attacks and to prevent users from becoming victims to various
forms of attacks, awareness has to be spread and social media systems should be designed that are simple, more
secure and have set of rules that are transparent in security and available for the users.
The dilemma lies not just in controlling the usage of internet social media in the lives of kids and teenagers, but we
ourselves are not aware of the consequences that we could face through internet social media in our lives. We are not
aware of what data to share and what not and thus personal data could be used by anyone else for ID theft,
impersonation, abduction etc.
Most of the time in our daily lives is spent on surfing internet and we are no more a stranger to this whole wide world.
Global businesses are also affected to this as the data for several companies are shared on social network which can
be used by competitors and can also get hacked creating chaos in the companies. This could severely affect the revenue
of the companies thus causing its shares to go down.
2. PURPOSE
The purpose for this report is to highlight the dangers and threats of internet social media and to create awareness
about the global issues the world is facing today through internet social media.
3. MOTIVATION
The motivations to write this reports are listed below:
a.
b.
c.
To highlight the threats and vulnerabilities of future usage of internet social media.
To spread awareness among companies, business holders and youth to know about the issues faced through
internet social media and how to overcome it.
To overcome the social media attack by highlighting the new ways being currently used.
4. PROBLEM STATEMENT
Internet social media is a revolution and a best source to share information to the ones you know and to the whole
world but on the other side, there has been serious concerns on abusing this service as well. Today, there are billions
of people using internet social media and thus some of them are predators too. Such predators are always in search
of a person that they can take advantage of.
The problem lies in our understanding where the threat is and how we can avoid it to protect our young generation
from all these social media issues? People have to realize that the issues around misusing social media could prove to
be harmful for them and to the next generation. We do not want our next generation to become victim of social media
threats and live a fearful life, instead, we want them to be a confident human being and a generation who could build
this world to be a better place to live for everyone.
The Problem is not in using social media, it is merely the way how we use it and for what purpose. The main idea is to
analyze ways to mitigate the attacks and to devise ways to protect internet social media.
5.
BACKGROUND
Internet-based social networking sites have created a revolution in social connectivity. Nowadays the
social networks are used at large scale due to the fast progressing information technologies around the
globe [11]. In the initial years, the communication started with fax followed by emails, chat messengers and
now we are using social media i.e. Facebook, Skype video calls, snapchat, Instagram.
Moreover, it is pertinent to note the influence that has been produced as a result of combining the
Internet idea with mobile communications. This in fact should be considered a threat and a major generic
instability generator. The modern IT based social networks are practically associated with Facebook,
Twitter and LinkedIn which have more than a billions users and thus have to be used with care.
Internet Social Media has hijacked our personal space by fully transforming into identified interaction
through Internet cookies (temporary internet files that are housed in users temporary internet folders).
Thus in todays world, our cookies tell the advertiser about our like and dislikes.

6.
HISTORY
Social Media Year Build / Purpose
Brief History
Vulnerabilities
Operated by google
Built in 2004.
Shut down in Sep. 30, 2014.
Main purpose was to connect Orkut users globally:
people.[13]
- 51% USA, 53% Brazil and 18.4 % India
In 2008 Orkut started its operation from Brazil [13]
It was possible for anybody to assess and save anyone

pictures, videos and scraps.
As a result, people started misusing the photos and videos
by making fake accounts. [13]
Snap Chat
Started in May 2015.

Designed by Spiegel at
Stanford University.
Share photo, videos and
stories with the friends [14]
Total valuation is $10-$20 billion [14]
Snapchat was hacked on December 31, 2013 by a

Australian security company called Gibson Security.
Snapchats API security vulnerability was detected on
August 27, 2013.
4.6 million Snap chat user data usernames, phone
numbers was released by hackers. [14]
Hacked by hacker to spread awareness among the people
about snapchat vulnerabilities. [14]
Twitter
Online social networking

service.
Launched in July 2006.
On April 7, 2007, reported security vulnerability on

was done on the phone number of the
In 2013 the twitter was among the 10 most visited Twitter. Spoofing
sender. [15]
websites.
On January 5, 2009, 33 high-profile Twitter accounts were
Also called The SMS of internet.[15]
compromised as Twitter administrator's password was
guessed by a dictionary attack[15]
Most commonly used.

Founded by Mark Zuckerberg
from Howard in 2004. [16].
In 2010, Facebook's security team began expanding On November 6, 2007, Facebook launched Facebook
its efforts to reduce the risks to users privacy. The Beacon, which was a part of Facebook's advertisement
system until it was discontinued in 2009. Its purpose was
issue still exists.
to allow targeted advertisements
In November 29, 2011, Facebook settled FTC*
In 2010, the National Security Agency took publicly posted
charges that it deceived consumers by failing to
profile information from users Facebook profiles to
keep privacy promises [16].
discover user activities. [16]
Orkut
Facebook
Although a lot of vulnerabilities have been identified in the usage of social media, but still the user usage trend has
been on the rise. Below graph validates the rising % of US population for social media from the years 2004 till 2016.
[3]The above data is taken from a Statics Portal (Statista). The link is shown in references
Facebook, twitter, google+ has a lot of popularity and are used by billions of people all over the world but this is also a
platform for the attacker to do nefarious activities. These can be used by people to develop social relationship, making
calls and also do conferences, but this can be used by the attacker too, attacker makes false node into your account
and he gains information about your accounts. Attacker impersonate itself and then the user believes him and share
information with him. The attackers are impersonating and when we befriend with strangers we invite cyber criminals
to attack our privacy. The above graph shows the percentage increase of users having social media profiles from the
year 2004-2016 is shown and the percentage of user with profile is increasing every year.
7. COMMONLY USED METHODOLOGIES AND ATTACKS ON SOCIAL MEDIA

There are many methodologies used by cyber attackers on internet social media. Some are listed below:
a. Insufficient authentication Controls:

Social media has sensitive information spread on many different locations, this makes it more vulnerable to attack by
attackers as there are many new users who can be victim and hence this can affect the privacy of whole system. For
example, if we consider a companys administrative account on social media and the new administrator put a week
password so the account is vulnerable to brute force attack. Single administrative account can compromise the security
of number of accounts added in it [12].
b. Cross Site Scripting (XSS)

Cross site script is an attack on which the browser of the victim is induced by malicious code. This code steals the
victims personal information, then the victims computer launch attacks [12]
c. Cross Site Request Forgery(CSRF)

This attack causes the end user to execute attack on the user, the malicious link is embedded in the web page or it can
be send through the email or chat, through this the attacker makes the user to perform certain actions which he needs.
This may compromise the users privacy and it may affect the whole network [12]
d. Online behavior tracking

Another way to track the behavior what people like, where they go, and what they buy through cookies. This is done
overall on many websites including social media
e. Social Engineering
Social Engineering is an art and science of manipulating people. There are many predators on internet social media,
they use social engineering to achieve their personal goals. Social Engineering predators are mostly internet
professional and computer security professional. Social Engineer requires a lot of high cognition attribute. [1]
f.
Phishing
Phishing is not directly related to social media, but some people use social media on cell phones which make it difficult
to distinguish between the fake sites and the original sites, Social media also allows the attacker to send phishing
messages by impersonating to be the victims friend. Then he obtains login and password of victims account, then
further he sends phishing emails to the other people connected that is mostly enticing for everyone and seems like it
is from the victim. [12]
g. Pretexting
This is a scenario built by the predator to trap a person do what he would not do under normal circumstances. This
technique can be used to fool the business holder to gain information about the business and to use it against the
company afterwards. Some methods to avoid pretexting [9]
h. Leakage of Information
Social media connect us all the time, its always on, we draw no line between where to use and what to share. The
young workers in office and home use it and they unintentionally leak information about company while using at work

which the companies would not want to tell on social media. The small detail about the companies on social media
can be used by the business competitor to know about current and future plan of the company [12].
i.
Flaw Injection
The social media technology has injection flaw which is similar to XML injection. The social media highly depends on
client side, so the client side validation can be bypassed by the attacker.
This occurs when user data to interpreter in the form of query, the attacker fabricate the data, it allows the attacker
to create, read and update any data [12].
j.
Information Integrity
Data integrity is the basis of information security. Malware can compromise the systems security; it occurs mostly
when the system is not updated in their anti-virus software. Attacker can manipulate and damage through malware.
But there are instance that honest mistakes can be done by the legitimate users, any unintentional information posted
on internet social media as there are many users all over the world they can take it in different ways. As the data is
accessible by many users all over the world this makes the data vulnerable to malicious attack and misinterpreted by
many, this compromises the integrity of data [12].
k. Insufficient Anti-automation
The Social media interface to prone to automated attacks, this attack automatically runs the query and all information.
Anti-automation like CAPTCHAs are used to defend against these automated attacks [ 12]
l.
Baiting
This is a type of Trojan horse, an attacker can make enticing free option on social media and put malware in it. If the
user is nave and follow all the links he gets infected with the malware.
m. Click jacking
This is a way to convince user to click on a link which is a trap, the user clicks on such link as he finds the content
interesting but after clicking he will not get what he expected from the link and he will lose his privacy.
n. Spam
Spammer use many platforms to spread spam, social media is one of them.
o. Sybil Attack
Spam and malware attack are still there, but there are fake account attacks too. Such accounts are created by attacker
to harm other people such an attack is called Sybil Attack.
Sybil attack have been proposed multiple solution, Sybil guard and Sybil limit. Social network can be used to spread
propaganda, could be political or personal. Social network ha variety of data from natural disaster to every little
information about any person. Data mining is used to study such dynamic data.
There is no way to measure the trustworthiness and honesty of information on social media.
how such dynamic data can be studied and how such dynamic data can be aggregated and made in a graph to
study the cybercrime.
how data mining can be used to differ between honest activities and malicious activities.
Authentication: Such attack like Sybil attack can be decreased if proper Authentication is done. Facial
recognition system can be user to verify user. If the person is not present in the facial recognition system, then
such person should not be allowed to make account
p. Third party attacks

Such attacks are conducted with cross site attack and denial of service attack. Third party also send information about
users they extracted to the advertisers and the Internet tracking companies and in such ways they violate the privacy.
Facebook now has coarse grain access control for such third party attacks but coarse grained attack is not enough now
we need fine grained to be implemented.
In coarse grain the system is made into large sub components, while in fine grained the system is made up of smaller
components.
q. Spoofing
Spoofing is done by entering in to someone else account through IP and get personal details. This could lead to severe
damages to personnel and the company.
8. SCENARIOS / FACTS
There have been many instances like if someone running for presidential candidate and there is a sudden leak of video
or certain information that could demolish the image of the person.
a.
If there is any merger we usually see any news about the director suddenly outbreaks, these acts are done to
distort the image of such person, and these incident occur as we open our life to social media, so such predators
take advantage of the situation and they can easily distort our image in public.
b.
Facebook Abduction is another very deteriorating incident that occurred, teenager was abduct by a man
impersonating to be some other person. Such online friendship lead to such crimes.
https://www.youtube.com/watch?v=c4sHoDW8QU4
This is a YouTube experiment on child abduction for awareness in kids to be spread.
c.
Cyber bullying another very important issues on social media, leads to hate, anger and envy, which lead to leave
every person alone in their lives, such cases leads to depression and suicide. About 42% of kids are victims of cyber
bully.
d.
In 2009, the U.S. military considered a near-total ban on social media sites throughout the Department of Defense.
Military officials cited inherent technical security weaknesses and lack of security safeguards on social media sites
(Schachtman, 2009)[12]
10
9. SOME QUESTIONS: TO THINK FOR THE SOLUTION

a. Where does the problem lie?
The problem lies in our state of mind to identify there are vulnerabilities and risk involved in using social media.
b. Who gets affected by social media?

Business personnel and individuals in their social and personal life will be most affected with such vulnerabilities.
Even the people who do not use social network they can be affected too. For e.g. Few years back there was a
security breach in LinkedIn as a result a lot of professionals got affected. The password of LinkedIn was not
encrypted so this caused harm to approximately 6.4 million of professionals who were registered through LinkedIn
servers.
c. What more worst can happen?

A generation is growing using social media which will never have the same lifestyles as we do, they will never have
the opportunity to learn through their mistakes as we consider our mistakes to be stepping stones, and their
mistake could affect their personal and professional life. Something very easily could be done by someone else
and price will be paid by someone who is innocent through identity theft etc. As a result, if something does not
act now, then our next generation is going to live a fearful life and their life will be stuck in such issues.
d. What can happen next by this social media if awareness is not given?
If awareness is not provided to our next generation, then we will have a generation who will have no secrets, as a
result this generation will not trust anyone. They will not be able to build relationship. This will be the generation,
who will not be able to learn through mistake as we do because if a mistake is done on social media and if his
image is distorted then such person might suffer for this distorted image for life time.
Hence, a lot of awareness should be spread about using social media, article should be written, and there should
be free seminars to spread awareness among everyone.
10. RISK AVOIDENCE STRETEGIES

There should be some mechanism that provides a reasonable privacy on such public social media.
It should be realized that all attacks on social media by the eavesdropper cannot be successfully detected and
mitigated. This could lead us to conclude that such error on social media privacy, security may go undetected for long
time and could prove harmful to many.
a. Password protection
Our identity in cyber world depend on passwords which can be stolen and abused. This can lead to wide variety of
attacks on identity theft.
b. Protecting Anonymity
Everyones private life is lost and now people have to learn how to lead their lives in public domain. Lost Privacy
cannot be found.
11

c. Checking profile
A fake profile can be created to check the leakage on the website, with different user name and interest. The leakage
can be registered by the feedback on the website, so the social media owner can work on it.
d. Age Limit
As we have age limit in movies PG-13, NR, the user should be above age 18 to access social media websites. Some
specific forms should be filled by the user to access the website by agreeing on the age limit to be more than 18 years.
e. Password Cracking
Cryptographic hash functions can be used to authenticate information, but now CPU is combined with powerful
crackers to target password digest. Cloud cracker is also easily available. More research is needed to know how to
protect password.
f.
Hashing
Cryptographic hash function is used to protect password. A website can slow down the attackers by applying the
hashed password. The hashed password does not allow brute force and dictionary attack.
g. Service Decoupling
Service like Facebook, twitter is interconnected with each other. Twitter may post comments on Facebook and it is
configured like that. The service coupling provide new type of services but this is security sensitive. It is challenging for
researcher to study all interconnected services. Two Factor Authentication: Like SMS code and typing password is a
very effective way to protect password. Such two Authentications can be used for more security, to protect password
related issues.
11. RESEARCH GAP

There is a lot of more research needed, how more security can be achieved in internet social network and how to mitigate
some vulnerabilities. Such research work should be funded by government in United States for the betterment of public
and for the national level issues that occur. Free conferences and seminar can be done. Sadly, there is very less research
done on this topic even if it is very critical issue for the current security situation and the generations to come. A lot of
group customized research is needed, to achieve specific target. More research is needed to find a formulated way to
avoid these circumstances faced today. Research may lead to inventing a better system that could help us avoid such
situations. SYSSEC RESEARCH SysSec is a research done over a period of 3 years on Social media system security in Europe.
Promote education in the field of Social media system security. This research is to promote think tank in discovering the
vulnerabilities in the field of Social media system security. This Research is very intense as it is done over 3 years of period
of time by very skilled workers all did joint work to achieve security over internet social media. [ 11]. To overcome the
possible misuse of social networks, EU Network of Excellence SysSec has made an attempt to conduct a recent study on
the risks associated with social networks.
12. CONCLUSION
The Internet social media has changed our lives in every aspect of our lives, the way of doing business, interacting with
people has changed a lot. There are some good aspects as it is convenient to use to interact with other peoples but it
offers huge range of disadvantages, risk and danger to life and money, as I have discussed earlier.
12
a.
The main issue is how to overcome such problems faced by internet social media and how to restrain ourselves and to
think twice before sharing any personal information. I have discussed in the paper that awareness is the main thing that
could change lives of many from facing such issue. These issues can be very deteriorating in ones life.
b.
There should be conferences, seminar and public service messages, still a lot of more research is needed to protect
individuals, companies to analyze each and every drawback of each and every act we do online.
Government or social worker companies can spread awareness to inform people the disadvantages of internet social
media. How we can use it for positive work only and how we can restraint from sharing private data. Such research can
be done for the welfare of the people. Social media forums are also used to spread different propagandas, of course
which is not real but such propaganda can change the life of many people. There should be awareness spread in people
to think out of the box, its not necessary what the crowd is doing is always right.
c.
Social media provides lack of anonymity and fear of unknown that might lead to damage our personal and professional
lives. Also, online shopping on social media can leads to identity theft and hence, could provide financial loss. The main
threats of social media are same as the traditional web application but some threats are unique to social media like
Cross site scripting, phishing, information leakage. These threats can be classified into two categories end user behavior
related threats (phishing, information leakage) and other classification is security vulnerability of social media (XSS,
CSRF, injection flaw anti automation etc.).
If a combination of proper end user security and secure coding practice is used to verify the flaws, this can mitigate most
of the flaws and risk offered by social media (user behavior/security vulnerabilities)
d.
To overcome such problems faced by internet social media we have to restrain ourselves and to think twice before
sharing any personal information, in order to keep away ourselves from destroying our own selves. Should learn to use it
positively.
13
13. BIBLOGRAPHY
[1] https://en.wikipedia.org/wiki/Social_engineering_(security)
[2]http://www.huffingtonpost.com/barbara-greenberg/8-problems-with-teens-social-media_b_3472816.html
[3] http://www.statista.com/statistics/273476/percentage-of-us-population-with-a-social-network-profile/
[4] http://www.engadget.com/2014/11/13/stuxnet-worm-targeted-companies-first/
[5] How to Stop Online Tracking and Protect Your Identity,Author: Larry Harison
http://www.pinow.com/articles/1721/how-to-stop-online-tracking-and-protect-your-identity
[6]TOP 5 ways to protect IP spoofing,Jonathan Hassell
http://www.computerworld.com/article/2546050/network-security/the-top-five-ways-to-prevent-ip-spoofing.html
[7] http://lightcyber.com/8-tips-to-prevent-social-engineering-attacks/
[8] http://www.pandasecurity.com/mediacenter/security/10-tips-prevent-phishing-attacks/
[9]The Social engineering framework
http://www.social-engineer.org/framework/influencing-others/pretexting/successful-pretexting/
[10] Three ways to protect from Clickjacking, By Chris Hinkley
http://www.securityweek.com/three-ways-prevent-clickjacking
[11] The Red book the syssec (Road map to system security Research)
http://www.syssec-project.eu/
[12] https://www.sans.org/reading-room/whitepapers/policyissues/reducing-risks-social-media-organization-33749
[13] https://en.wikipedia.org/wiki/Orkut
[14] https://en.wikipedia.org/wiki/Snapchat
[15] https://en.wikipedia.org/wiki/Twitter
[16] https://en.wikipedia.org/wiki/Facebook
14
14. APPENDIX
a.
Government could show public service messages on television for the betterment of public. I would provide as an
example of advertisement that could be shown for awareness.
https://www.youtube.com/watch?v=-5PZ_Bh-M6o
The above video is about cyber bullying. A message is given what are the effects of cyber bullying and how this can be
mitigated. This how youngster ridicule each other on looks and mock each other through it, this is leading to hatred,
envy and depression in everyone.
b.
https://www.youtube.com/watch?v=om93-2Ys3dA
Your card can now be tracked using RFID.Everything that is in air can be captured and read by the thieves. There are
multiple ways to avoid it, one is to ask your bank to do not give you RFID ATM card.There are wallets out there that
can be used to protect the cards from transmitting signals.
Thieves can pick PIN numbers to using special devices.
c.
Hacker can access and record your webcam. Nates point is a hacking program and a demo is given how to control
someones webcam virtually. That camera can record you to and you never know you are the victim.
Always secure wireless network, never rely on the firewalls that come with the operating system.
Only MacAfee is not enough, The Hacker checks the open ports and connects to the hackers computer. If a computer
is hacked then the IP address of the hacker can be seen in the log file of your computer. If hacker can access camera
they can access your all keystrokes. Mihackerproof.com can be used for free to scan your computer hackers free.
Advance Firewall and wireless encryption can prevent hackers.
https://www.youtube.com/watch?v=sC9xOBoGzc4
d.
Google is shut down in china, as the people teach their children how to hack at high school age.9 million people get
their identity hacked every year.
https://www.youtube.com/watch?v=aXDuEVAq_dc
e.
https://www.youtube.com/watch?v=Xc_pccRxAfc
Such more public service messages can be showed on television to spread awareness amoung the parents, so they
could teach their children the right way. The same point is given by the sheriff that in movies we have G Rating for
general, PG Rating for Parental Guard, PG-13 with parents can be watched R is restricted and NC-17 means No one
under 18 can be admitted.
Such rating is done for the movies, if such rating on internet social media is done a lot of problem can be resolved.
15

Internet Social Media-Final PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internet Social Media-Final PDF

Uploaded by

Copyright:

Available Formats

Internet Social Media