Social Insecurity

Not too long ago, one could trust the big corporate names to run clean websites. You had to go surfing down some shady back alleys of the web to expose yourself to malware. Those were the naïve days of the pre-adolescent internet, when firewalls and spam filters were not words that your mom and dad could casually drop over dinner. Those days are gone.

A recent report shows that the most recognized names on the internet are now becoming the biggest targets for hackers . It used to be that finding malware on high profile sites was like the idea of strip clubs in Disneyland:  unimaginable. However, hackers have matured and turned their attention to high profile social networks, targeting these trendy websites for massive ROI . These sites combine a massive user base, allow custom content creation (tweets, status updates, etc.), and  give third party applications access to user data, all of which combine to give hackers new attack vectors to exploit .

Why social networks are great targets

These new social aggregators attract staggering numbers of users, and a few of the most popular boast more active profiles than Russia has residents . Since online social networks are meant to show off ‘social capital’, the successful ones tend to turn these online popularity contests into even more users .  This snowball effect provides the high concentration of online users that attracts online criminals. Modern social sites provide more than just massive numbers of users: they also provide stickiness . Large sites like eBay were very popular targets a few years back, but even current retailers such as eBay or Amazon cannot compete with Facebook for reaching and holding American attention .

Massively interconnected networks, both real and digital, are able to spread information incredibly quickly. This is great if you are spreading good news, or paychecks. It is not so good if you are spreading bogus stock tips or the Swine Flu . The spread of digital information even resembles its real-life counterpart under rigorous scientific scrutiny .  However, unlike the real world where it takes eight hours to get a germ infected body from London to New York City, digital malware can spread far more quickly .

Although we may not realize what consequences we invite by providing even modest amounts of personal information to social networks, we are quickly learning. Recent publications show it is possible to discover of 'hidden' user information by predicting missing links and ‘merging social graphs’ .  Trying to remain anonymous for the benefit of privacy is futile, since even data that is ‘scrubbed’ of personally identifiable information can be easily de-anonymized with advanced statistical algorithms .

Some of the most popular social networking sites also allow third party applications to play on the site with little or no supervision. Although most current third party application malware is easily detectable, many believe that the introduction of stealth malware (masquerading as useful applications) is on the horizon . As social networks move to allow these applications access to more personal data, the potential for abuse is staggering .

How to protect yourself

Don’t join a social network if you don’t like tattoos, since social networks are far more permanent. Tattoos can be removed, but even if a site allows for the complete removal of personal data from the company’s servers, Google and the Internet Archive make sure that is a meaningless point. The internet is forever - or at least until the next electromagnetic apocalypse.

Use common sense. Often users unwittingly reveal sensitive information through status updates, picture uploads, etc. Ignoring the embarrassing position people can find themselves in at a job interview, this type of information is used with great success by old fashioned con artists. Avoid common scams by arming yourself with information on some recent scams, and learn to spot suspicious online offers for free computers . Don’t use the same password on every site you visit. And even if you think you are a hard core security professional, it can’t hurt to brush up on the latest scams making the internet rounds .

Last but not least, set and maintain your privacy settings . The default privacy settings provided by many sites are fairly insecure, and most users never even bother to adjust them . Also remember that security settings are often voluntarily overridden. Simply sending or responding to someone on Facebook gives them access to your details for 30 days, whether you actually know them or not. In this case, silence is not only golden, but much more secure.

Labels: Malware
| ‎05-28-2009 11:59 PM

I am very interested in the references (links are missing??) for this excellent blog post.

todd.densmore | ‎05-29-2009 03:21 PM

Andre, thanks for your comments. Although they are hard to see, the actual numbers in brackets should be clickable and link you to the reference source. I just double checked with IE 6.0.2900 and FF 3.0.10 and the links seem to be working for me. If you are still having problems, let me know and I can add the references to the bottom of the post.

| ‎06-04-2009 03:08 PM

Hey, can I quote you in a magazine article I'm writing?

todd.densmore | ‎06-04-2009 08:43 PM

Yes, you may. We here at HP would love to have a link to the published article when it becomes available if at all possible.

| ‎08-11-2009 06:16 AM

Nice sunglasses.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.