Embed Size (px)
DESCRIPTION
The threats users of social networks face
Citation preview
Social Networking:The Greatest Threat to National Security?
E.J. Hilbert
President
Online Intelligence
About the Speaker President of Online Intelligence- We are a cyber security firm specializing in
social media and online advertising schemes, scams and crimes. Director of Security Enforcement for MySpace – Responsible for addressing all
security concerns related to MySpace, its systems and its users. Senior Consultant for Control Risks Group- Employed as a security, investigative
and crisis management consult for Fortune 50 companies FBI Special Agent- Specialized in Cyber Crime, Counter Intelligence and
Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, Samantha Runnion Kidnapping and Invita/Flyhook: the Alexey Ivanov case.
High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country
Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe
Online chatting since 1990
What is Social Media/Social Networking? Social Networking or Social
Media is instant gratification self promotion.
Relies on user interaction Contacts, Friends, Pokes, Apps
are often for alternative motives The latest evolution of AOL
chat meets the political soap box Profitable business model Necessary Evil Happy “National Data Privacy
Day”
What are the Threats?Three Primary Threats:
Open Intel Collection- Social Engineering
Fake Friends Loose Lips Sink Ships
Phishing/Compromise/Virus
Back Office Data Collection- Personal Information Geo-Location Information Aggregators
Propaganda Information Dissemination Media Believe Social Media
Open Intel Collection Users see social networking as one to X number of
friends. When in fact it one to infinity. Info collected from one can be matched up with info
collected from another Privacy settings are available but not used All hacks start with data collection both technical
and social Media, Employers, Friends and Intelligence Officers
research you on Social Networking sites
Fake or Real?
Friending is Social Engineering made easy.
There are hundreds if not thousands of media reports of crimes where people “met on the Internet” Child Predators Serial Rapists Murders
Even if you never meet in person the relationship can be used to compromise such as sex-ting.
Loose Lips Sink Ships Free information flow
Name, Location, Career, Friends No monitors
You don’t have access nor do you have the right
Opportunity to Brag Young and Old want to show off
LLSS is in “Comments” too
Trolls attack to cause a fight Defending yourself Setting the record straight
Statements designed to illicit a response Comments are indexed and
searchable No Anonymity
People write in patterns There is no “off the record”
Regulate vs. free speech
What can we find here?How often the page
is monitored
Air Force Members?
Where they served
All their friends
Two Friends to Target
Do they know what they are sharing?
Phishing, Compromises and Viruses Social Networking sites are rarely hacked
Not cost effective Users are low-hanging fruit
Users are scammed into giving up information 85% use the same password on Social Networking
as they do their email Passwords are keys- car and house are different
Stolen account equals access to “friends” and to communication
Viruses come from external links not from the primary site
Back Office Data Collection Social Networking sites are businesses Sites profit from advertising and selling collected
data The more they know about you the better they can
sell to you Keyword targeting Hyper-targeting
Primary site is not the only collector Each Ad equals a minimum of 4 collection points Site, Publisher, Ad Network, Advertiser
Understanding Online Advertising Advertisers’ pay based on user/viewer
action.
Impact and cost of a campaign is measured by number of actions taken by the consumer
Advertisers employ a marketing network to “drive traffic” to a site.
Marketing network sub-contract ad traffic acquisition to affiliates/publishers.
Affiliates/Publishers place the ads on various sites
Advertiser
Network
Publisher
Web Traffic/Data
Web Traffic/Data
Payment
Payment
Online Ad
Click Thru Progression
What your browser sees
You start at MSNBC.com and click on an ad then go to top3acaiberry.com then:
http://www.acai-berry-oz-review.comhttp://acai-berry-oz-review.com/acai2.php?page=http://www.cpaclicks.com/secure.asp?e=dbxbkrcsxowh&d=0&l=0&o=&p=0&subID1=AA8-&subID2=&subID3=&subID4=&subID5=http://affiliates.copeac.com/ez/dbxbkrcsxowh/&dp=0&l=0&p=0&subid1=AA8-http://www.maxacaiweightloss.com/a/?aid=187&subid=21273http://www.maxacaiweightloss.com/offer/maxacaiweightloss/orhttp://www.acai-berry-oz-review.comhttp://acai-berry-oz-review.com/acai3.php?page=http://qdmil.com/click/?s=12381&c=148797&subid=AA8-http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1http://www.bestslimacai.com/HHJ231/?Cid=32305&code=OjI6VVM6Z3J6a19DU2dsOjMyMzA1OjEyMzgxOnJlZGlyZWN0X2Zyb21fNTA1Ml90b181MTIyX2Zvcl9BQTgt
Data Collection Points
Capturing:IP Product type Time and dateSystem typeBrowser typeCookie Dropped
Sample Data CollectedTime Aff Id Offer Id Sub Offer Allows Incent IP Country Click ID Payout Extra Info Browser2010-01-24 18:42:25 36181 No 173.176.184.95 can 106274405 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)2010-01-23 18:28:58 35466 No 173.176.203.132 can 208358105 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30618; .NET CLR 3.5.30729)2010-01-23 12:33:04 35195 No 173.176.246.80 can 207706893 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.17) Gecko/2009122116 Firefox/3.0.17 (.NET CLR 3.5.30729)2010-01-23 13:50:57 35270 No 199.84.45.131 can 103358676 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)2010-01-24 11:47:30 35898 No 207.134.51.11 can 105375910 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)2010-01-23 14:24:21 35312 No 207.216.223.128 can 207918223 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.102010-01-24 10:11:52 35781 No 216.246.252.26 can 209726388 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.17) Gecko/2009122116 Firefox/3.0.172010-01-24 20:10:15 36216 No 24.122.21.131 can 211017057 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)2010-01-23 17:19:36 35424 No 24.122.52.166 can 208251368 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; Seekmo 10.3.86.0)2010-01-24 11:08:07 35848 No 24.200.69.146 can 105336135 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)2010-01-24 11:13:19 35848 No 24.200.69.146 can 105344397 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)2010-01-23 20:48:23 35526 No 24.201.84.156 can 208595842 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)2010-01-24 12:55:37 35958 No 24.202.175.29 can 209994425 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)2010-01-24 13:12:43 35972 No 24.202.175.29 can 210068943 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)2010-01-23 18:24:34 35467 No 24.203.21.168 can 208414588 Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB6 (.NET CLR 3.5.30729)2010-01-24 08:46:11 35707 No 24.203.216.157 can 209616382 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)2010-01-24 10:13:57 35783 No 24.230.237.123 can 105224148 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)2010-01-23 13:48:48 35264 No 24.37.146.192 can 207842810 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts-MyWay; SV1; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)2010-01-24 10:54:36 No 24.37.168.189 can 105323646 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)2010-01-24 02:52:11 35612 No 24.37.47.166 can 104718376 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; FunWebProducts; GTB6.3; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.2010-01-23 14:01:08 35275 No 24.37.55.105 can 207793104 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)2010-01-23 14:07:58 35275 No 24.37.55.105 can 207864015 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)2010-01-23 19:27:08 35490 No 24.49.241.71 can 208519620 Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Hotbar 4.2.6.0; .NET CLR 1.1.4322)2010-01-23 19:30:41 35490 No 24.49.241.71 can 208522928 Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Hotbar 4.2.6.0; .NET CLR 1.1.4322)
Geo-Location Determining location
enhances hyper marketing All sites collect geo
location Questions IP address Feature set Localization
Geo targeting of ads can be used for more nefarious causes
Tracks user locations
Become mayor based on the number of times you check in from a location
Can ping phone and do auto check-in
Information Aggregators Collected data is sold to data aggregators
Non-Personal Identifiable Information Data is then matched up to develop a profile Aggregators sell data to subscribers
LexisNexis Choicepoint Intellius Chinese IO
Propaganda Machines You don’t have to be you Users and Media believe what they see online Most is personal opinion Limited basis in fact Social Networks/Social Media is a simple dis-
information conduit.
Is Social Networking the Greatest Threat to National Security? Yes, because it attacks the weakest link;
Humans It offers cheap digital surveillance of all
aspects of a users life Social Networking sites are digital shopping
malls You can not protect against it.
Accept it Deny it Mitigate against it Insure against it
Mitigate and Insure are the best defense
Mitigation and Insurance Educating employees of the dangers
Make it more about them then you Think twice, self regulate and manage your e-
rep Mandate security settings
Monitor for employees lapses Try to befriend employees Use security lapses as teachable moments
Use it to disseminate what you want Corporate message is only half Start a viral message campaign
Questions?E.J. Hilbert
President, Online Intelligence
949-842-1487
www.facebook.com/ejhilbert
www.twitter.com/ejhilbert
www.linkedin.com/in/ejhilbert
