Your SlideShare is downloading. ×
0
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Social Networking Threats
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Social Networking Threats

1,714

Published on

The threats users of social networks face

The threats users of social networks face

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,714
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
121
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Social Networking: The Greatest Threat to National Security? E.J. Hilbert President Online Intelligence
  • 2. About the Speaker <ul><li>President of Online Intelligence- We are a cyber security firm specializing in social media and online advertising schemes, scams and crimes. </li></ul><ul><li>Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users. </li></ul><ul><li>Senior Consultant for Control Risks Group- Employed as a security, investigative and crisis management consult for Fortune 50 companies </li></ul><ul><li>FBI Special Agent- Specialized in Cyber Crime, Counter Intelligence and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, Samantha Runnion Kidnapping and Invita/Flyhook: the Alexey Ivanov case. </li></ul><ul><li>High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country </li></ul><ul><li>Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe </li></ul><ul><li>Online chatting since 1990 </li></ul>
  • 3. What is Social Media/Social Networking? <ul><li>Social Networking or Social Media is instant gratification self promotion. </li></ul><ul><li>Relies on user interaction </li></ul><ul><li>Contacts, Friends, Pokes, Apps are often for alternative motives </li></ul><ul><li>The latest evolution of AOL chat meets the political soap box </li></ul><ul><li>Profitable business model </li></ul><ul><li>Necessary Evil </li></ul><ul><li>Happy “National Data Privacy Day” </li></ul>
  • 4. What are the Threats? <ul><li>Three Primary Threats: </li></ul><ul><li>Open Intel Collection- </li></ul><ul><li>Social Engineering </li></ul><ul><ul><li>Fake Friends </li></ul></ul><ul><ul><li>Loose Lips Sink Ships </li></ul></ul><ul><li>Phishing/Compromise/Virus </li></ul><ul><li>Back Office Data Collection- </li></ul><ul><li>Personal Information </li></ul><ul><li>Geo-Location </li></ul><ul><li>Information Aggregators </li></ul><ul><li>Propaganda </li></ul><ul><li>Information Dissemination </li></ul><ul><li>Media Believe Social Media </li></ul>
  • 5. Open Intel Collection <ul><li>Users see social networking as one to X number of friends. When in fact it one to infinity. </li></ul><ul><li>Info collected from one can be matched up with info collected from another </li></ul><ul><li>Privacy settings are available but not used </li></ul><ul><li>All hacks start with data collection both technical and social </li></ul><ul><li>Media, Employers, Friends and Intelligence Officers research you on Social Networking sites </li></ul>
  • 6. Fake or Real?
  • 7. Friending is Social Engineering made easy. <ul><li>There are hundreds if not thousands of media reports of crimes where people “met on the Internet” </li></ul><ul><ul><li>Child Predators </li></ul></ul><ul><ul><li>Serial Rapists </li></ul></ul><ul><ul><li>Murders </li></ul></ul><ul><li>Even if you never meet in person the relationship can be used to compromise such as sex-ting. </li></ul>
  • 8. Loose Lips Sink Ships <ul><li>Free information flow </li></ul><ul><ul><li>Name, Location, Career, Friends </li></ul></ul><ul><li>No monitors </li></ul><ul><ul><li>You don’t have access nor do you have the right </li></ul></ul><ul><li>Opportunity to Brag </li></ul><ul><ul><li>Young and Old want to show off </li></ul></ul>
  • 9. LLSS is in “Comments” too <ul><li>Trolls attack to cause a fight </li></ul><ul><ul><li>Defending yourself </li></ul></ul><ul><ul><li>Setting the record straight </li></ul></ul><ul><li>Statements designed to illicit a response </li></ul><ul><ul><li>Comments are indexed and searchable </li></ul></ul><ul><li>No Anonymity </li></ul><ul><ul><li>People write in patterns </li></ul></ul><ul><ul><li>There is no “off the record” </li></ul></ul><ul><li>Regulate vs. free speech </li></ul>
  • 10. What can we find here? <ul><li>How often the page is monitored </li></ul><ul><li>Air Force Members? </li></ul><ul><li>Where they served </li></ul><ul><li>All their friends </li></ul>
  • 11. Two Friends to Target Do they know what they are sharing?
  • 12. Phishing, Compromises and Viruses <ul><li>Social Networking sites are rarely hacked </li></ul><ul><ul><li>Not cost effective </li></ul></ul><ul><ul><li>Users are low-hanging fruit </li></ul></ul><ul><li>Users are scammed into giving up information </li></ul><ul><ul><li>85% use the same password on Social Networking as they do their email </li></ul></ul><ul><ul><li>Passwords are keys- car and house are different </li></ul></ul><ul><li>Stolen account equals access to “friends” and to communication </li></ul><ul><li>Viruses come from external links not from the primary site </li></ul>
  • 13. Back Office Data Collection <ul><li>Social Networking sites are businesses </li></ul><ul><li>Sites profit from advertising and selling collected data </li></ul><ul><li>The more they know about you the better they can sell to you </li></ul><ul><ul><li>Keyword targeting </li></ul></ul><ul><ul><li>Hyper-targeting </li></ul></ul><ul><li>Primary site is not the only collector </li></ul><ul><ul><li>Each Ad equals a minimum of 4 collection points </li></ul></ul><ul><ul><li>Site, Publisher, Ad Network, Advertiser </li></ul></ul>
  • 14. Understanding Online Advertising <ul><li>Advertisers’ pay based on user/viewer action. </li></ul><ul><li>Impact and cost of a campaign is measured by number of actions taken by the consumer </li></ul><ul><li>Advertisers employ a marketing network to “drive traffic” to a site. </li></ul><ul><li>Marketing network sub-contract ad traffic acquisition to affiliates/publishers. </li></ul><ul><li>Affiliates/Publishers place the ads on various sites </li></ul>Advertiser Network Publisher Web Traffic/Data Web Traffic/Data Payment Payment Online Ad
  • 15. Click Thru Progression
  • 16. What your browser sees You start at MSNBC.com and click on an ad then go to top3acaiberry.com then: http://www.acai-berry-oz-review.com http://acai-berry-oz-review.com/acai2.php?page= http://www.cpaclicks.com/secure.asp?e=dbxbkrcsxowh&d=0&l=0&o=&p=0&subID1=AA8-&subID2=&subID3=&subID4=&subID5= http://affiliates.copeac.com/ez/dbxbkrcsxowh/&dp=0&l=0&p=0&subid1=AA8- http://www.maxacaiweightloss.com/a/?aid=187&subid=21273 http:// www.maxacaiweightloss.com/offer/maxacaiweightloss / or http://www.acai-berry-oz-review.com http://acai-berry-oz-review.com/acai3.php?page= http://qdmil.com/click/?s=12381&c=148797&subid=AA8- http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1 http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1 http://www.bestslimacai.com/HHJ231/?Cid=32305&code=OjI6VVM6Z3J6a19DU2dsOjMyMzA1OjEyMzgxOnJlZGlyZWN0X2Zyb21fNTA1Ml90b181MTIyX2Zvcl9BQTgt Data Collection Points Capturing: IP Product type Time and date System type Browser type Cookie Dropped
  • 17. Sample Data Collected
  • 18. Geo-Location <ul><li>Determining location enhances hyper marketing </li></ul><ul><li>All sites collect geo location </li></ul><ul><ul><li>Questions </li></ul></ul><ul><ul><li>IP address </li></ul></ul><ul><ul><li>Feature set </li></ul></ul><ul><ul><li>Localization </li></ul></ul><ul><li>Geo targeting of ads can be used for more nefarious causes </li></ul>
  • 19. <ul><li>Tracks user locations </li></ul><ul><li>Become mayor based on the number of times you check in from a location </li></ul><ul><li>Can ping phone and do auto check-in </li></ul>
  • 20. Information Aggregators <ul><li>Collected data is sold to data aggregators </li></ul><ul><ul><li>Non-Personal Identifiable Information </li></ul></ul><ul><li>Data is then matched up to develop a profile </li></ul><ul><li>Aggregators sell data to subscribers </li></ul><ul><ul><li>LexisNexis </li></ul></ul><ul><ul><li>Choicepoint </li></ul></ul><ul><ul><li>Intellius </li></ul></ul><ul><ul><li>Chinese IO </li></ul></ul>
  • 21. Propaganda Machines <ul><li>You don’t have to be you </li></ul><ul><li>Users and Media believe what they see online </li></ul><ul><li>Most is personal opinion </li></ul><ul><li>Limited basis in fact </li></ul><ul><li>Social Networks/Social Media is a simple dis-information conduit. </li></ul>
  • 22. Is Social Networking the Greatest Threat to National Security? <ul><li>Yes, because it attacks the weakest link; Humans </li></ul><ul><li>It offers cheap digital surveillance of all aspects of a users life </li></ul><ul><li>Social Networking sites are digital shopping malls </li></ul><ul><li>You can not protect against it. </li></ul><ul><ul><li>Accept it </li></ul></ul><ul><ul><li>Deny it </li></ul></ul><ul><ul><li>Mitigate against it </li></ul></ul><ul><ul><li>Insure against it </li></ul></ul><ul><li>Mitigate and Insure are the best defense </li></ul>
  • 23. Mitigation and Insurance <ul><li>Educating employees of the dangers </li></ul><ul><ul><li>Make it more about them then you </li></ul></ul><ul><ul><li>Think twice, self regulate and manage your e-rep </li></ul></ul><ul><ul><li>Mandate security settings </li></ul></ul><ul><li>Monitor for employees lapses </li></ul><ul><ul><li>Try to befriend employees </li></ul></ul><ul><ul><li>Use security lapses as teachable moments </li></ul></ul><ul><li>Use it to disseminate what you want </li></ul><ul><ul><li>Corporate message is only half </li></ul></ul><ul><ul><li>Start a viral message campaign </li></ul></ul>
  • 24. Questions? <ul><li>E.J. Hilbert </li></ul><ul><li>President, Online Intelligence </li></ul><ul><li>949-842-1487 </li></ul><ul><li>[email_address] </li></ul><ul><li>www.facebook.com/ejhilbert </li></ul><ul><li>www.twitter.com/ejhilbert </li></ul><ul><li>www.linkedin.com/in/ejhilbert </li></ul>

×