SlideShare a Scribd company logo

Security Paper

Download as DOCX, PDF
S
Shante' Perrin
1 of 8
Shante’ Stallings Confidentiality in Social Media 4/21/16 CONFIDENTIALITY IN SOCIAL MEDIA EXECUTIVE SUMMARY The purpose of this document is to inform others of how personal information can be gathered by using social media outlets. After researching heavily, I found that the use of social networks presented a number of potential threats. The first threat is malware such as the Koobface worm, Zeus Trojan, and malicious browser extensions posed different risks that affected the user’s privacy. The Koobface worm had the ability to steal confidential information on the computer and intercept network traffic. The download of the worm is initiated through web links to mislead the user to download the worm. This problem not only affects the user but the entire network it is on as well. The Zeus Trojan targeted users to user their banking data. The attackers utilize Zeus to steal banking credentials and perform man in the browser attacks. Zeus is well known because it stole millions of dollars from several major companies. The malicious browser extensions can be downloaded from a link from a social media platform. With it installed on the user’s computer it can collect all data from the user’s browser which can include saved credentials for various websites. The 2nd threat is social engineering could be used on social media networks to imitate someone the victim knows in order to view data that only friends of that person can see. Another method is using a phishing method to send the victim to a website for them to log in using their credentials for the social media website. The 3r d threat is tracking. Social media networks such as Facebook and Google utilize Single Sign-On techniques to gather information about the user. Facebook relies on the user to never log out of Facebook. Google does the same but it has more resources that it can connect to in order to gather data. After carefully researching I do believe that data on Social Media networks are not confidential and can compromise the computer’s integrity if not addressed. INTRO When we think of using social media we think of catching up with friends and sharing a piece life with them and the world. Myspace was one of the first known popular social networks that attracted youth and musicians but it was Facebook that brought youth and adults from various age groups along. Many businesses saw this as a great source of revenue but some viewed it as an opportunity to spy on others. Privacy is of grave importance now due to hackers but what we may not realize is how these people can get that private information and even more it’s not only hackers that can get personal information about you and your friends. Privacy in social media can be made public through malware, social engineering, and tracking. MALWARE Hackers, also known as the attacker, are known to have a lot of experience making things happen that shouldn’t. Hackers may work alone for their own need or they may be hired to do so (Osborne). In the
Shante’ Stallings Confidentiality in Social Media 4/21/16 past hackers have utilized methods that download an infection onto the victim’s computer. Here are a few examples where that has happened and the results of them. KOOBFACE WORM The Koobface worm was spread through a wide variety of social networks such as Facebook, Myspace, and Twitter and infected Windows, Mac OS, and Linux (Constantin). The worm is able to perform actions such as “steal confidential information and intercept internet traffic” (Chien and Shearer). Here is an example of a message that a victim could receive. (Yonts) After clicking on one of those links he victim could then be presented with a page to view a video or a payload site that will download the worm onto the victim’s computer (Yonts). While Koobface is stealing private info such as passwords it will have a process running on the computer called webserver.exe. It will assist in tricking the victim to attack other systems through CAPTCHA, it will manipulate proxy settings to send the victim to a click fraud site and it will have rogue software that will appear to be Windows security software. (Yonts) ZEUS BANKING TROJAN Zeus, also known as ZBot, is a Trojan horse malware package that can be executed on Windows computers. Zeus is capable for many malicious things but what it does best is steal banking information by using man in the browser and keystroke logging. Once a computer has been compromised with the Zeus Trojan the computer will wait until a financial purchase is made then it will send off the payment information to the attacker (Solutionary). It has also been found that it can infect mobile devices to get around two factor authentication (Kaspersky). Here is an illustration of a man in the browser attack. Zeus has infected over 3.6 million computers and damages extend to unauthorized money transfers and changing of banking login information (Lawrence).
Shante’ Stallings Confidentiality in Social Media 4/21/16 (How To Hack A Bank A/C - Zeus - "A Man In The Browser Attack") MALICIOUS BROWSER EXTENSIONS Similar to the Koobface worm there is another variant of malware that infects the browser through an extension downloaded onto Firefox and Chrome. A page will appear as if a video will play but it requires the user to download a plugin to be able to view it. After the plug-in is downloaded, the attackers “can access everything stored in the browser, including accounts with saved passwords. Many people commonly save e-mail, Facebook and Twitter login data in their browsers, so the attackers can masquerade as the victim and tap those accounts” (Goel).
Shante’ Stallings Confidentiality in Social Media 4/21/16 These are only three instances where hackers can take advantage of social media to trick victims into giving away their personal banking information, their browsing history, passwords. SOCIAL ENGINEERING Many times when people think about having their information compromised they immediately point to the hackers yet sometimes all it takes is a little social engineering and this is where the non-technical can strive for to get what they want. Here are three ways they can go about doing that. CREATE A FAKE PAGE There are some motives when it comes to wanting to access a private social media page such as having a crush on someone, wanting to do a personal background check, or to ensure their spouse isn’t cheating on them. According to MakeUseOf it’s not that difficult to access a private page by creating a fake page. In short, here’s one way to do it. (Dube)
Shante’ Stallings Confidentiality in Social Media 4/21/16 1. Find the person’s Facebook page that you’re interested in 2. Click on view friends 3. Look for a friend that you know are actually friends with the target and the profile doesn’t have a photo. 4. Create a fake profile with the same name and information as their friend without the photo 5. Strategically send friend requests to 20 of their friends 6. After the 20 have accepted send a friend request to the target To make the page look more legitimate they may update the about section such as workplace. (wikiHow) PHISHING Phishing is a scan that works like this. Someone contacts you through some personal form communication like email or direct message. That was the case for over 250,000 Twitter users in 2013. A direct message was sent to victims that served as bait to get them to click on the link that person sent.
Shante’ Stallings Confidentiality in Social Media 4/21/16 After clicking on the link the person is forwarded to a Twitter look-a-like page requesting the person to verify their account credentials and then shortly afterwards it would produce a message as if the page made a mistake. Later their account would begin to send spam messages on their Twitter account. What the victim doesn’t know if that when they typing in their credentials to verify their account it was sent off to some remote server for someone to use at their will. (Hamada) (Hamada) TRACKING Have you ever done some shopping online and then when you go back to Facebook it starts to show ads of some of the items you were shopping for? This is what is called tracking and it is used to collect data on users to generate data for advertisers to use. Here are some of the ways social networks track their accounts. FACEBOOK Unlike some websites Facebook no loner uses cookies to track a user’s movements on the web but now it relies on the premise that the user will not log out of Facebook. This is using what is called Single Sign-On or SSO which means that even when the user closes all of the Facebook tabs and go to another website Facebook can still see your browsing because the Facebook session is still running in the background. (Reilly) GOOGLE Like Facebook, Google also does not utilize cookies and it uses SSO to gather data on it’s users to collect data for its own Adsense, AdMob, and DoubleClick. Though this is a similar schema as Facebook it covers a wider variety of tracking. Since Google has a vast amount of free apps and utilities for its users the price to pay is that they’ll see what you do in order to make the ads fit the needs of the user.
Shante’ Stallings Confidentiality in Social Media 4/21/16 Some of those apps include “Youtube, Gmail, Voice, and Search” (Reilly) So if you wonder why when you open a Google app it asks you to log in, this is why. CONCLUSION After carefully researching I do believe that data on Social Media networks are not confidential. Social Media can be used to infect computers with software that can intercept your internet traffic, steal banking information to do unauthorized money transfers, and access everything stored in the browser such as accounts and passwords. Social Media can be utilized through social engineering where someone can mislead a user to accept their friend request where they can see private posts only meant for friends and scamming users to believe that you should enter your Twitter credentials on an illegitimate website. Social Media can be used to track user’s movements on Facebook through Single Sign-On where users browsing history is used to select ads to display while browsing Facebook and Google whom uses Single Sign-On gathers more information throughout it’s vast amount of apps. Because of the popularity of social media is penetrated more than most things online. For that reason, it’s history of privacy problems proves that even now social media does not equal confidentiality.
Shante’ Stallings Confidentiality in Social Media 4/21/16 WORKS CITED Chien, Eric and Jarrad Shearer. W32.Koobface. 8 Augusta 2012. 5 April 2016. <https://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99>. Constantin, Lucian. New Koobface Variant Infects Linux Systems. 28 October 2010. 12 April 2016. <http://news.softpedia.com/news/New-Koobface-Variant-Infects-Linux-too-163450.shtml>. Cronto. Cronto Visual Cryptogram. 28 April 2008. 12 April 2016. <http://www.slideshare.net/cronto/cronto-visual-cryptogram>. Dube, Ryan. How to View Private Facebook Profiles. 14 May 2009. 3 March 2016. <http://www.makeuseof.com/tag/how-to-view-private-facebook-profiles/>. Goel, Vindu. Malicious Software Poses as Video From a Facebook Friend. 26 August 2013. 12 April 2016. <http://bits.blogs.nytimes.com/2013/08/26/malicious-software-poses-as-video-from-a- facebook-friend/?ref=technology>. Hamada, Joji. Phishing: The Easy Way to Compromise Twitter Accounts. 2013 February 2013. 12 April 2016. <http://www.symantec.com/connect/blogs/phishing-easy-way-compromise-twitter- accounts>. How To Hack A Bank A/C - Zeus - "A Man In The Browser Attack". 15 February 2012. 16 April 2016. <https://www.youtube.com/watch?v=USCHPIQB8_Y>. Kaspersky. Kaspersky Labs. n.d. 12 April 2016. <https://usa.kaspersky.com/internet-security- center/threats/zeus-trojan-malware-threat#.VxghIBMrLGJ>. Lawrence, Dune. The Hunt for the Financial Industry's Most-Wanted Hacker. 18 June 2015. 12 April 2016. <http://www.bloomberg.com/news/features/2015-06-18/the-hunt-for-the-financial- industry-s-most-wanted-hacker>. Osborne, Charlie. Hackers for hire: Anonymous, quick, and not necessarily illegal. 16 January 2015. 15 April 2016. <http://www.zdnet.com/article/hackers-for-hire-anonymous-quick-and-not- necessarily-illegal/>. Reilly, Richard Byrne. The cookie is dead. Here's how Facebook, Google, and Apple are tracking you now. 6 October 2014. 12 April 2016. <http://venturebeat.com/2014/10/06/the-cookie-is-dead- heres-how-facebook-google-and-apple-are-tracking-you-now/>. Solutionary. Information Security: Hacking with the Zeus Trojan. 8 November 2013. 16 April 2016. <https://www.youtube.com/watch?v=QKWFAcDLLPw>. wikiHow. How to Make a Fake Facebook Page Seem Real. n.d. 12 April 2016. <http://www.wikihow.com/Make-a-Fake-Facebook-Page-Seem-Real>. Yonts, Joel. Malicious Social Networking: Koobface Worm. n.d. 2 April 2016. <http://www.sans.org/security-resources/malwarefaq/koobface-worm.php>.

Recommended

Facebook
FacebookFacebook
FacebookSteph Cliche
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
Does facebook federation have your best interests at heart
Does facebook federation have your best interests at heartDoes facebook federation have your best interests at heart
Does facebook federation have your best interests at heartPerfectCloud Corp.
 
Invincea &quot;The New Threat Vector&quot;
Invincea &quot;The New Threat Vector&quot;Invincea &quot;The New Threat Vector&quot;
Invincea &quot;The New Threat Vector&quot;dogallama
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2Joemer Mabagos
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Group 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalGroup 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalshanikosh
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235brendaylo
 

Recommended

Facebook
FacebookFacebook
FacebookSteph Cliche
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
Does facebook federation have your best interests at heart
Does facebook federation have your best interests at heartDoes facebook federation have your best interests at heart
Does facebook federation have your best interests at heartPerfectCloud Corp.
 
Invincea &quot;The New Threat Vector&quot;
Invincea &quot;The New Threat Vector&quot;Invincea &quot;The New Threat Vector&quot;
Invincea &quot;The New Threat Vector&quot;dogallama
 
Emp tech las-week-2
Emp tech las-week-2Emp tech las-week-2
Emp tech las-week-2Joemer Mabagos
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Group 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalGroup 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalshanikosh
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235brendaylo
 
Presentation for class
Presentation for classPresentation for class
Presentation for classJeannine Hamilton
 
So692 cyber security-document
So692 cyber security-documentSo692 cyber security-document
So692 cyber security-documentSubhadeep Chakraborty
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Facebook
FacebookFacebook
FacebookThomas Zaenger
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on RiseDominic Karunesudas
 
Do not track me
Do not track meDo not track me
Do not track meVikrant Kamble
 
Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Phil Cryer
 
Who took our data?
Who took our data?Who took our data?
Who took our data?Jang-Vijay Singh
 
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonOnline Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonPhil Cryer
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Online privacy
Online privacyOnline privacy
Online privacyNicko Sapnu
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats- Mark - Fullbright
 
Phishing
PhishingPhishing
Phishingoitaoming
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 xLiberteks
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Liferay Go-Live Program
Liferay Go-Live ProgramLiferay Go-Live Program
Liferay Go-Live ProgramSharmila Wijeyakumar, CBIP
 
Web 2.0
Web 2.0Web 2.0
Web 2.0gladys marquina
 

More Related Content

What's hot

100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Phil Cryer
 
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonOnline Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonPhil Cryer
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013EMC
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats- Mark - Fullbright
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 xLiberteks
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 

What's hot (20)

Presentation for class
Presentation for classPresentation for class
Presentation for class
 
So692 cyber security-document
So692 cyber security-documentSo692 cyber security-document
So692 cyber security-document
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
Facebook
FacebookFacebook
Facebook
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on Rise
 
Do not track me
Do not track meDo not track me
Do not track me
 
Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)
 
Who took our data?
Who took our data?Who took our data?
Who took our data?
 
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonOnline Privacy in the Year of the Dragon
Online Privacy in the Year of the Dragon
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013RSA Monthly Online Fraud Report -- August 2013
RSA Monthly Online Fraud Report -- August 2013
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
hire a hacker
hire a hackerhire a hacker
hire a hacker
 
Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Online privacy
Online privacyOnline privacy
Online privacy
 
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-ThreatsThe Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
The Murky Waters of the Internet: Anatomy of Malvertising and Other e-Threats
 
Phishing
PhishingPhishing
Phishing
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 

Viewers also liked

Etiquetas html
Etiquetas htmlEtiquetas html
Etiquetas htmlsteph95h
 
E bedolla g investigacionaccion12022016
E bedolla g investigacionaccion12022016E bedolla g investigacionaccion12022016
E bedolla g investigacionaccion12022016Paradoja6
 
Betalingsbalans havovwo 3
Betalingsbalans havovwo 3Betalingsbalans havovwo 3
Betalingsbalans havovwo 3JohanAlberts
 
Nationale rekeningen (2)
Nationale rekeningen (2)Nationale rekeningen (2)
Nationale rekeningen (2)JohanAlberts
 

Viewers also liked (10)

Liferay Go-Live Program
Liferay Go-Live ProgramLiferay Go-Live Program
Liferay Go-Live Program
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
ASHA RADIO PROGRAM
ASHA RADIO PROGRAMASHA RADIO PROGRAM
ASHA RADIO PROGRAM
 
Religion
ReligionReligion
Religion
 
Etiquetas html
Etiquetas htmlEtiquetas html
Etiquetas html
 
E bedolla g investigacionaccion12022016
E bedolla g investigacionaccion12022016E bedolla g investigacionaccion12022016
E bedolla g investigacionaccion12022016
 
Betalingsbalans havovwo 3
Betalingsbalans havovwo 3Betalingsbalans havovwo 3
Betalingsbalans havovwo 3
 
Nationale rekeningen (2)
Nationale rekeningen (2)Nationale rekeningen (2)
Nationale rekeningen (2)
 
Lemon market
Lemon marketLemon market
Lemon market
 
13. bab i
13. bab i13. bab i
13. bab i
 

Similar to Security Paper

Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Impulse Digital
 
Is your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webIs your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webPhil Cryer
 
SOCIAL Networking Sites
SOCIAL Networking SitesSOCIAL Networking Sites
SOCIAL Networking SitesAshley Surabhi
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social NetworkingBillBrenner70
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internetdevashishicai
 
EFFECTS OF SOCIAL MEDIA ON YOUTH
EFFECTS OF SOCIAL MEDIA ON YOUTHEFFECTS OF SOCIAL MEDIA ON YOUTH
EFFECTS OF SOCIAL MEDIA ON YOUTHYaman Singhania
 
Future of social networking group project
Future of social networking group projectFuture of social networking group project
Future of social networking group projectbulgarej
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber CrimeGaurav Patel
 
IS 20090 Week 2 - Social Networks
IS 20090 Week 2 - Social NetworksIS 20090 Week 2 - Social Networks
IS 20090 Week 2 - Social Networksis20090
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Ronak Jain
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015RapidSSLOnline.com
 
Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxDominicCaling
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 

Similar to Security Paper (20)

Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021
 
Blogging today
Blogging todayBlogging today
Blogging today
 
Is your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social webIs your data secure? privacy and trust in the social web
Is your data secure? privacy and trust in the social web
 
Social media: Issues
Social media: Issues Social media: Issues
Social media: Issues
 
SOCIAL Networking Sites
SOCIAL Networking SitesSOCIAL Networking Sites
SOCIAL Networking Sites
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social Networking
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internet
 
Spyware
SpywareSpyware
Spyware
 
EFFECTS OF SOCIAL MEDIA ON YOUTH
EFFECTS OF SOCIAL MEDIA ON YOUTHEFFECTS OF SOCIAL MEDIA ON YOUTH
EFFECTS OF SOCIAL MEDIA ON YOUTH
 
Future of social networking group project
Future of social networking group projectFuture of social networking group project
Future of social networking group project
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
 
What is cyber fraud?
What is cyber fraud?What is cyber fraud?
What is cyber fraud?
 
IS 20090 Week 2 - Social Networks
IS 20090 Week 2 - Social NetworksIS 20090 Week 2 - Social Networks
IS 20090 Week 2 - Social Networks
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015
SYMANTEC WEBSITE SECURITY THREAT REPORT - 2015
 
Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptx
 
E0334035040
E0334035040E0334035040
E0334035040
 
project1lis3353 (1)
project1lis3353 (1)project1lis3353 (1)
project1lis3353 (1)
 

Security Paper

  • 1. Shante’ Stallings Confidentiality in Social Media 4/21/16 CONFIDENTIALITY IN SOCIAL MEDIA EXECUTIVE SUMMARY The purpose of this document is to inform others of how personal information can be gathered by using social media outlets. After researching heavily, I found that the use of social networks presented a number of potential threats. The first threat is malware such as the Koobface worm, Zeus Trojan, and malicious browser extensions posed different risks that affected the user’s privacy. The Koobface worm had the ability to steal confidential information on the computer and intercept network traffic. The download of the worm is initiated through web links to mislead the user to download the worm. This problem not only affects the user but the entire network it is on as well. The Zeus Trojan targeted users to user their banking data. The attackers utilize Zeus to steal banking credentials and perform man in the browser attacks. Zeus is well known because it stole millions of dollars from several major companies. The malicious browser extensions can be downloaded from a link from a social media platform. With it installed on the user’s computer it can collect all data from the user’s browser which can include saved credentials for various websites. The 2nd threat is social engineering could be used on social media networks to imitate someone the victim knows in order to view data that only friends of that person can see. Another method is using a phishing method to send the victim to a website for them to log in using their credentials for the social media website. The 3r d threat is tracking. Social media networks such as Facebook and Google utilize Single Sign-On techniques to gather information about the user. Facebook relies on the user to never log out of Facebook. Google does the same but it has more resources that it can connect to in order to gather data. After carefully researching I do believe that data on Social Media networks are not confidential and can compromise the computer’s integrity if not addressed. INTRO When we think of using social media we think of catching up with friends and sharing a piece life with them and the world. Myspace was one of the first known popular social networks that attracted youth and musicians but it was Facebook that brought youth and adults from various age groups along. Many businesses saw this as a great source of revenue but some viewed it as an opportunity to spy on others. Privacy is of grave importance now due to hackers but what we may not realize is how these people can get that private information and even more it’s not only hackers that can get personal information about you and your friends. Privacy in social media can be made public through malware, social engineering, and tracking. MALWARE Hackers, also known as the attacker, are known to have a lot of experience making things happen that shouldn’t. Hackers may work alone for their own need or they may be hired to do so (Osborne). In the
  • 2. Shante’ Stallings Confidentiality in Social Media 4/21/16 past hackers have utilized methods that download an infection onto the victim’s computer. Here are a few examples where that has happened and the results of them. KOOBFACE WORM The Koobface worm was spread through a wide variety of social networks such as Facebook, Myspace, and Twitter and infected Windows, Mac OS, and Linux (Constantin). The worm is able to perform actions such as “steal confidential information and intercept internet traffic” (Chien and Shearer). Here is an example of a message that a victim could receive. (Yonts) After clicking on one of those links he victim could then be presented with a page to view a video or a payload site that will download the worm onto the victim’s computer (Yonts). While Koobface is stealing private info such as passwords it will have a process running on the computer called webserver.exe. It will assist in tricking the victim to attack other systems through CAPTCHA, it will manipulate proxy settings to send the victim to a click fraud site and it will have rogue software that will appear to be Windows security software. (Yonts) ZEUS BANKING TROJAN Zeus, also known as ZBot, is a Trojan horse malware package that can be executed on Windows computers. Zeus is capable for many malicious things but what it does best is steal banking information by using man in the browser and keystroke logging. Once a computer has been compromised with the Zeus Trojan the computer will wait until a financial purchase is made then it will send off the payment information to the attacker (Solutionary). It has also been found that it can infect mobile devices to get around two factor authentication (Kaspersky). Here is an illustration of a man in the browser attack. Zeus has infected over 3.6 million computers and damages extend to unauthorized money transfers and changing of banking login information (Lawrence).
  • 3. Shante’ Stallings Confidentiality in Social Media 4/21/16 (How To Hack A Bank A/C - Zeus - "A Man In The Browser Attack") MALICIOUS BROWSER EXTENSIONS Similar to the Koobface worm there is another variant of malware that infects the browser through an extension downloaded onto Firefox and Chrome. A page will appear as if a video will play but it requires the user to download a plugin to be able to view it. After the plug-in is downloaded, the attackers “can access everything stored in the browser, including accounts with saved passwords. Many people commonly save e-mail, Facebook and Twitter login data in their browsers, so the attackers can masquerade as the victim and tap those accounts” (Goel).
  • 4. Shante’ Stallings Confidentiality in Social Media 4/21/16 These are only three instances where hackers can take advantage of social media to trick victims into giving away their personal banking information, their browsing history, passwords. SOCIAL ENGINEERING Many times when people think about having their information compromised they immediately point to the hackers yet sometimes all it takes is a little social engineering and this is where the non-technical can strive for to get what they want. Here are three ways they can go about doing that. CREATE A FAKE PAGE There are some motives when it comes to wanting to access a private social media page such as having a crush on someone, wanting to do a personal background check, or to ensure their spouse isn’t cheating on them. According to MakeUseOf it’s not that difficult to access a private page by creating a fake page. In short, here’s one way to do it. (Dube)
  • 5. Shante’ Stallings Confidentiality in Social Media 4/21/16 1. Find the person’s Facebook page that you’re interested in 2. Click on view friends 3. Look for a friend that you know are actually friends with the target and the profile doesn’t have a photo. 4. Create a fake profile with the same name and information as their friend without the photo 5. Strategically send friend requests to 20 of their friends 6. After the 20 have accepted send a friend request to the target To make the page look more legitimate they may update the about section such as workplace. (wikiHow) PHISHING Phishing is a scan that works like this. Someone contacts you through some personal form communication like email or direct message. That was the case for over 250,000 Twitter users in 2013. A direct message was sent to victims that served as bait to get them to click on the link that person sent.
  • 6. Shante’ Stallings Confidentiality in Social Media 4/21/16 After clicking on the link the person is forwarded to a Twitter look-a-like page requesting the person to verify their account credentials and then shortly afterwards it would produce a message as if the page made a mistake. Later their account would begin to send spam messages on their Twitter account. What the victim doesn’t know if that when they typing in their credentials to verify their account it was sent off to some remote server for someone to use at their will. (Hamada) (Hamada) TRACKING Have you ever done some shopping online and then when you go back to Facebook it starts to show ads of some of the items you were shopping for? This is what is called tracking and it is used to collect data on users to generate data for advertisers to use. Here are some of the ways social networks track their accounts. FACEBOOK Unlike some websites Facebook no loner uses cookies to track a user’s movements on the web but now it relies on the premise that the user will not log out of Facebook. This is using what is called Single Sign-On or SSO which means that even when the user closes all of the Facebook tabs and go to another website Facebook can still see your browsing because the Facebook session is still running in the background. (Reilly) GOOGLE Like Facebook, Google also does not utilize cookies and it uses SSO to gather data on it’s users to collect data for its own Adsense, AdMob, and DoubleClick. Though this is a similar schema as Facebook it covers a wider variety of tracking. Since Google has a vast amount of free apps and utilities for its users the price to pay is that they’ll see what you do in order to make the ads fit the needs of the user.
  • 7. Shante’ Stallings Confidentiality in Social Media 4/21/16 Some of those apps include “Youtube, Gmail, Voice, and Search” (Reilly) So if you wonder why when you open a Google app it asks you to log in, this is why. CONCLUSION After carefully researching I do believe that data on Social Media networks are not confidential. Social Media can be used to infect computers with software that can intercept your internet traffic, steal banking information to do unauthorized money transfers, and access everything stored in the browser such as accounts and passwords. Social Media can be utilized through social engineering where someone can mislead a user to accept their friend request where they can see private posts only meant for friends and scamming users to believe that you should enter your Twitter credentials on an illegitimate website. Social Media can be used to track user’s movements on Facebook through Single Sign-On where users browsing history is used to select ads to display while browsing Facebook and Google whom uses Single Sign-On gathers more information throughout it’s vast amount of apps. Because of the popularity of social media is penetrated more than most things online. For that reason, it’s history of privacy problems proves that even now social media does not equal confidentiality.
  • 8. Shante’ Stallings Confidentiality in Social Media 4/21/16 WORKS CITED Chien, Eric and Jarrad Shearer. W32.Koobface. 8 Augusta 2012. 5 April 2016. <https://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99>. Constantin, Lucian. New Koobface Variant Infects Linux Systems. 28 October 2010. 12 April 2016. <http://news.softpedia.com/news/New-Koobface-Variant-Infects-Linux-too-163450.shtml>. Cronto. Cronto Visual Cryptogram. 28 April 2008. 12 April 2016. <http://www.slideshare.net/cronto/cronto-visual-cryptogram>. Dube, Ryan. How to View Private Facebook Profiles. 14 May 2009. 3 March 2016. <http://www.makeuseof.com/tag/how-to-view-private-facebook-profiles/>. Goel, Vindu. Malicious Software Poses as Video From a Facebook Friend. 26 August 2013. 12 April 2016. <http://bits.blogs.nytimes.com/2013/08/26/malicious-software-poses-as-video-from-a- facebook-friend/?ref=technology>. Hamada, Joji. Phishing: The Easy Way to Compromise Twitter Accounts. 2013 February 2013. 12 April 2016. <http://www.symantec.com/connect/blogs/phishing-easy-way-compromise-twitter- accounts>. How To Hack A Bank A/C - Zeus - "A Man In The Browser Attack". 15 February 2012. 16 April 2016. <https://www.youtube.com/watch?v=USCHPIQB8_Y>. Kaspersky. Kaspersky Labs. n.d. 12 April 2016. <https://usa.kaspersky.com/internet-security- center/threats/zeus-trojan-malware-threat#.VxghIBMrLGJ>. Lawrence, Dune. The Hunt for the Financial Industry's Most-Wanted Hacker. 18 June 2015. 12 April 2016. <http://www.bloomberg.com/news/features/2015-06-18/the-hunt-for-the-financial- industry-s-most-wanted-hacker>. Osborne, Charlie. Hackers for hire: Anonymous, quick, and not necessarily illegal. 16 January 2015. 15 April 2016. <http://www.zdnet.com/article/hackers-for-hire-anonymous-quick-and-not- necessarily-illegal/>. Reilly, Richard Byrne. The cookie is dead. Here's how Facebook, Google, and Apple are tracking you now. 6 October 2014. 12 April 2016. <http://venturebeat.com/2014/10/06/the-cookie-is-dead- heres-how-facebook-google-and-apple-are-tracking-you-now/>. Solutionary. Information Security: Hacking with the Zeus Trojan. 8 November 2013. 16 April 2016. <https://www.youtube.com/watch?v=QKWFAcDLLPw>. wikiHow. How to Make a Fake Facebook Page Seem Real. n.d. 12 April 2016. <http://www.wikihow.com/Make-a-Fake-Facebook-Page-Seem-Real>. Yonts, Joel. Malicious Social Networking: Koobface Worm. n.d. 2 April 2016. <http://www.sans.org/security-resources/malwarefaq/koobface-worm.php>.