Social Networking: The Greatest Threat to National Security? E.J. Hilbert President Online Intelligence
About the Speaker <ul><li>President of Online Intelligence- We are a cyber security firm specializing in social media and ...
What is Social Media/Social Networking? <ul><li>Social Networking or Social Media is instant gratification self promotion....
What are the Threats? <ul><li>Three Primary Threats: </li></ul><ul><li>Open Intel Collection- </li></ul><ul><li>Social Eng...
Open Intel Collection <ul><li>Users see social networking as one to X number of friends. When in fact it one to infinity. ...
Fake or Real?
Friending is Social Engineering made easy. <ul><li>There are hundreds if not thousands of media reports of crimes where pe...
Loose Lips Sink Ships <ul><li>Free information flow </li></ul><ul><ul><li>Name, Location, Career, Friends </li></ul></ul><...
LLSS is in “Comments” too <ul><li>Trolls attack to cause a fight </li></ul><ul><ul><li>Defending yourself </li></ul></ul><...
What can we find here? <ul><li>How often the page is monitored </li></ul><ul><li>Air Force Members? </li></ul><ul><li>Wher...
Two Friends to Target Do they know what they are sharing?
Phishing, Compromises and Viruses <ul><li>Social Networking sites are rarely hacked </li></ul><ul><ul><li>Not cost effecti...
Back Office Data Collection <ul><li>Social Networking sites are businesses </li></ul><ul><li>Sites profit from advertising...
Understanding Online Advertising <ul><li>Advertisers’ pay based on user/viewer action. </li></ul><ul><li>Impact and cost o...
Click Thru Progression
What your browser sees You start at MSNBC.com and click on an ad then go to top3acaiberry.com then: http://www.acai-berry-...
Sample Data Collected
Geo-Location <ul><li>Determining location enhances hyper marketing </li></ul><ul><li>All sites collect geo location </li><...
<ul><li>Tracks user locations </li></ul><ul><li>Become mayor based on the number of times you check in from a location </l...
Information Aggregators <ul><li>Collected data is sold to data aggregators </li></ul><ul><ul><li>Non-Personal Identifiable...
Propaganda Machines <ul><li>You don’t have to be you </li></ul><ul><li>Users and Media believe what they see online </li><...
Is Social Networking the Greatest Threat to National Security? <ul><li>Yes, because it attacks the weakest link; Humans </...
Mitigation and Insurance <ul><li>Educating employees of the dangers </li></ul><ul><ul><li>Make it more about them then you...
Questions? <ul><li>E.J. Hilbert </li></ul><ul><li>President, Online Intelligence </li></ul><ul><li>949-842-1487 </li></ul>...
Upcoming SlideShare
Loading in …5
×

Social Networking Threats

1,916 views

Published on

The threats users of social networks face

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,916
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
132
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Social Networking Threats

  1. 1. Social Networking: The Greatest Threat to National Security? E.J. Hilbert President Online Intelligence
  2. 2. About the Speaker <ul><li>President of Online Intelligence- We are a cyber security firm specializing in social media and online advertising schemes, scams and crimes. </li></ul><ul><li>Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users. </li></ul><ul><li>Senior Consultant for Control Risks Group- Employed as a security, investigative and crisis management consult for Fortune 50 companies </li></ul><ul><li>FBI Special Agent- Specialized in Cyber Crime, Counter Intelligence and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, Samantha Runnion Kidnapping and Invita/Flyhook: the Alexey Ivanov case. </li></ul><ul><li>High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country </li></ul><ul><li>Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe </li></ul><ul><li>Online chatting since 1990 </li></ul>
  3. 3. What is Social Media/Social Networking? <ul><li>Social Networking or Social Media is instant gratification self promotion. </li></ul><ul><li>Relies on user interaction </li></ul><ul><li>Contacts, Friends, Pokes, Apps are often for alternative motives </li></ul><ul><li>The latest evolution of AOL chat meets the political soap box </li></ul><ul><li>Profitable business model </li></ul><ul><li>Necessary Evil </li></ul><ul><li>Happy “National Data Privacy Day” </li></ul>
  4. 4. What are the Threats? <ul><li>Three Primary Threats: </li></ul><ul><li>Open Intel Collection- </li></ul><ul><li>Social Engineering </li></ul><ul><ul><li>Fake Friends </li></ul></ul><ul><ul><li>Loose Lips Sink Ships </li></ul></ul><ul><li>Phishing/Compromise/Virus </li></ul><ul><li>Back Office Data Collection- </li></ul><ul><li>Personal Information </li></ul><ul><li>Geo-Location </li></ul><ul><li>Information Aggregators </li></ul><ul><li>Propaganda </li></ul><ul><li>Information Dissemination </li></ul><ul><li>Media Believe Social Media </li></ul>
  5. 5. Open Intel Collection <ul><li>Users see social networking as one to X number of friends. When in fact it one to infinity. </li></ul><ul><li>Info collected from one can be matched up with info collected from another </li></ul><ul><li>Privacy settings are available but not used </li></ul><ul><li>All hacks start with data collection both technical and social </li></ul><ul><li>Media, Employers, Friends and Intelligence Officers research you on Social Networking sites </li></ul>
  6. 6. Fake or Real?
  7. 7. Friending is Social Engineering made easy. <ul><li>There are hundreds if not thousands of media reports of crimes where people “met on the Internet” </li></ul><ul><ul><li>Child Predators </li></ul></ul><ul><ul><li>Serial Rapists </li></ul></ul><ul><ul><li>Murders </li></ul></ul><ul><li>Even if you never meet in person the relationship can be used to compromise such as sex-ting. </li></ul>
  8. 8. Loose Lips Sink Ships <ul><li>Free information flow </li></ul><ul><ul><li>Name, Location, Career, Friends </li></ul></ul><ul><li>No monitors </li></ul><ul><ul><li>You don’t have access nor do you have the right </li></ul></ul><ul><li>Opportunity to Brag </li></ul><ul><ul><li>Young and Old want to show off </li></ul></ul>
  9. 9. LLSS is in “Comments” too <ul><li>Trolls attack to cause a fight </li></ul><ul><ul><li>Defending yourself </li></ul></ul><ul><ul><li>Setting the record straight </li></ul></ul><ul><li>Statements designed to illicit a response </li></ul><ul><ul><li>Comments are indexed and searchable </li></ul></ul><ul><li>No Anonymity </li></ul><ul><ul><li>People write in patterns </li></ul></ul><ul><ul><li>There is no “off the record” </li></ul></ul><ul><li>Regulate vs. free speech </li></ul>
  10. 10. What can we find here? <ul><li>How often the page is monitored </li></ul><ul><li>Air Force Members? </li></ul><ul><li>Where they served </li></ul><ul><li>All their friends </li></ul>
  11. 11. Two Friends to Target Do they know what they are sharing?
  12. 12. Phishing, Compromises and Viruses <ul><li>Social Networking sites are rarely hacked </li></ul><ul><ul><li>Not cost effective </li></ul></ul><ul><ul><li>Users are low-hanging fruit </li></ul></ul><ul><li>Users are scammed into giving up information </li></ul><ul><ul><li>85% use the same password on Social Networking as they do their email </li></ul></ul><ul><ul><li>Passwords are keys- car and house are different </li></ul></ul><ul><li>Stolen account equals access to “friends” and to communication </li></ul><ul><li>Viruses come from external links not from the primary site </li></ul>
  13. 13. Back Office Data Collection <ul><li>Social Networking sites are businesses </li></ul><ul><li>Sites profit from advertising and selling collected data </li></ul><ul><li>The more they know about you the better they can sell to you </li></ul><ul><ul><li>Keyword targeting </li></ul></ul><ul><ul><li>Hyper-targeting </li></ul></ul><ul><li>Primary site is not the only collector </li></ul><ul><ul><li>Each Ad equals a minimum of 4 collection points </li></ul></ul><ul><ul><li>Site, Publisher, Ad Network, Advertiser </li></ul></ul>
  14. 14. Understanding Online Advertising <ul><li>Advertisers’ pay based on user/viewer action. </li></ul><ul><li>Impact and cost of a campaign is measured by number of actions taken by the consumer </li></ul><ul><li>Advertisers employ a marketing network to “drive traffic” to a site. </li></ul><ul><li>Marketing network sub-contract ad traffic acquisition to affiliates/publishers. </li></ul><ul><li>Affiliates/Publishers place the ads on various sites </li></ul>Advertiser Network Publisher Web Traffic/Data Web Traffic/Data Payment Payment Online Ad
  15. 15. Click Thru Progression
  16. 16. What your browser sees You start at MSNBC.com and click on an ad then go to top3acaiberry.com then: http://www.acai-berry-oz-review.com http://acai-berry-oz-review.com/acai2.php?page= http://www.cpaclicks.com/secure.asp?e=dbxbkrcsxowh&d=0&l=0&o=&p=0&subID1=AA8-&subID2=&subID3=&subID4=&subID5= http://affiliates.copeac.com/ez/dbxbkrcsxowh/&dp=0&l=0&p=0&subid1=AA8- http://www.maxacaiweightloss.com/a/?aid=187&subid=21273 http:// www.maxacaiweightloss.com/offer/maxacaiweightloss / or http://www.acai-berry-oz-review.com http://acai-berry-oz-review.com/acai3.php?page= http://qdmil.com/click/?s=12381&c=148797&subid=AA8- http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1 http://hjlas.com/click/?s=12381&c=148797&subid=AA8-&internal=3_t8w0h_1 http://www.bestslimacai.com/HHJ231/?Cid=32305&code=OjI6VVM6Z3J6a19DU2dsOjMyMzA1OjEyMzgxOnJlZGlyZWN0X2Zyb21fNTA1Ml90b181MTIyX2Zvcl9BQTgt Data Collection Points Capturing: IP Product type Time and date System type Browser type Cookie Dropped
  17. 17. Sample Data Collected
  18. 18. Geo-Location <ul><li>Determining location enhances hyper marketing </li></ul><ul><li>All sites collect geo location </li></ul><ul><ul><li>Questions </li></ul></ul><ul><ul><li>IP address </li></ul></ul><ul><ul><li>Feature set </li></ul></ul><ul><ul><li>Localization </li></ul></ul><ul><li>Geo targeting of ads can be used for more nefarious causes </li></ul>
  19. 19. <ul><li>Tracks user locations </li></ul><ul><li>Become mayor based on the number of times you check in from a location </li></ul><ul><li>Can ping phone and do auto check-in </li></ul>
  20. 20. Information Aggregators <ul><li>Collected data is sold to data aggregators </li></ul><ul><ul><li>Non-Personal Identifiable Information </li></ul></ul><ul><li>Data is then matched up to develop a profile </li></ul><ul><li>Aggregators sell data to subscribers </li></ul><ul><ul><li>LexisNexis </li></ul></ul><ul><ul><li>Choicepoint </li></ul></ul><ul><ul><li>Intellius </li></ul></ul><ul><ul><li>Chinese IO </li></ul></ul>
  21. 21. Propaganda Machines <ul><li>You don’t have to be you </li></ul><ul><li>Users and Media believe what they see online </li></ul><ul><li>Most is personal opinion </li></ul><ul><li>Limited basis in fact </li></ul><ul><li>Social Networks/Social Media is a simple dis-information conduit. </li></ul>
  22. 22. Is Social Networking the Greatest Threat to National Security? <ul><li>Yes, because it attacks the weakest link; Humans </li></ul><ul><li>It offers cheap digital surveillance of all aspects of a users life </li></ul><ul><li>Social Networking sites are digital shopping malls </li></ul><ul><li>You can not protect against it. </li></ul><ul><ul><li>Accept it </li></ul></ul><ul><ul><li>Deny it </li></ul></ul><ul><ul><li>Mitigate against it </li></ul></ul><ul><ul><li>Insure against it </li></ul></ul><ul><li>Mitigate and Insure are the best defense </li></ul>
  23. 23. Mitigation and Insurance <ul><li>Educating employees of the dangers </li></ul><ul><ul><li>Make it more about them then you </li></ul></ul><ul><ul><li>Think twice, self regulate and manage your e-rep </li></ul></ul><ul><ul><li>Mandate security settings </li></ul></ul><ul><li>Monitor for employees lapses </li></ul><ul><ul><li>Try to befriend employees </li></ul></ul><ul><ul><li>Use security lapses as teachable moments </li></ul></ul><ul><li>Use it to disseminate what you want </li></ul><ul><ul><li>Corporate message is only half </li></ul></ul><ul><ul><li>Start a viral message campaign </li></ul></ul>
  24. 24. Questions? <ul><li>E.J. Hilbert </li></ul><ul><li>President, Online Intelligence </li></ul><ul><li>949-842-1487 </li></ul><ul><li>[email_address] </li></ul><ul><li>www.facebook.com/ejhilbert </li></ul><ul><li>www.twitter.com/ejhilbert </li></ul><ul><li>www.linkedin.com/in/ejhilbert </li></ul>

×