This document discusses the importance of anonymous communication in social networking. It begins by describing how social networking sites like Facebook can expose users' personal information and identity through their non-anonymous communication protocols. It then provides examples of how attackers can use tools to reveal users' identities and private information from their IP addresses and activity on Facebook. The document advocates for the use of anonymous communication techniques, describing tools like TOR that can anonymize users' identities and communications on social networks. It evaluates different anonymous communication methods and their advantages and disadvantages for protecting privacy on social networking platforms.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Phishing is a method that hackers use to fraudulently acquire sensitive or private information from a victim by impersonating a real entity (Turban, Leidner, McLean, & Wetherbe, 2010). Phishing can be defined as the act of soliciting or stealing sensitive information such as usernames, passwords, bank account numbers, credit card numbers, and social security or citizen ID numbers from individuals using the Internet (Ohaya, 2006). Phishing often involves some kind of deception. The results from a study of Jagatic et al. (2007) indicate that Internet users are four times more likely to become phishing victims if they receive a request from someone appearing to be a known friend or colleague. The Anti-Phishing Work Group indicates that at least five percent of users responded to phishing scams and about two million users gave away their information to spoofed websites (APWG, 2009). This results in direct losses of $1.2 billion for banks and credit card companies (Dhamija, 2006). In order to understand how phishing can be conducted, the researcher set up a phishing experiment in one of Thailandâs higher education institutions. The subjects were MBA students. A phishing email was sent to the subjects, and the message led the subject to visit the phishing website. One hundred seventy students became victims. The data collection included a survey, an interview, and a focus group. The results indicated that phishing could be easily conducted, and the result can have a great impact on the security of an organization. Organizations can use and apply the lessons learned from this study to formulate an effective security policy and security awareness training programs.
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
Â
The online social network is the largest network, more than 4 billion users use social media and with its rapid growth, the risk of maintaining the integrity of data has tremendously increased. There are several kinds of security challenges in online social networks (OSNs). Many abominable behaviors try to hack social sites and misuse the data available on these sites. Therefore, protection against such behaviors has become an essential requirement. Though there are many types of security threats in online social networks but, one of the significant threats is the fake profile. Fake profiles are created intentionally with certain motives, and such profiles may be targeted to steal or acquire sensitive information and/or spread rumors on online social networks with specific motives. Fake profiles are primarily used to steal or extract information by means of friendly interaction online and/or misusing online data available on social sites. Thus, fake profile detection in social media networks is attracting the attention of researchers. This paper aims to discuss various machine learning (ML) methods used by researchers for fake profile detection to explore the further possibility of improvising the machine learning models for speedy results.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Phishing is a method that hackers use to fraudulently acquire sensitive or private information from a victim by impersonating a real entity (Turban, Leidner, McLean, & Wetherbe, 2010). Phishing can be defined as the act of soliciting or stealing sensitive information such as usernames, passwords, bank account numbers, credit card numbers, and social security or citizen ID numbers from individuals using the Internet (Ohaya, 2006). Phishing often involves some kind of deception. The results from a study of Jagatic et al. (2007) indicate that Internet users are four times more likely to become phishing victims if they receive a request from someone appearing to be a known friend or colleague. The Anti-Phishing Work Group indicates that at least five percent of users responded to phishing scams and about two million users gave away their information to spoofed websites (APWG, 2009). This results in direct losses of $1.2 billion for banks and credit card companies (Dhamija, 2006). In order to understand how phishing can be conducted, the researcher set up a phishing experiment in one of Thailandâs higher education institutions. The subjects were MBA students. A phishing email was sent to the subjects, and the message led the subject to visit the phishing website. One hundred seventy students became victims. The data collection included a survey, an interview, and a focus group. The results indicated that phishing could be easily conducted, and the result can have a great impact on the security of an organization. Organizations can use and apply the lessons learned from this study to formulate an effective security policy and security awareness training programs.
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
Â
The online social network is the largest network, more than 4 billion users use social media and with its rapid growth, the risk of maintaining the integrity of data has tremendously increased. There are several kinds of security challenges in online social networks (OSNs). Many abominable behaviors try to hack social sites and misuse the data available on these sites. Therefore, protection against such behaviors has become an essential requirement. Though there are many types of security threats in online social networks but, one of the significant threats is the fake profile. Fake profiles are created intentionally with certain motives, and such profiles may be targeted to steal or acquire sensitive information and/or spread rumors on online social networks with specific motives. Fake profiles are primarily used to steal or extract information by means of friendly interaction online and/or misusing online data available on social sites. Thus, fake profile detection in social media networks is attracting the attention of researchers. This paper aims to discuss various machine learning (ML) methods used by researchers for fake profile detection to explore the further possibility of improvising the machine learning models for speedy results.
Whitepaper for IM Lock Software
http://www.comvigo.com
Our Latest Version of IMLock
http://www.imlock.com/how-to-block-a-website-with-imlock/
IM Lock is an internet filtering software for Home, Business, and Networks.
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...IJNSA Journal
Â
Emails are used every day for communication, and many countries and organisations mostly use email for official communications. It is highly valued and recognised for confidential conversations and transactions in day-to-day business. The Often use of this channel and the quality of information it carries attracted cyber attackers to it. There are many existing techniques to mitigate attacks on email, however, the systems are more focused on email content and behaviour and not securing entrances to email boxes, composition, and settings. This work intends to protect users' email composition and settings to prevent attackers from using an account when it gets hacked or hijacked and stop them from setting forwarding on the victim's email account to a different account which automatically stops the user from receiving emails. A secure code is applied to the composition send button to curtail insider impersonation attack. Also, to secure open applications on public and private devices.
Email phishing: Text classification using natural language processingCSITiaesprime
Â
Phishing is networked theft in which the main motive of phishers is to steal any personâs private information, its financial details like account number, credit card details, login information, payment mode information by creating and developing a fake page or a fake web site, which look completely authentic and genuine. Nowadays email phishing has become a big threat to all, and is increasing day by day. Moreover, detection of phishing emails has been considered an important research issue as phishing emails have been increasing day by day. Various techniques have been introduced and applied to deal with such a big issue. The major objective of this research paper is giving a detailed description on the classification of phishing emails using the natural language processing concepts. Natural language processing (NLP) concepts have been applied for the classification of emails; along with that accuracy rate of various classifiers have been calculated. The paper is presented in four sections. An introduction about phishing its types, its history, statistics, life cycle, motivation for phishers and working of email phishing have been discussed in the first section. The second section covers various technologies of phishing- email phishing and also description of evaluation metrics. An overview of the various proposed solutions and work done by researchers in this field in form of literature review has been presented in the third section. The solution approach and the obtained results have been defined in the fourth section giving a detailed description about NLP concepts and working procedure.
Social media websites are becoming more prevalent on the Internet. Sites, such as Twitter, Facebook, and Instagram, spend significantly more of their time on users online. People in social media share thoughts, views, and facts and create new acquaintances. Social media sites supply users with a great deal of useful information. This enormous quantity of social media information invites hackers to abuse data. These hackers establish fraudulent profiles for actual people and distribute useless material. The material on spam might include commercials and harmful URLs that disrupt natural users. This spam content is a massive problem in social networks. Spam identification is a vital procedure on social media networking platforms. In this paper, we have proposed a spam detection artificial intelligence technique for Twitter social networks. In this approach, we employed a vector support machine, a neural artificial network, and a random forest technique to build a model. The results indicate that, compared with RF and ANN algorithms, the suggested support vector machine algorithm has the greatest precision, recall, and Fmeasure. The findings of this paper would be useful in monitoring and tracking social media shared photos for the identification of inappropriate content and forged images and to safeguard social media from digital threats and attacks.
Sentiment analysis of comments in social media IJECEIAES
Â
Social media platforms are witnessing a significant growth in both size and purpose. One specific aspect of social media platforms is sentiment analysis, by which insights into the emotions and feelings of a person can be inferred from their posted text. Research related to sentiment analysis is acquiring substantial interest as it is a promising filed that can improve user experience and provide countless personalized services. Twitter is one of the most popular social media platforms, it has users from different regions with a variety of cultures and languages. It can thus provide valuable information for a diverse and large amount of data to be used to improve decision making. In this paper, the sentiment orientation of the textual features and emoji-based components is studied targeting âTweetsâ and comments posted in Arabic on Twitter, during the 2018 world cup event. This study also measures the significance of analyzing texts including or excluding emojis. The data is obtained from thousands of extracted tweets, to find the results of sentiment analysis for texts and emojis separately. Results show that emojis support the sentiment orientation of the texts and those texts or emojis cannot separately provide reliable information as they complement each other to give the intended meaning.
This is a presentation Bill gave at the May 2009 NAISG meeting on the security dangers of such social networking entities as Facebook, LinkedIn and Twitter.
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
Â
The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen.
Fake news detection for Arabic headlines-articles news data using deep learningIJECEIAES
Â
Fake news has become increasingly prevalent in recent years. The evolution of social websites has spurred the expansion of fake news causing it to a mixture with truthful information. English fake news detection had the largest share of studies, unlike Arabic fake news detection, which is still very limited. Fake news phenomenon has changed people and social perspectives through revolts in several Arab countries. False news results in the distortion of reality ignite chaos and stir public judgments. This paper provides an Arabic fake news detection approach using different deep learning models including long short-term memory and convolutional neural network based on article-headline pairs to differentiate if a news headline is in fact related or unrelated to the parallel news article. In this paper, a dataset created about the war in Syria and related to the Middle East political issues is utilized. The whole data comprises 422 claims and 3,042 articles. The models yield promising results.
IRJET-Content based approach for Detection of Phishing SitesIRJET Journal
Â
Anjali Gupta, Juili Joshi, Khyati Thakker, Chitra bhole "Content based approach for Detection of Phishing Sites", International Research Journal of Engineering and Technology (IRJET), Volume2,issue-01 April 2015.e-ISSN:2395-0056, p-ISSN:2395-0072. www.irjet.net
Abstract
Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of content-based approach to detecting phishing web sites. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.We are going to implement Revelation of Masquerade Attacks: A Content-Based Approach to Detecting Phishing Web Sites using PHP & MYSQL.Our system will crawl the original site of bank and it will retrieve all URLâs, location of bankâs server and whois information. If user get any email with phishing attack link. Then our system will take that url as input and crawl the link, retrieve all urlâs and system will compare these urlâs with original banks url database, try to find urlâs are similar or not. Then system will find location of Phishing link URL and compare location with original banks location. After that system will find out Whois information of URL.System will analyze the information and show the results to the user.
Whitepaper for IM Lock Software
http://www.comvigo.com
Our Latest Version of IMLock
http://www.imlock.com/how-to-block-a-website-with-imlock/
IM Lock is an internet filtering software for Home, Business, and Networks.
A FRAMEWORK FOR SECURING EMAIL ENTRANCES AND MITIGATING PHISHING IMPERSONATIO...IJNSA Journal
Â
Emails are used every day for communication, and many countries and organisations mostly use email for official communications. It is highly valued and recognised for confidential conversations and transactions in day-to-day business. The Often use of this channel and the quality of information it carries attracted cyber attackers to it. There are many existing techniques to mitigate attacks on email, however, the systems are more focused on email content and behaviour and not securing entrances to email boxes, composition, and settings. This work intends to protect users' email composition and settings to prevent attackers from using an account when it gets hacked or hijacked and stop them from setting forwarding on the victim's email account to a different account which automatically stops the user from receiving emails. A secure code is applied to the composition send button to curtail insider impersonation attack. Also, to secure open applications on public and private devices.
Email phishing: Text classification using natural language processingCSITiaesprime
Â
Phishing is networked theft in which the main motive of phishers is to steal any personâs private information, its financial details like account number, credit card details, login information, payment mode information by creating and developing a fake page or a fake web site, which look completely authentic and genuine. Nowadays email phishing has become a big threat to all, and is increasing day by day. Moreover, detection of phishing emails has been considered an important research issue as phishing emails have been increasing day by day. Various techniques have been introduced and applied to deal with such a big issue. The major objective of this research paper is giving a detailed description on the classification of phishing emails using the natural language processing concepts. Natural language processing (NLP) concepts have been applied for the classification of emails; along with that accuracy rate of various classifiers have been calculated. The paper is presented in four sections. An introduction about phishing its types, its history, statistics, life cycle, motivation for phishers and working of email phishing have been discussed in the first section. The second section covers various technologies of phishing- email phishing and also description of evaluation metrics. An overview of the various proposed solutions and work done by researchers in this field in form of literature review has been presented in the third section. The solution approach and the obtained results have been defined in the fourth section giving a detailed description about NLP concepts and working procedure.
Social media websites are becoming more prevalent on the Internet. Sites, such as Twitter, Facebook, and Instagram, spend significantly more of their time on users online. People in social media share thoughts, views, and facts and create new acquaintances. Social media sites supply users with a great deal of useful information. This enormous quantity of social media information invites hackers to abuse data. These hackers establish fraudulent profiles for actual people and distribute useless material. The material on spam might include commercials and harmful URLs that disrupt natural users. This spam content is a massive problem in social networks. Spam identification is a vital procedure on social media networking platforms. In this paper, we have proposed a spam detection artificial intelligence technique for Twitter social networks. In this approach, we employed a vector support machine, a neural artificial network, and a random forest technique to build a model. The results indicate that, compared with RF and ANN algorithms, the suggested support vector machine algorithm has the greatest precision, recall, and Fmeasure. The findings of this paper would be useful in monitoring and tracking social media shared photos for the identification of inappropriate content and forged images and to safeguard social media from digital threats and attacks.
Sentiment analysis of comments in social media IJECEIAES
Â
Social media platforms are witnessing a significant growth in both size and purpose. One specific aspect of social media platforms is sentiment analysis, by which insights into the emotions and feelings of a person can be inferred from their posted text. Research related to sentiment analysis is acquiring substantial interest as it is a promising filed that can improve user experience and provide countless personalized services. Twitter is one of the most popular social media platforms, it has users from different regions with a variety of cultures and languages. It can thus provide valuable information for a diverse and large amount of data to be used to improve decision making. In this paper, the sentiment orientation of the textual features and emoji-based components is studied targeting âTweetsâ and comments posted in Arabic on Twitter, during the 2018 world cup event. This study also measures the significance of analyzing texts including or excluding emojis. The data is obtained from thousands of extracted tweets, to find the results of sentiment analysis for texts and emojis separately. Results show that emojis support the sentiment orientation of the texts and those texts or emojis cannot separately provide reliable information as they complement each other to give the intended meaning.
This is a presentation Bill gave at the May 2009 NAISG meeting on the security dangers of such social networking entities as Facebook, LinkedIn and Twitter.
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
Â
The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen.
Fake news detection for Arabic headlines-articles news data using deep learningIJECEIAES
Â
Fake news has become increasingly prevalent in recent years. The evolution of social websites has spurred the expansion of fake news causing it to a mixture with truthful information. English fake news detection had the largest share of studies, unlike Arabic fake news detection, which is still very limited. Fake news phenomenon has changed people and social perspectives through revolts in several Arab countries. False news results in the distortion of reality ignite chaos and stir public judgments. This paper provides an Arabic fake news detection approach using different deep learning models including long short-term memory and convolutional neural network based on article-headline pairs to differentiate if a news headline is in fact related or unrelated to the parallel news article. In this paper, a dataset created about the war in Syria and related to the Middle East political issues is utilized. The whole data comprises 422 claims and 3,042 articles. The models yield promising results.
IRJET-Content based approach for Detection of Phishing SitesIRJET Journal
Â
Anjali Gupta, Juili Joshi, Khyati Thakker, Chitra bhole "Content based approach for Detection of Phishing Sites", International Research Journal of Engineering and Technology (IRJET), Volume2,issue-01 April 2015.e-ISSN:2395-0056, p-ISSN:2395-0072. www.irjet.net
Abstract
Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of content-based approach to detecting phishing web sites. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.We are going to implement Revelation of Masquerade Attacks: A Content-Based Approach to Detecting Phishing Web Sites using PHP & MYSQL.Our system will crawl the original site of bank and it will retrieve all URLâs, location of bankâs server and whois information. If user get any email with phishing attack link. Then our system will take that url as input and crawl the link, retrieve all urlâs and system will compare these urlâs with original banks url database, try to find urlâs are similar or not. Then system will find location of Phishing link URL and compare location with original banks location. After that system will find out Whois information of URL.System will analyze the information and show the results to the user.
Similar to Anonymous Communication And Its Importance In Social Networking (20)
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Â
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Â
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
Â
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Â
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
A Strategic Approach: GenAI in EducationPeter Windle
Â
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Â
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Â
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Anonymous Communication And Its Importance In Social Networking
1. Anonymous Communication and its Importance in
Social Networking
Nguyen Phong HOANG, Davar PISHVA
Institute of Information & Communications Technology, APU
(Ritsumeikan Asia Pacific University), Japan
Corresponding Author: dpishva@apu.ac.jp, Fax: +81 0977 78 1001, Tel: +81 0977 78 1000
Abstractâ Digital information has become a social infrastructure
and with the expansion of the Internet, network infrastructure has
become an indispensable part of social life and industrial activity
for mankind. For various reasons, however, todayâs networks are
vulnerable to numerous risks, such as information leakage, privacy
infringement and data corruption. Through this research, the
authors tried to establish an in-depth understanding of the
importance of anonymous communication in social networking
which is mostly used by ordinary and non-technical people. It
demonstrates how the commonly used non-anonymous
communication scheme in social networking can turn the Internet
into a very dangerous platform because of its built-in nature
making its usersâ identity easily traceable. After providing some
introductory information on internet protocol (IP), internal
working mechanism of social networking and concept of anonymity
on the Internet, Facebook is used as a case study in demonstrating
how various network tracing tools and gimmicks could be used to
reveal identity of its users and victimize many innocent people. It
then demonstrates working mechanism of various tools that can
turn the Facebook social networking site into a safe and
anonymous platform. The paper concludes by summarizing pros
and cons of various anonymous communication techniques and
highlighting its importance for social networking platforms.
Keywordsâ Security, Privacy, Network Tracing Tools,
Anonymous Communication Tools, Social Networking, Facebook
I. INTRODUCTION
We live in the era of Information and Communication
Technology (ICT) and the Internet has become a dominant
means of communication and an indispensable part of modern
life. Adoptions of cloud computing, mobile applications and
virtualized enterprise architectures have led to an expansion of
applications that are connected to Internet resources [1]. Just to
mention a few examples, we use Internet for various sorts of
communication like VoIP and email, multimedia services like
Online Music and Online Movie, business transaction like e-
Banking and e-Business, administrative work like e-Governance
and e-Administration, networking activities such as Online
Advertising and Social Networking. Furthermore, along with the
development of Internet, e-Commerce has become an efficient
marketing tool for many companies and Social Networking with
Facebook is an emerging market which has recently become the
most visited website in the world.
Nevertheless, it is the fact that privacy is implicated in e-
Commerce because of the risk involved in disclosing personal
information such as email addresses or credit card information,
which is required for most electronic transactions. Specific
privacy concerns in this realm include use of customersâ
information by companies for electronic surveillance (e.g.,
âcookiesâ), email solicitation (e.g., âspamâ), or data transfer (e.g.,
when customer database information is sold to third parties or
stolen) resulting in identity or credit card theft [2-3]. As such
approaches could unconsciously victimize both technical and
non-technical users, anonymous communication is becoming
more and more important on Internet environment since it can
protect peopleâs right to online privacy and reduce the
possibility of getting recognized and thus victimized.
In recent years, because of dramatic increase in the use of
social networking platforms by many non-technical people,
social-engineering technique is also being widely exploited to
victimize users. According to the 2013 Data Breach
Investigations Report [4], cyber threat derived from social-
engineering technique is increasing dramatically as shown in
Figure 1:
Figure 1. Threat action categories in 2011 and 2012 [4]
ISBN 978-89-968650-2-5 34 February 16~19, 2014 ICACT2014
2. Although its percentage is still low compared to âMalwareâ
and âHackingâ, threat caused by social-engineering intrusion
has increased by more than 4 times within the past one year.
Considering the rapid development of social networks, it can be
foreseen that social engineering intrusion will continue to
increase in the coming years, thus necessitating appropriate
countermeasures.
The underlying factors behind all these issues are operating
nature of the communication protocol used in the Internet
domain and availability of many free software that can carry out
most of these attacks. The Internet protocol suite which is
commonly known as TCP/IP (Transmission Control Protocol
and Internet Protocol), is used for most Internet applications. IP
serving as its primary component carries out the task of
delivering packets from source host to destination host solely
based on the IP addresses contained in the packet headers. In
order to achieve proper operation of such transaction worldwide,
this requires source and destination to have unique IP address
and included it in the packet headers of their information
packets. Since every IP address is associated with a unique
entity, identity of IP address holders can be traced using their IP
addresses contained in the packet headers. There are numerous
techniques that can achieve such objective and this paper
highlights some of the important and commonly used
approaches.
II. VULNERABILITY OF FACEBOOK USERS
This section will briefly discuss some of the techniques that
are employed to victimize Facebook users at random or in a
pinpointed fashion by taking advantage of the nature of Internet
Protocol (IP), built-in functions of Facebook, innocence and
curiosity of Facebook users.
A. Random Facebook Phishing
Phishing is a good example of social engineering intrusion
technique. About a decade ago, when email services such as
Gmail and Yahoo mail were becoming more and more popular,
phishing was used as an efficient mechanism to lure those
innocent Internet users who easily provided their own personal
information to âphishing emailâ that contained a link to a
fraudulent web page which appeared legitimate, contained
companyâs logos, content and a form requesting many private
information such as home address, phone number, ATM card's
PIN, etc.
In recent years, Facebook not only has grown to become one
of the most popular social networking platform for many people
to communicate and share information, but also turned to be a
productive marketing channel for a lot of companies, retailers,
business entities and the Facebook itself. With an approximately
1.15 billion monthly active users as of June 2013 [5], Facebook
has turned out to become a high-potential target for cyber
criminals. Furthermore, with phishing Facebook, a hacker just
needs to tempt the innocent users to fill in only their Facebook
ID and password. The aftermaths of releasing such information
can be more detrimental than the effect of those which were
revealed through phishing email since huge amount of private
information such as userâs address, birthday, job, education
history, hobbies, friends, relationship and a bunch of other
sensitive information could be accessed from the Facebook
account.
Although Facebook filters all URLs which link its users to an
external website and warns them of fraudulent websites, the
approach does not always work. For example, after clicking to
the link: http://anhhot-duthi.ucoz.net/, which is a fraudulent
website created by a Vietnamese hacker, Facebook will warn the
user about the vulnerability of the site through a dialog box
shown in Figure 2. This, however, does not always happen since
hackers keep on creating new fraudulent web pages in order to
penetrate through loopholes of Facebookâs security.
Furthermore, oftentimes, non-technical people may
unconsciously press the âContinueâ button instead of the
âCancelâ button.
Now let us see what happens when either Facebookâs security
does not detect the above mentioned fraudulent website or a user
clicks the âContinueâ button. As shown in Figure 3, the control
would transfer to a phishing site that has the appearance of
Yahoo Vietnam website, containing Facebook Logo and a login
form which resembles that of the official website. Although a
technical user could easily display HTML view of the page to
determine where the information would be sent, some innocents
Figure 3. An example of a phishing website âhttp://anhhot-duthi.ucoz.net/â
Figure 2. Vulnerability warning of Facebook
ISBN 978-89-968650-2-5 35 February 16~19, 2014 ICACT2014
3. users may just fill up the form and press the submit button. As
indicated in the highlighted section of Figure 3, information
content of the form would simply be sent to http://allforms.
mailjol.net/, a site which provides free Form-to-Mail service. In
other words, filling out the form and pressing âsubmitâ button,
will transfer ID and password of Facebook user directly to the
email address of the attacker.
B. Targeted Facebook Phishing
After obtaining the first victimâs Facebook account, the
attacker can easily exploit more users in a targeted manner by
taking advantage of Facebookâs internal working mechanism
and the victimâs personal information.
1) Using âImportant Friendsâ Feature of Facebook
Facebook has a built-in feature called âimportant friendsâ the
function of which is to internally keep track of people with
whom a Facebook user communicates frequently and shares
some commonality (e.g., same high school, hometown, fan page,
etc.). Whenever important friends write a post, or give a
comment; it appears on their respective homepages as news feed.
Using data mining techniques and associating Facebook users
with ânodesâ and time required for spread of information among
them as distance, one can easily compute for the shortest path in
Facebook social network in order to transfer information from a
given source to a desired destination in the shortest period of
time or trace source of the information at a given destination [6].
There are many data mining tools which can extract such
information through a Facebook account, and for demonstration
purpose the authors have used TouchGraph to show a visual
image of a Facebook accountâs important friends. As shown in
Figure 4, even an ordinary user can visually display important
friends of a Facebook account by checking âSignificant Friendsâ
feature of the TouchGraph software. This implies that after
victimizing a Facebook account through random Facebook
phishing, the attacker can employ such technique to carry out
targeted Facebook phishing attacks towards the important
friends of the victim. Since in targeted phishing Facebook, the
phishing link is being sent from Facebook account of an
important friend, i.e., trustable and authentic source, it may
easily persuade the recipient friend to click the link and supply
the requested information. The chain reaction of such approach
will enable the attacker to easily victimize many Facebook users
in a short period of time.
2) Using âInitial Chat Friends Listâ of Facebook
By examining HTML source code of a victimâs Facebook,
which can easily be done by most web browsers, an attacker can
easily access âInitialChatFriendsListâ of the account as shown
in Figure 5. The list contains Facebook ID of friends with whom
the account holder interacts, arranged in descending order of the
interaction frequency rate. Using the ID information, targeted
Facebook phishing can again be carried out by incorporating ID
of high-interactive friends from this list into http://www.
facebook.com/[ID] to contact vulnerable friends of the victim.
This is another example of successful Facebook phishing as it
appears to come from trustable source and has chain reaction
effects.
3) Employing IP Address Extraction Techniques
Personal information can also be extracted from IP address of
a destination host as explained earlier. This section shows how
an IP addressed can be extracted from its data request packet
headers and type of personal information recoverable from the
IP address. As a demonstration, we will use Facebook Mobile
Application to easily generate a post that has more buttons than
usual on Facebook to tempt other Facebook users click on it and
lead them to a phishing page, a malware-embedded link or an
IP-spy link. The trick here is to stimulate curiosity of other
Figure 4. Mining of Facebook data with TouchGraph
Figure 5. Viewing Facebookâs HTML source code
ISBN 978-89-968650-2-5 36 February 16~19, 2014 ICACT2014
4. Facebook users so that they feel inquisitive and click on the
buttons. The idea is shown in Figure 6 wherein a hot content
encourage viewers to click the encircled âSee moreâ or âHateâ
buttons and consequently direct them to malicious side as shown
in red on its source code.
There are many freely available IP logger software which
take advantage of the operating nature of Internet Protocol (IP)
to extract IP address from the packet headers and show the
associated private information. Figure 7 shows some examples
of such IP logger software and their associated URLs. Even an
ordinary hacker can easily created an IP-spy link using any of
the IP-spy software shown in Figure 7 and insert the IP-spy link
in theâSee moreâ or âHateâ links of Figure 6. Most of these IP-
spy software are designed in such a way that make it difficult for
victims to even know that they are being spied and enable
attackers to generate invisible URL which can be encoded to an
image, or redirect the access to another trusted website by the
time a victim click on it.
Figure 8 shows an example of personal information retrieved
by IP-spy software. Using the above information, the attacker
can penetrate into victimâs PC by means of various IP-attack
tools contained in Kali or Backtrack which are Linux based
penetration tools.
III.ANONYMOUS COMMUNICATION
Considering the above examples, it is clear that Internet users
in general and social network application users in particular are
vulnerable to numerous personal information leakage. Therefore,
the concept of anonymity on Internet, which has been
introduced in recent years to help Internet users protect their
privacy from getting disclosed, is quite important. This section
examines numerous anonymous communication techniques
which are available on Internet, identify their advantages and
disadvantages, and recommend a particular method that is most
suitable for social networking.
A. Anonymous Mode of Internet Browsers
Recently almost all Internet browsers have added a built-in
anonymous mode such as âIncognitoâ in Google Chrome,
âPrivate Browsingâ in Firefox and âInPrivate Browsingâ in
Internet Explorer. In order to determine extent of their reliability,
the authors conducted some simple tests. The investigation
showed that anonymous surfing mode of the above browsers did
not leave any trace when anonymous modes were utilized.
However, by means of an embedded IP-spy URL at the server
side, one could still trace IP information of the user.
Furthermore, even though anonymous browsing mode cleans
cookies, the cleaning is done after the browser is closed. In other
words, while surfing in anonymous mode, tools like Wireshark
can capture the cookies and use them for real time attacks.
B. Anonymity via Proxy
Proxy is a step forward to prevent the Server side from
logging IP address and other relevant information of Internet
user. As shown in Figure 9, when Proxy is used the only thing
that server can see is just the IP address of Proxy Server and not
that of the real IP address of client. Hence, Proxy has become a
popular method, particularly to access websites that have put
some geographic or governmental access restrictions on certain
clients or countries. However, even with the use of Proxy Server,
Figure 6. Code to generate a phishing post on Facebook
Figure 8. Victimâs information spied by IP-spy tool
Figure 7. Freely available IP logger software
ISBN 978-89-968650-2-5 37 February 16~19, 2014 ICACT2014
5. the data has still to pass through userâs Internet Service Provider
(ISP) first as indicated in Figure 9. This means that though with
the use of Proxy Server, a client can hide their IP address from
the final destination, the address is still available to the ISP. In
other words, the ISP itself or an attacker along the route to ISP
can capture packets sent out from a particular IP address by
means of traffic analysis methods to discover private
information.
C. Anonymity via Virtual Private Network (VPN)
In order to solve the key problem of Proxy, VPN is
introduced with a higher level of security. As shown in Figure
10, VPN encrypts all of the packets sent out from clientâs PC
and send it to VPN server through a tunnel called âSecure VPN
Tunnelâ which is established between the clientâs PC and the
VPN server by the VPN software installed in clientâs PC. The
strength of VPN lie in the fact that once the environment is
established, all packets that are sent out from the clientâs PC are
encrypted, regardless of the type of application they use. This
way, even if ISP or hackers retrieve transferred packets, they
will have difficulty of decrypting them in order to extract private
information. The only way to decrypt those packets is to obtain
the secret key from the VPN server. Nevertheless, if a VPN
server gets hacked, controlled by an organization that makes
business out of usersâ private information or make them
available to government entity upon request, privacy can be
leaked.
D. Anonymity via The Onion Router (TOR)
Finally, we will discuss The Onion Router (TOR) as an ideal
anonymous communication method for social networking
environment which employs asymmetric cryptography and use
multiple layers of encryption. In this approach, when
transmitting data from a source to a destination, a random path
consisting of multiple nodes are selected and original data
including its destination are encrypted and re-encrypted using
public key of the selected nodes. This results in an onion ring
wherein each layer is a re-encrypted version an encrypted data
by the public key of the node. In the transmission process, each
node decrypts a layer of encryption to reveal the next layer, a
process similar to an onion-peeling-off process. The final node
decrypts the last layer of encryption and sends the original data
to its destination without revealing or even knowing its sender.
Figure 11 shows a pictorial representation of the working
mechanism of TOR between Alice and her TOR clients [7].
This protocol is more robust than Proxy and VPN because of
its multiple encryption layer and protection of the anonymity of
the sender at the destination from IP logger tools like IP-spy
URL. Although some researcher have pointed out vulnerability
of TOR at the exit node as professional attackers could target
the node, it is not considered a big issue since TOR makes use
of the dynamic IP address to prevent attacker from continuous
monitoring of the exit node. Furthermore, by using tools like
Vidalia, a cross-platform graphical controller for the TOR, TOR
user can easily change the transmission path of data-packets. As
Figure 9. Data flow through proxy server
Figure 10. Data flow through VPN server
Figure 11. The Onion Router working mechanism [7]
ISBN 978-89-968650-2-5 38 February 16~19, 2014 ICACT2014
6. shown in Figure 12, just by clicking the âUse a New Identityâ
button on Vidalia interface, user can get a new IP address and
setup a new data transmission path. This makes TOR an ideal
technique for anonymous communication since in procedures
like VPN, users cannot change their IP address frequently due to
limited availability of IP address.
Another attractive characteristic of the TOR is its free cost.
While full-featured VPN services are charged annually, TOR is
totally free thus making it more popular in Internet world. The
cost free nature of TOR, however, does not compromise its high
security level. Granting that attackers capture transmitted
packets, they will have difficulty comprehending them since the
packets will be in encrypted form as shown in Figure 13. On the
contrary, as more users join the TOR network, the higher
becomes its anonymity level because of increased routing
options. Furthermore, TOR also provides Internet users an
opportunity to protect their privacy from the client side instead
of waiting for solutions from the ISP or the social network
service provider side.
IV.RESULTS AND CONCLUSION:
This paper showed numerous risks that Internet users in
general and social network application users in particular face. It
showed how penetration tools like Wireshark, IP-spy URL and
others can be used to capture private information of innocent
users and victimize them. It proposed anonymous
communication as an effective tool to help Internet users protect
their private information actively and examined numerous
anonymous communication scheme a summary characteristics
of which is shown in Table 1. The table can be used as a
reference by Internet users in selecting a particular anonymity
tool based on the desired level of anonymity and features of the
tools. The authors recommend TOR as the most secured
anonymous communication scheme and foresee its popularity to
further increase in the future. TOR seems to be the king of the
anonymous communication scheme since activity of its users are
really difficult to be traced even by TOR developers themselves
because of its complex internal working mechanism.
Nonetheless, attackers are oftentimes one step ahead, hence it is
necessary to extend TOR development to a higher level of
anonymous communication so as it could cope up with the
evolution of attack technology. Furthermore, educating common
Internet and social network users are also very important since
no amount of anonymity could help when a user starts releasing
private information in response to phishing schemes.
TABLE 1. ANONYMOUS TOOLS COMPARISONS TABLE
Testing tool
Private
Browsing
Function
Proxy VPN TOR
IP spy URL fail pass pass pass
Wire
shark
capture fail fail fail fail
decrypt fail fail pass pass
Trace-back fail fail fail pass
Dynamic IP and
Data Path changing
Do not
support
Do not
support
Limited Support
Cost free flexible flexible free
Anonymous Level Low High
REFERENCES
[1] Chris Drake, FireHost Detects Surge in SQL Injection for Q3 2013 and
Cross-Site Scripting is Rising. Retrieved 22 October 2013. Available:
http://www.firehost.com/company/newsroom/press-releases/firehost-
detects-surge-in-sql-injection-for-q3-2013-with-cross-site-scripting-also-
rising/
[2] Metzger, Miriam J., Communication Privacy Management in Electronic
Commerce, Journal of Computer-Mediated Communication, volume 12,
Issue 2, January 2007, pages 335â361, ISSN 1083-6101. Available:
http://dx.doi.org/10.1111/j.1083-6101.2007.00328.x
[3] Angelia, D. Pishva, âOnline Advertising and its Security and Privacy
Concernsâ, The 15th
International Conference on Advanced
Communication Technology (ICACT 2013), Vol. 1, pp. 372-377 (January
2013).
[4] "Threat Actions", The 2013 Data Breach Investigations Report, Verizon
Enterprise, page 25, Retrieved 2013. Available:
http://www.verizonenterprise.com/DBIR/2013
[5] Facebook Reports Second Quarter 2013 Results. Facebook. Retrieved 24
July 2013.
[6] M.E. J. Newman, âA measure of betweenness centrality based on random
walksâ, Social Networks, Volume 27, Issue 1, January 2005, Pages 39-54,
ISSN 0378-8733. Available:
http://dx.doi.org/10.1016/j.socnet.2004.11.009
[7] "The solution: a distributed, anonymous network", Tor: Overview. TOR
project. Available:
https://www.torproject.org/about/overview.html.en#thesolution
Figure 12. Getting new IP address and changing data-sending path
Figure 13. Packet capture by Wireshark is encrypted by TOR
ISBN 978-89-968650-2-5 39 February 16~19, 2014 ICACT2014