Security Aspects of Social Networks

Anchises M. G. De PaulaSecurity Intelligence Analyst

iDefense, VeriSignFebruary 25, 2010

Agenda

� Motivation� History� Future of Social

Networking� Current Problems� Security aspects of

Social Networking

Source: XKCD - http://xkcd.com

Why Social Networks?

� Global and cultural phenomenon

� Facebook: 400 million users� 3th largest “country” in

the world

� New attack vector for phishers, fraudsters and sexual predators

0

200

400

600

800

1000

1200

1400

1600

China

India

Faceb

ook

USA

Indone

sia

Brazil

Source: Facebook, CIA

Country Population (in millions)

Why Social Networks?

� New organization: “egocentric” approach

� Digital Identities� Profiles� Fakesters

Source: Google

Why Security?

“It’s the great irony of the Information

Age that the very technologies that empower us to

create and to build also empower

those who would disrupt and

destroy”

(Barack Obama)

Source: Whitehouse

History

Demographics

� Dominant social network vary greatly between different geographic regions

� Majority of the online connections between real-life friends

Source: oxyweb

Future of Social Networking

� Virtual Currency

� Mobile Social Networking

� Sensor Networks

� Social TV Source: Wired

Current Problems

� Decentralization and Interoperability

� Managing Social Identities

� Trust and Reputation Management

Current Problems

�Privacy�Personal data�Pictures�Professional

information

Current Problems

�Privacy�Personal data�Pictures�Professional information

�Content Overload

Current Problems

�Offense, Hate and Discrimination

�Child Safety and Sexual Crimes�Defamation

�Stalking�Cyber bullying

�Sexting

Security aspects of Social Networking� Current Security Threats

�Identity/Password Theft�Fake profiles�Targeted attacks

Security aspects of Social Networking� Current Security Threats

�Malicious Code, Viruses and Worms

�Spam, Phishing and Financial Fraud

Malicious Programs Targeting Social Networking Sites

Security aspects of Social Networking� Current Security Threats

�URL Shortening�Hide malicious sites

Source: tweetmeme

Security aspects of Social Networking� Social Networks

under Attack�Exploit of Social

Network Gadgets

�Security vulnerabilities�Cross-site scripting

(XSS)�SQL injection

�DDoS�Worms

�Koobface

Security aspects of Social Networking� Malicious Actors

�Individuals�Spammers and

phishers

�Fraudsters and cyber criminals

�Hacktivists and terrorist groups

�Sexual predators

Security aspects of Social Networking

� Malicious Actors�Terrorism Using Social

Networks and Online Communities

Security aspects of Social Networking� Malicious Actors

�Hacking communities�Recruitment� Information exchange�Marketplace�Hacker for hire

References

� Data Privacy Day: http://dataprivacyday2010.org

� Social Media Security: http://socialmediasecurity.comhttp://twitter.com/SocialMediaSec

� SocialNetworkingWatch: http://www.socialnetworkingwatch.com

� Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html

� iDefense: www.idefense.com

Thank you :)

�Anchises M. G. De Paula�http://anchisesbr.blogspot.com�Twitter: @anchisesbr

Non-commercial Share Alike (by-nc-sa)

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.

To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send

a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA