The Jeopardy of

Social Media

Ed Miller CISA CIA CISM CIPP/IT March 6, 2014

Virginia Chapter Meeting

• For smartphone or tablet users, you can find the app at your local App store (apple,

google play or whatever) by searching for Turning Technologies or Responseware.

• Download the app directly to your device

– Download Options • Android™ App

• iPhone®/iPad®/iPod touch® App

• Or try http://www.rwpoll.com/download.aspx

• You also don’t need the app at all. Just use your browser and type www.rwpoll.com

Clicker Players We are going to be using audience response devices, or

“clickers”. You just click the number when you want to

answer.

Smartphone Players

Session ID: ISACA

Scoring • We’re going to divide into teams, so everyone plays.

• Team scores are the average of the total team.

• For example, let’s say there are 10 teammates

answering a 1000 point question. 7 answer correctly

and 3 are wrong.

(7 correct x 1000) + (3 incorrect x 0) = 7000

7000 / 10 teammates

= 700 points

“POLLING” is the length of time from when the question is

first displayed until the question is closed from further

answers.

You can start answering as soon as the question is

revealed. I’ll close polling as soon as I think most people

have had a chance to answer the question.

In addition, your first response on the clicker is the only one

that counts. You cannot change your mind.

Also, SPEED scoring is in effect. In speed scoring, the

player’s score is reduced by the length of time it took to

respond based on how long “polling” is open & when the

response was input.

So if polling is open for 10 seconds for a 1000 point

question, then each full second taken before the

correct answer is clicked, reduces the player’s score

by 100 points.

Example, if it’s a 1000 point question & polling is open

for 10 seconds and it takes a player 7 seconds to

respond correctly, the player loses 700 points from the

1000 point maximum & only scores 300 points for his

team. But if the player takes only ½ second to respond

correctly, the player loses only 50 points from the

maximum of 1000 & scores 950 points for the team.

You’ll see a lot of decimal places in the scoring.

LET’S PLAY!

Select the day of your birthday

Days 1 th

rough 1

0

Days 11 th

rough 20

Days 21 th

rough 31

0% 0%0%

1. Days 1 through 10

2. Days 11 through 20

3. Days 21 through 31

l also need a team captain from each

team to choose questions.

Team Captains

LAW &

ORDER

FACTS &

FIGURES

THERE’S

AN APP

FOR THAT

PRIVACY

RISKY

BUSINESS

POTPOURRI

200 200 200 200 200 200

400 400 400 400 400 400

600 600 600 600 600 600

800 800 800 800 800 800

1000 1000 1000 1000 1000 1000

Jeopardy

Can the police spy on people using social

media networking sites?

1. No, it is unconstitutional

2. Not without a warrant

3. Yes, but only for suspected terrorists

4. Only if probable cause of a crime is established

5. Yes

No, it i

s unco

nstitu

tional

Not with

out a w

arrant

Yes, but o

nly fo

r susp

ecte...

Only if

pro

bable

cause

of .

.. Yes

0% 0% 0%0%0%

Law and Order - 200

In 2011 Allergy Pathway Ltd. was fined for allegedly allowing

misleading reviews of its products to be published on its website via

links to Facebook; Twitter and YouTube. While the company had not

written the testimonials posted in these social media areas; the court

found that by deciding not to remove them it had effectively become

the publisher. What country was this in?

1. South Africa

2. Ireland

3. Canada

4. Australia

5. England

Law and Order 400

South A

frica

Ireland

Canada

Australia

England

0% 0% 0%0%0%

78% of these types of criminals admitted to

using Facebook; Twitter; FourSquare &

Google Street View to select victims?

Law and Order - 600

1. Credit Card Fraudsters

2. Hackers

3. Spammers

4. Burglars

5. Identity Thieves

1. 2. 3. 4. 5.

0% 0% 0%0%0%

This US government agency has collected

and archived ALL public tweets since

Twitter’s inception in 2006.

1. National Security Agency

2. Federal Trade Commission

3. National Bureau of Records & Archives

4. Library of Congress

5. Central Intelligence Agency

Law and Order - 800

Nat

iona

l Sec

urity Age

ncy

Fede

ral T

rade

Com

mission

Nat

iona

l Bur

eau of

Rec

o...

Libr

ary of

Con

gres

s

Cent

ral Int

ellig

ence

Age

ncy

0% 0% 0%0%0%

You are evaluating resumes for a new IT tech position. The job requires

lifting & mounting servers into racks. You review your most qualified

applicant’s LinkedIn page. Her resume checks out completely but after

seeing her picture you have concerns. What should you do?

1. Schedule the applicant for an interview

2. Do not interview, the applicant does not appear to be physically able to perform the job

3. Do not interview, the applicant is too old for the position

Schedule

the applic

ant fo...

Do not i

nterv

iew

, the ap

p...

Do not i

nterv

iew

, the ap

p...

0% 0%0%

Law & Order - 1000

How many malicious links does Facebook

block every DAY?

1. 22,000

2. 220,000

3. 220 million

4. 220 billion

22,000

220,000

220 mill

ion

220 billi

on

0% 0%0%0%

Facts and Figures- 200

Per a 2010 survey: how many Tweets

containing spam or malicious links did the

average Twitterer receive per DAY?

1. 27

2. 17

3. 7

4. 1

27 17 7 1

0% 0%0%0%

Facts and Figures- 400

Social media apps for smart mobile devices have

exploded in popularity over the last few years. How

many smart phones were “lost” or “stolen” in 2012?

1. 7 million

2. 25 million

3. 50 million

4. 70 million

5. 100 million

7 mill

ion

25 mill

ion

50 mill

ion

70 mill

ion

100 mill

ion

0% 0% 0%0%0%

Facts and Figures-600

Will Victoria’s Secret really give me a $500 gift

card for sharing a link on my Facebook page?

1. Yes, they will. It is a reward given to users who advertise for them

2. Yes, but only if the established number of your friends also share the same link

3. No, they don’t do that Yes,

they w

ill. I

t is a

rew

...

Yes, but o

nly if

the e

stab

...

No, they d

on’t do th

at

0% 0%0%

Facts & Figures– 800

“ I don't have a bank

account because I don't

know my mother's maiden

name.“

- Paula Poundstone

Password hint questions such as pet’s name; city of birth; favorite

sports team etc. are often used to help social media users who

have forgotten their passwords. Statistically; how many users

forget the answers to their own secret questions?

1. 1 out of 1000

2. 1 out of 100

3. 1 out of 10

4. 1 out of 5

1 out o

f 1000

1 out o

f 100

1 out o

f 10

1 out o

f 5

0% 0%0%0%

Facts and Figures-1000

Smartphones include audio sensors; image sensors; touch

sensors; acceleration sensors; light sensors; proximity sensors; &

location sensors. Studies have shown that apps utilizing just some

of these features can successfully predict this with over 80%

accuracy.

1. User’s height/

weight

2. User’s gender

3. User’s age

4. User’s ethnicity

There’s an APP for that – 200

1. 2. 3. 4.

0% 0%0%0%

This social media smartphone app lets users send

photos that will “self-destruct” within 10 seconds

making users feel “safer” about sending silly & even

explicit photos.

1. Instagram

2. Flickr

3. Photobucket

4. Snapchat

5. Image Shack

6. KIK

Inst

agram

Flick

r

Photobuck

et

Snapchat

Image Shac

k KIK

0% 0% 0%0%0%0%

There's an APP for that - 400

Which “app store” has the best reputation

for providing “secure” apps?

1. Google Play

2. Amazon

3. Blackberry World

4. Apple iTunes

5. Facebook

Google P

lay

Amazo

n

Black

berry W

orld

Apple iT

unes

Face

book

0% 0% 0%0%0%

There's an APP for that - 600

Using a specially developed app that runs facial-recognition

software ; researchers have matched randomly collected digital

photos to Facebook users and could often determine the person’s

Name; Birthday; Place of Birth; and SSN. Where was this research

conducted?

1. MIT

2. Center for Cyberspace Research

3. Carnegie Mellon

4. Georgia Tech

5. National Institute of Standards & Technology M

IT

Center f

or Cybers

pace R

e...

Carnegie

Mello

n

Georgia

Tech

Natio

nal Inst

itute

of S

ta...

0% 0% 0%0%0%

There’s an APP for that - 800

FourS

quare

Creepy

Reddit

Where

DoYouGo

Loopt

0% 0% 0%0%0%

This APP lets you enter a social media username or use their search

utility to find users of interest. When you hit the 'GEOLOCATE

TARGET' button; the app downloads every photo; tweet or facebook

post that the person has ever published. It then generates a map of

when and where that person has been. What is the APP?

1. FourSquare

2. Creepy

3. Reddit

4. WhereDoYouGo

5. Loopt

There's an APP for that - 1000

What percentage of users surveyed do not check

the privacy settings in any of their social media

networks?

1. 10%

2. 15%

3. 20%

4. 25%

5. 35%

10%15%

20%25%

35%

0% 0% 0%0%0%

Privacy - 200

All of these things can lead to IDENTITY

THEFT; but researchers have determined

that the most common problem is?

1. Poor Password Management

2. Providing Too Much Personal Information (TMI)

3. Clicking on malicious links

4. Engaging in inappropriate online behavior

Poor Pas

sword

Manage...

Provid

ing T

oo Much

Per..

.

Clickin

g on m

alicio

us lin

ks

Engaging i

n inappro

pria..

0% 0%0%0%

Privacy - 400

Enter Question Text

1. Subscription fees

2. Ad streaming

3. Sale of demographic &

user behavior data

4. Click tracking

5. Corporate sponsors

Subscrip

tion fe

es

Ad stre

amin

g

Sale o

f dem

ographic

& u...

Click tr

ackin

g

Corpora

te sp

onsors

0% 0% 0%0%0%

Privacy - 600 Social media networks make most of their

money through?

John McAfee; inventor of McAfee Anti-Virus & a person of interest in a

murder case in Belize; was located in Guatemala when digital pictures

of him were posted online. The pictures contained metadata revealing

the GPS coordinates of where he was hiding. This particular format of

“picture” metadata is known as?

1. Dublin Core

2. EXIF

3. ONYX

4. MPEG-7

5. MODS

Dublin C

oreEXIF

ONYX

MPEG

-7

MODS

0% 0% 0%0%0%

Privacy - 800

Joe is a valued employee and never uses Facebook at work. His FB

page identifies the name of his employer. He posted this picture of

himself on FB from his personal smartphone. Joe has many

colleagues from his office as FB “friends” including his boss who saw

this picture. Joe’s boss should:

1. Ignore this picture, Joe has 1st Amendment rights.

2. Fire Joe immediately

3. Talk to Joe about the picture

4. Refer Joe to a drug treatment program

Ignore

this

picture

, Joe h

..

Fire Jo

e imm

ediate

ly

Talk to

Joe ab

out the p

i...

Refer J

oe to a

dru

g trea...

0% 0%0%0%

Privacy - 1000

Per a 2011 survey in the UK; who is more likely to

fall victim to a phony Facebook friend request?

1. Men

2. Women

Men

Wom

en

0%0%

Potpourri- 200

A study from the U.K. indicates that people who post too many

self-taken photos of themselves on Facebook and similar social

networks risk damaging their real-life relationships. These types

of photos are known as what?

1. Selfies

2. Faceplants

3. GessHoos

4. MyPix

5. MeMe’s

Selfies

Face

plants

GessHoos

MyPix

MeM

e’s

0% 0% 0%0%0%

Potpourri - 400

http://bit.ly/aaI9KV

What is Bit.ly and why might it be

unsafe? 1. It’s a “clickjacker”, a malicious script

that can make a user’s computer automatically & repetitively click on pay-for-click advertising links

2. It’s a URL shortener that may redirect a social media user to a malicious website or script

3. It’s a Libyan hacker forum that trades in credit card numbers stolen from social media websites

4. It’s a virus targeted through social media networks, that overlays the first 64 bits of a boot sector with all 0’s.

It’s a

“clic

kjack

er”, a

mal.

..

It’s a

URL s

hortener t

hat...

It’s a

Libya

n hack

er foru

...

It’s a

virus t

argete

d thro

...

0% 0%0%0%

Potpourri – 600

This worm targets social networking sites by delivering

messages to “friends” of a social network user whose

computer has already been infected. When the message is

opened, the user is prompted to download a fake and

malicious Adobe update.

1. Koobface

2. Pikachu

3. Mikeyy Mooney

4. Anna Kournikova

5. Michelangelo

Koobface

Pikachu

Mik

eyy M

ooney

Anna Kourn

ikova

Mich

elange

lo

0% 0% 0%0%0%

Potpourri - 800

In 2012 Manti Te’o; a Notre Dame football player &

Heisman Trophy candidate; was lured into a social

media relationship with a non-existent woman. This

type of scam is known as?

1. Like-jacking

2. Identity Theft

3. Cyberstalking

4. Catfishing

5. Social Engineering

Like-ja

ckin

g

Identit

y Theft

Cybersta

lkin

g

Catfish

ing

Social E

ngineerin

g

0% 0% 0%0%0%

Potpourri - 1000

Francesca’s Holdings Corp. fired it’s CFO for improperly communicating

company information through social media. His Twitter feed and

Facebook wall contained several items that could have led to his

downfall.

One study showed show that 76% of the Inc. 500 lack this essential

control?

1. Social media analytics

2. Social media employee training

3. Social media usage policy

4. Social media monitoring

5. Social media risk assessment

Risky Business - 200

Social m

edia analytics

Social m

edia emplo

yee tr

...

Social m

edia usage polic

y

Social m

edia monito

ring

Social m

edia risk

assess

ment

0% 0% 0%0%0%

This fashion designer & online store suffered significant

damage to their brand when it tweeted about the 2012 uprising

in Egypt; “Millions are in uproar in Cairo. Rumor is that they

heard our new spring collection is now available online at ….”

1. Max Raab

2. Kenneth Cole

3. Perry Ellis

4. Nikki Sixx

5. Kelly Carrington

Risky Business - 400

Max R

aab

Kenneth Cole

Perry Ellis

Nikki S

ixx

Kelly Carri

ngton

0% 0% 0%0%0%

In April 2013; this hacker group hacked the twitter feed of the

Associated Press & tweeted that the White House had been

bombed; causing great confusion & temporarily sending the

stock market down 143 points in a matter of minutes.

1. Anonymous

2. LulzSec

3. Chaos Computer Club

4. Syrian Electronic Army

5. NCPH

Risky Business - 600

Anonymous

LulzS

ec

Chaos Com

puter C

lub

Syria

n Ele

ctro

nic Arm

yNCPH

0% 0% 0%0%0%

Companies have flocked to Facebook & Twitter as a way to

advertise using short posts & tweets. New regulations

introduced in March 2013 now require such posts to first

state that it is an advertisement & to be followed up with

disclosure to the claim. What agency created these

regulations?

1. Dept of Commerce

2. Bureau of Industry & Security

3. Federal Trade Commission

4. Consumer Financial Protection Bureau

Risky Business - 800

Before Regulations

After Regulations

A white-hat hacker created this fictitious person using profiles on Facebook; Twitter

& LinkedIN. The profiles described her as a 25-year-old MIT graduate & "cyber

threat analyst" working at the Naval Network Warfare Command in Norfolk, Va.

Within days; “she” was able to "friend" nearly 300 people, most of them security

specialists; US military personnel; and staff at intelligence agencies & defense

contractors.

Despite the completely fake profile & any real corroborative evidence; “she” was

offered consulting work with Google & Lockheed Martin & received numerous

dinner date invitations. “She” was able to gain access to email addresses; bank

accounts & the locations of secret military units based on soldiers' FB photos.

“She” was also given private documents for review & was offered speaking

engagements at several conferences.

What name was used for this fictitious person?

1. Lennay Kekua

2. Robin Sage

3. Shawna Kenney

4. April Tyler

Risky Business - 1000

Lennay K

ekua

Robin Sage

Shawna Kenney

April Tyler

0% 0%0%0%

Cumulative Team Scores Points Team

Individual

Individual Leaders Points Participant Points Participant

TEAM

Team Racing Scores

Thank you!

We now return you to your

regular programming.