subscribe: Daily Newsletter

 

Security and social networking

0 comments

According to Nielsen, the amount of time spent by people across the world on social networking sites is growing at a rate of 82% a year, with users spending hours of their time every month on sites like Facebook, Twitter and YouTube.

While social networking has changed the way in which people interact and even do business, it has also opened up users and companies to a wide range of risks in the form of security threats. As usage continues to grow, these threats only become bigger and more of a risk.
This is according to Bosman Brink, Norton and PC Tools product manager at Drive Control Corporation.
The very nature of sites like Facebook encourage users to share details about themselves that they would not necessarily tell a stranger in a bar, and yet some people are more than willing to place personal information on a public forum that the whole world can see.
This makes people vulnerable not only to identity theft, but also to a host of other sinister threats.
The reality is that the more time people spend online using social networking websites, the more time and opportunity this gives cyber criminals to obtain detailed information about users, exposing them to threats and making them victims of what has become the most profitable form of crime in the world.
Hacking is one danger when using social networking sites. If a user's profile is hacked, cyber thieves will be able to access all of their information, even that which is kept private from strangers, including their name and surname, date of birth, contact details, school history and so on.
When combined with keystroke logging software and Trojans, these details can be used for many malicious acts.
For instance, if a cyber criminal gets hold of a person's bank login details using a Trojan, and then uses this to access their account and transfer funds, the bank may phone for confirmation.
The criminal may have already been able to change the telephone details through the information they have gleaned by hacking a user's social networking profile, and will then have all of the necessary information to confirm the transaction without their knowledge.
This information may also be sold on the black market to the highest bidder, a highly lucrative trade in the cybercrime industry.
Personal details gathered from these public forums may also be used in other ways, such as spear phishing, which is a more sophisticated version of phishing.
Spear phising enables a cyber criminal to target a specific person by getting them to disclose personal details or open an infected link or attachment. These emails are cleverly masked, appear genuine and have a high probability of success.
Social networking worms and Trojans have also become a reality.
These worms propagate across social networking sites, infecting machines through links and applications, creating large botnets and enticing users to share these links or applications with their friends, thereby hacking more machines and enlisting even more hapless victims into the botnet.
In fact, one such worm, known as Koobface, has been hailed by researchers as the largest botnet in Web 2.0.
Third party applications on social networking sites are a dangerous business.
Aside from frequently masking malicious software tools, the third party platform applications for Facebook often give application developers access to far more information than they need to run their applications, including personal details, pictures, interests and so on.
If the application developer is less than honest then this information can be sold, often for large profits, to advertising companies or cybercrime syndicates.
Cybercrime has overtaken the drug trade as the most profitable form of crime in the world, and social networking is often the platform used to perpetrate these crimes.
In fact, it has become an area of extreme interest for the FBI in the United States, which is now looking into the online black market and listing the most wanted traders on their database and tracking them down.
However, the reality is that they will never be able to catch all of the criminals out there, so it is up to users of social networking sites to do everything they can to protect themselves from harm.
Users need to educate themselves on the nature of the threat, and become as sceptical of people, links and applications in social networking as they would be of emails.
It is also a good idea to limit the amount of personal information shared on social sites. As a rule of thumb, if users would not tell it to a stranger, then do not put it on their profile.
Another point to bear in mind is to be wary of shortened links. These have become common practice, especially on Twitter where the number of characters on an update is limited, but these links can easily mask redirects to malicious sites and the user will be unaware of the fact.
Again, be sceptical and do not click on a link from someone not explicitly trusted.
It is also advisable to have sophisticated security software to protect against malicious threats and to remove worms, Trojans and so on before they can do too much damage.
Look for a solution that has a range of scanners and barriers and maintains a database with all of the latest signatures of Trojans, Cookies and Keyloggers and ensure that the definitions are updated at least once a day, if not more, to make certain that protection covers the latest threats.
Social networking is here to stay and people cannot avoid all of the risks. They can, however, manage them through a combination of education, awareness, common sense and the very best in sophisticated security software.