Categories: Digital IDHackingIntelligenceSecuritySocial Networks

Social Network Poisoning … they want to spy on us, we evade

Social Network Poisoning term refers the effect produced by the application of methods designed to make unreliable the knowledge related to a profile and its relationships.

“Be Social” is the imperative of the last years. We live alternative lives, we have dense networks of relationships, we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of “social network“, a community of people, each of them defined “node” by researches, which are united by friendship, kinship, passions, interests, religious beliefs. The whole world is represented by a lattice structure that scientists have long taken to study, to achieve the classification of that human “node”, classify and customs, and especially to predict the behavior of single and through its influence the response of the community a particular event. The philosophy is that of the control.

In May 2011 I have defined the term “social network poisoning” writing before to Wikipedia EN and also to Italian Wiki.

The term social network refers to the “poisoning” effect produced by the application of methods designed to make unreliable the knowledge related to a profile and its relationships. The application of this kind of attack on a large-scale could lead to the collapse of Social Networking platforms affect its value for commercial purposes, as well as the utility in terms of knowledge and correlation of data provided by users, with a significant impact on its economic value.

In the same way as the “route poisoning” (affecting the telecommunications network), the “poisoning action” are conducted with the aim to pollute the contents of this social network profiles typically introducing artifacts and relationships exist between them and real ones thus making the information unreliable. The result is the consequent failure of the chain of trust which are based on all social networks, in order not to allow search engines specifically developed to retrieve information of any kind relating to a particular profile.

Starting from the assumption that the Internet and in particular the social network lacks a coherent and safe management of digital identity, it is possible to introduce the main tools currently poisoning hypothesize new and viable in a future scenario
Current tools

Replacement of identity, or the ability to impersonate another user to the wide variety of purposes intelligence social engineering.
Simulation of identity, creating a false profile, which does not correspond to any existing person, for malicious purposes or simply to remain anonymous.
Fuzzing profile, the voluntary introduction of elements false and / or non-matching to your profile to deceive intelligence systems, to prevent OSINT activities or other forms of personal gain.
Fuzzing social graph, the association intended to groups and individuals that have nothing to do with their interests and relations with the intention of introducing “noise” in their social graph.

Future instruments:

personal /social bots , creating a large number of fake profiles (e.g. millions of fake profiles) managed by machines, able to interact with real users in a way likely, thus changing the “sentiment” and “conversation “large-scale as well as altering all the social graph and to preclude meaningful correlations on the data.
black curation, the use of real users “holes” or fictitious to speak on topics of which you want to change the meaning, or to create new one ad-hoc, in analogy to the black SEO (search engine optimization) already use on search engines.

How easy to understand the interest in social networks are the stars. Complex systems analyze information, scan faces and places, building new relationships and providing new information. Government agencies and companies have realized the full potential of the medium, a real gold mine in which the imperative is the power, information, and control of a at the expense of a user too distracted and inattentive to the dangers ahead.

(Security Affairs – Social Network Poisoning)

Special thanks to

Mohit Kumar – Founder and CEO at The Hacker News

Andrea Zapparoli Manzoni – Founding Partner @ iDialoghi Srl

Calogero Bonasia – BPM Senior Analyst

References

Social Network Poisoning (IT)

http://it.wikipedia.org/wiki/Social_Network_Poisoning

http://securityaffairs.co/wordpress/?p=331

http://news.thehackernews.com/THN-dec2011.pdf

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.