Pierluigi Paganini August 20, 2012

Article published on The Malta Indipendent

Ron Kelson,

Pierluigi Paganini,

Fabian Martin,

David Pace,

Benjamin Gittins

“Be social” is the buzzword of recent years. No matter whether we are at home, in the gym, at work, or elsewhere, we are haunted by the need to be part of something online. We live alternative online lives, and we have dense networks of relationships that vary depending on the context (social, work, family).

This human propensity for aggregation is now the foundation of the “social network” concept, a multi-dimensional interdependent community of actors or nodes. These actors/nodes are predominantly individuals, but can also be groups, companies, or even countries. Each relationship or linkage between a pair of nodes is typically a flow of material or non-material resources that may include social and/or emotional support, friendship, companionship, religious beliefs, time, information and interests, passions, expertise, money, business transactions, shared activity, etc.

According to DARPA’s representatives: “Social media have evolved from a platform that provides infrastructure that supports maintaining connections between friends to a platform that supports recruiting, collaborating, organizing and competing for resources… Among these communities and teams are terrorist and other criminal organizations.

“The impact of these teams on the social landscape, their interactions with other teams, the evolution of network state over time, and competition with other teams and communities has not been adequately researched. Due to the overwhelming deluge of data generated by users across social media platforms, this analysis cannot be done manually.”

As with any other subject, there are many and conflicting opinions on what is considered a social revolution.

Recent events have demonstrated the significance and potential of this new type of social media as a communication vector, as an instrument for social analysis, and even as an facilitator of popular dissent, such as its support role in the organisation of non violent protests during the Arab Spring. In this latter example, social media can also provide interested third parties key indicators on how a situation is really developing across potentially vast regions, such as the Middle East or North Africa.

There are many theories behind social networks, and two in particular are very fascinating:

1. one which sees social networks as a powerful tool custom-built for exploitation by governments, as a result of its massive collection and storage of personal/sensitive information just waiting to be data-mined to expose individual, group, regional, and global sentiments and trends; and
2. another which considers this platform as a powerful tool enabling citizens to coordinate their observation and management of government(s) and corporations, where like-minded individuals can come together to exchange intelligence and, where deemed necessary, coordinate (non-violent) social dissent against perceived injustices.

A more balanced perspective or hypothesis would be somewhere between these two views. That is, one can view social networks as powerful communication tools capable of reaching cliché groups and/or vast audiences instantaneously and globally. It is inherently difficult to maintain tight control over each and every communication channel in social media, particularly when run outside your country. This is the real concern for some governments that fear losing centralized top-down control of a situation that (they worry) could explode at any time (against the entrenched interests of a few), and which can develop to become both unpredictable and unstoppable. Let us recall that social media has been touted by CNN and other mainstream media organisations as helping to pull down governments that did not protect the legitimate interests of all its citizens.

It is precisely this concern which has led to the following developments:

• Government interference in the activities of the major social networking companies: Rather than speak of interference, today we are faced with real collaboration (Legalized Interception) and mutual exchange of favours. Who cannot remember the dinner when President Obama dined with technology luminaries such as Mark Zuckerberg, Steve Jobs, Larry Ellison of Oracle, Eric Schmidt of Google and many other prominent leaders! There is no doubt that companies like Google or Facebook today have the opportunity to obscure any account just because its behaviour is not compliant with their (internationally tailored) policies. Who established these various policies? Who can shape these policies? ($, Govt, …) Who controls the controllers? (Wasn’t it supposed to be the citizens?) Today, large social media organisations manage search engine results pages (SERPs) and blogs search results all over the world, they have control over communication, and they can simply delete large chunks of your digital existence.
• Adoption of tools for monitoring of communications over social networking: We occasionally hear news of the acquisition (Microsoft buys Skype and installs legalised interception) or development by governments (DARPA: Total Information Awareness) of systems for monitoring communications (Signals Intelligence). Each man, woman and child is spied on by a (potentially intolerant and) increasingly militarised big brother. The consequences are more, or less, serious, depending on the nation in which you live, or communicate with. We have an extensive casuistry, from preventive arrests to veritable tortures and murders, for example Syrian repression or Chinese censorship.
• Implementation of methods for the direct analysis of social networks through active infiltration: Agents, sometimes supported by Artificial Intelligence systems, can monitor the overall sentiment around particular issues, sometimes covertly (or overtly) proactively exerting a real influence. Social networks are a rich mine of information, and there is a strong “Return on Investment” for organisations and individuals to adopt social networks for investigation and cyber espionage.
• Seeking legal authority to install software on your computer without your permission: In particular see Australia’s Attorney General’s Department’s discussion paper entitled “Equipping Australia Against Emerging and Evolving Threats” (2012). Also see the video at www.getup.org.au
• Preventing access to social media: Increasingly, governments want the ability to selectively turn off Social Media. China blocked access to Twitter and Facebook after riots in 2009. Egypt shut down the Internet during the popular uprising (2011). The UK government considered shutting down access to social media during the England riots in 2011.

Social networks are without doubt contributing to, and pushing the boundaries of development of new technologies and the provision of new services. Consider the significance of being able to instantly share any kind of media or document, how new opportunities for e-commerce and banking providing integrated services are generating new jobs. The massive introduction of social networking has radically changed the way we spend our spare time, and, in many cases, has introduced a new professional class that is able to promote and manage new media and services through new powerful platforms.

Of course cybercrime has steadily increased with the rapid growth of social networks where we willingly, or inadvertently, share private information such as birthdays, addresses, phone or mobile numbers, and more intimate details such as interests, hobbies, favourite books/films/music, relationship status and sexual preferences. With this wealth of information we increasingly become an object of interest for a new generation of cyber-criminal.

The huge media exposure of these new social networking platforms can be a source of significant problems where literally entire populations are potentially exposed to new cyber threats which can be targeted or non targeted, intentional or unintentional, and can stem from a variety of sources, including cyber criminals, foreign nations engaged in information warfare and espionage, hackers and virus writers, employers, even disgruntled employees and contractors within an organisation.

Newer cyber threats to manipulate mass conscience for example have emerged (disinformation), such as when rumours of a possible coup flooded China’s blogosphere, some reporting tank and gunshots on Beijing’s street. It was all a lie, as reported by Mr Kaspersky, of Kaspersky Labs, who happened to be there at the time.

Countless criminal organisations have used the network for all kinds of social engineering attacks with the intent of gathering sensitive information, or to spread malware or steal financial information from users. (We will talk about various black-hat attacks conducted on social media networks against you in our next article in this series.)

In short, social networks have become an essential mainstay of our times. Keeping in mind the considerable risks of identity theft, stalking, sexual predators, privacy and employment, through to large scale cybercrime, espionage, theft, and mass manipulation, we still have much to do in terms of (user) education, (privacy enhanced) system design and security. So let’s talk about a few simple things you can do right now to improve your social media security:

Be sensible, and limit the amount of information you put up online in social media websites… After all, Facebook and Twitter are run by humans that “you don’t know personally”. Why do you personally trust that organisation? Why do you personally trust their technicians and administrators? Check yourself before you post:

“If a third party that I didn’t know got access to this information, would I care?”

Reduce your exposure and periodically go through and delete your old postings.

Read the fine-print on social media websites. You may be surprised just how much information an application is permitted to learn about your account and personal details when you install them on your page. (Ask yourself, why does Facebook have such a high market value? How is money being made on your personal data?) We recommend you remove most of your non-essential Facebook applications to reduce your exposure to unwanted information leakage.

Install a high-quality antivirus tool;

Keep your web-browser and operating systems regularly patched; and

Beware of phishing attacks. Do not click on attachments with any of the following extensions: “.scr” “.exe” “.com” “.bat” or “.sh”. Do not open attachments from unknown people! Always check the sender’s e-mail address.

Social media platforms help bring people together in real-world communities. We must find a reasoned approach to managing and running social media that protects the legitimate interests of all stakeholders, under all situations. Right now, it’s clear we are nowhere near achieving that goal. So be smart online and reduce your level of risk exposure.

David Pace is project manager of the ICT Gozo Malta Project, and a freelance IT consultant

Pierluigi Paganini, Security Specialist CISO Bit4ID Srl, is a CEH Certified Ethical Hacker,

EC Council and Founder of Security Affairs (http://securityaffairs.co/wordpress)

Prof. Fabian Martins (http://br.linkedin.com/in/fabianmartinssilva) is a banking security expert and product development manager at Scopus Tecnologia, (http://www.scopus.com.br/) owned by Bradesco Group.

Ron Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited [email protected] .

Ben Gittins is CTO of Synaptic Laboratories Limited. [email protected]

ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded in 2011 by the Malta Government, Ministry for Gozo, Eco Gozo Project, and a prize winner in the 2012 Malta Government National Enterprise Support Awards. www.ictgozomalta.eu links to free cyber awareness resources for all age groups.

To promote Maltese ICT, we encourage all ICT professionals to register on the ICT GM Skills Register to keep abreast of developments, both in cyber security and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace at [email protected] or phone  +356 7963 0221.