“Be social” is the buzzword of recent years. No matter whether we are at home, in the gym, at work, or elsewhere, we are haunted by the need to be part of something online. We live alternative online lives, and we have dense networks of relationships that vary depending on the context (social, work, family).
This human propensity for aggregation is now the foundation of the “social network” concept, a multi-dimensional interdependent community of actors or nodes. These actors/nodes are predominantly individuals, but can also be groups, companies, or even countries. Each relationship or linkage between a pair of nodes is typically a flow of material or non-material resources that may include social and/or emotional support, friendship, companionship, religious beliefs, time, information and interests, passions, expertise, money, business transactions, shared activity, etc.
According to DARPA’s representatives: “Social media have evolved from a platform that provides infrastructure that supports maintaining connections between friends to a platform that supports recruiting, collaborating, organizing and competing for resources… Among these communities and teams are terrorist and other criminal organizations.
“The impact of these teams on the social landscape, their interactions with other teams, the evolution of network state over time, and competition with other teams and communities has not been adequately researched. Due to the overwhelming deluge of data generated by users across social media platforms, this analysis cannot be done manually.”
As with any other subject, there are many and conflicting opinions on what is considered a social revolution.
Recent events have demonstrated the significance and potential of this new type of social media as a communication vector, as an instrument for social analysis, and even as an facilitator of popular dissent, such as its support role in the organisation of non violent protests during the Arab Spring. In this latter example, social media can also provide interested third parties key indicators on how a situation is really developing across potentially vast regions, such as the Middle East or North Africa.
There are many theories behind social networks, and two in particular are very fascinating:
A more balanced perspective or hypothesis would be somewhere between these two views. That is, one can view social networks as powerful communication tools capable of reaching cliché groups and/or vast audiences instantaneously and globally. It is inherently difficult to maintain tight control over each and every communication channel in social media, particularly when run outside your country. This is the real concern for some governments that fear losing centralized top-down control of a situation that (they worry) could explode at any time (against the entrenched interests of a few), and which can develop to become both unpredictable and unstoppable. Let us recall that social media has been touted by CNN and other mainstream media organisations as helping to pull down governments that did not protect the legitimate interests of all its citizens.
It is precisely this concern which has led to the following developments:
Social networks are without doubt contributing to, and pushing the boundaries of development of new technologies and the provision of new services. Consider the significance of being able to instantly share any kind of media or document, how new opportunities for e-commerce and banking providing integrated services are generating new jobs. The massive introduction of social networking has radically changed the way we spend our spare time, and, in many cases, has introduced a new professional class that is able to promote and manage new media and services through new powerful platforms.
Of course cybercrime has steadily increased with the rapid growth of social networks where we willingly, or inadvertently, share private information such as birthdays, addresses, phone or mobile numbers, and more intimate details such as interests, hobbies, favourite books/films/music, relationship status and sexual preferences. With this wealth of information we increasingly become an object of interest for a new generation of cyber-criminal.
The huge media exposure of these new social networking platforms can be a source of significant problems where literally entire populations are potentially exposed to new cyber threats which can be targeted or non targeted, intentional or unintentional, and can stem from a variety of sources, including cyber criminals, foreign nations engaged in information warfare and espionage, hackers and virus writers, employers, even disgruntled employees and contractors within an organisation.
Newer cyber threats to manipulate mass conscience for example have emerged (disinformation), such as when rumours of a possible coup flooded China’s blogosphere, some reporting tank and gunshots on Beijing’s street. It was all a lie, as reported by Mr Kaspersky, of Kaspersky Labs, who happened to be there at the time.
Countless criminal organisations have used the network for all kinds of social engineering attacks with the intent of gathering sensitive information, or to spread malware or steal financial information from users. (We will talk about various black-hat attacks conducted on social media networks against you in our next article in this series.)
In short, social networks have become an essential mainstay of our times. Keeping in mind the considerable risks of identity theft, stalking, sexual predators, privacy and employment, through to large scale cybercrime, espionage, theft, and mass manipulation, we still have much to do in terms of (user) education, (privacy enhanced) system design and security. So let’s talk about a few simple things you can do right now to improve your social media security:
Be sensible, and limit the amount of information you put up online in social media websites… After all, Facebook and Twitter are run by humans that “you don’t know personally”. Why do you personally trust that organisation? Why do you personally trust their technicians and administrators? Check yourself before you post:
“If a third party that I didn’t know got access to this information, would I care?”
Reduce your exposure and periodically go through and delete your old postings.
Read the fine-print on social media websites. You may be surprised just how much information an application is permitted to learn about your account and personal details when you install them on your page. (Ask yourself, why does Facebook have such a high market value? How is money being made on your personal data?) We recommend you remove most of your non-essential Facebook applications to reduce your exposure to unwanted information leakage.
Install a high-quality antivirus tool;
Keep your web-browser and operating systems regularly patched; and
Beware of phishing attacks. Do not click on attachments with any of the following extensions: “.scr” “.exe” “.com” “.bat” or “.sh”. Do not open attachments from unknown people! Always check the sender’s e-mail address.
Social media platforms help bring people together in real-world communities. We must find a reasoned approach to managing and running social media that protects the legitimate interests of all stakeholders, under all situations. Right now, it’s clear we are nowhere near achieving that goal. So be smart online and reduce your level of risk exposure.
David Pace is project manager of the ICT Gozo Malta Project, and a freelance IT consultant
Pierluigi Paganini, Security Specialist CISO Bit4ID Srl, is a CEH Certified Ethical Hacker,
EC Council and Founder of Security Affairs (http://securityaffairs.co/wordpress)
Prof. Fabian Martins (http://br.linkedin.com/in/fabianmartinssilva) is a banking security expert and product development manager at Scopus Tecnologia, (http://www.scopus.com.br/) owned by Bradesco Group.
Ron Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited [email protected] .
Ben Gittins is CTO of Synaptic Laboratories Limited. [email protected]
ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded in 2011 by the Malta Government, Ministry for Gozo, Eco Gozo Project, and a prize winner in the 2012 Malta Government National Enterprise Support Awards. www.ictgozomalta.eu links to free cyber awareness resources for all age groups.
To promote Maltese ICT, we encourage all ICT professionals to register on the ICT GM Skills Register to keep abreast of developments, both in cyber security and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace at [email protected]ctgozomalta.eu or phone +356 7963 0221.