threats and responses

This page highlights institutional perceptions of threats posed by social software networks.

It covers -

• introduction
• taxonomy
• responses

It is complemented by the broader discussion of cybercrime and detailed notes on challenges such as stalking.

    introduction

The 2007 European Network & Security Information Agency (ENISA) paper on Security Issues and Recommendations for Online Social Networks (PDF) identified a range of threats regarding online social spaces -

• Digital dossier aggregation: profiles on online SNSs can be downloaded and stored by third parties, creating a digital dossier of personal data.
• Secondary data collection: as well as data knowingly disclosed in a profile, SN members disclose personal information using the network itself: e.g. length of connections, other users' profiles visited and messages sent. SNSs provide a central repository accessible to a single provider. The high value of SNSs suggests that such data is being used to considerable financial gain.
• Face recognition: user-provided digital images are a very popular part of profiles on SNSs. The photograph is, in effect, a binary identifier for the user, enabling linking across profiles, e.g. a fully identified Bebo profile and a pseudo-anonymous dating profile.
• CBIR: Content-based Image Retrieval (CBIR) is an emerging technology which can match features, such as identifying aspects of a room (e.g. a painting) in very large databases, increasing the possibilities for locating users.
• Linkability from image metadata: many SNSs now allow users to tag images with metadata, such as links to SNS profiles (even if they are not the owner/controller of that profile), or even e-mail addresses. This leads to greater possibilities for unwanted linkage to personal data.
• Difficulty of complete account deletion: users wishing to delete accounts from SNSs find that it is almost impossible to remove secondary information linked to their profile such as public comments on other profiles.
• SNS spam: unsolicited messages propagated using SNSs. This is a growing phenomenon with several SNS-specific features.
• Cross site scripting (XSS), viruses and worms: SNSs are vulnerable to XSS attacks and threats due to ‘widgets’ produced by weakly verified third parties.
• SN aggregators: these 'SNS portals' integrate several SNSs which multiply vulnerabilities by giving read/write access to several SNS accounts using a single weak authentication.
• Spear phishing using SNSs and SN-specific phishing: highly targeted phishing attacks, facilitated by the self-created 'profiles' easily accessible on SNSs. SNSs are also vulnerable to social engineering techniques which exploit low entry thresholds to trust networks and to scripting attacks which allow the automated injection of phishing links.
• Infiltration of networks: some information is only available to a restricted group or network of friends, which should provide the first line of defence in protecting privacy on SNSs. However, since it is often easy to become someone's 'friend' under false pretences, this mechanism is not effective. On many SNSs it is even possible to use scripts to invite friends.
• Profile-squatting and reputation slander through ID theft: fake profiles are created in the name of well-known personalities or brands or within a particular network, such as a school class, in order to slander people or profit from their reputation.
• Stalking: cyberstalking is threatening behaviour in which a perpetrator repeatedly contacts a victim by electronic means such as e-mail, Instant Messenger and messaging on SNSs. Statistics suggest that stalking using SNSs is increasing.
• Bullying: SNSs can offer an array of tools which facilitate cyberbullying (i.e. repeated and purposeful acts of harm such as harassment, humiliation and secret sharing).
• Corporate espionage: social engineering attacks using SNSs are a growing and often underrated risk

   next page  (predators)