How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam...
Transcript of How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam...
![Page 1: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/1.jpg)
How to Build Your #SocialMedia
#Defense #Armour?
Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP
![Page 2: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/2.jpg)
Outline
Social Media Today Social Network Types Common Attacks/Threats Vulnerabilities Counter Measures Conclusion
![Page 3: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/3.jpg)
- Social Media #1 activity on the Internet - 72% of Internet users are now active on social media. - 22% of world population have a social online identity presence [1]
Social Media Today
1.11 Billion +users
200 Million +users
225 Million +users
![Page 4: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/4.jpg)
Social Media Security
- A recent study by Gartner group found that 60% social media users haven’t changed their default security settings [1]. - 40% of social media users disclosed information about their home address, hometown, birth date and high school can be used in identity theft crimes [1].
![Page 5: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/5.jpg)
Social Network Types
Personal Networks: Friendships, Age, Interests, Educational background, Employment, Private Photos, Private Videos.
Location Networks: In Real Time
Content Sharing Networks: Public Music, Public Photos, Public Videos
![Page 6: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/6.jpg)
Social Network Types
Shared Interest Networks: Similar hobbies, educational backgrounds, political affiliations, ethnic backgrounds, religious views
Status Update Networks: Feelings, Emotions, News, Rumors, Information
![Page 7: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/7.jpg)
![Page 8: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/8.jpg)
Malware Distribution • Lead to financial fraud • Abuse of users systems • Data leakage
Common Social Media Attacks/Threats
• Best Known example: Koobface [2] Originally spread by Facebook “friends” messages To watch “funny video”, you need to install Adobe update. Compromise computers to build P2P botnets Hijack search queries to display advertisements Install additional pay-per-install malware Sells Scareware(fake anti-virus) Over $2 million in revenue (June 2009 to June 2010) Shut down by Facebook in Jan. 2012
![Page 9: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/9.jpg)
Cyber Bullying or Harassment • 13-year girl killed herself in 2008 after chatting on
MySpace [3] • 16-year-old boy made degrading remarks • The “boy” was fake account setup by a mother of the
girl’s ex-friend. • Most U.S. states have since criminalized cyber
harassment, stalking, etc.
Common Social Media Attacks/Threats
![Page 10: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/10.jpg)
Common Social Media Attacks/Threats
Spear Phishing attack - Selected few targets /single target. - Identity theft - Gather intelligence and intellectual property. - Custom hacking tools - Zero-day exploits - Synchronized - 91% of cyber attacks [4]
![Page 11: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/11.jpg)
1. Created young female Facebook & LinkedIn profile named Emily Williams
2. Posted as a new hire at the targeted organization 3. Became “Friends” with young male employees
4. Observed discussions and gathered stories
5. Started asking innocent questions about more sensitive info
6. Sent malicious holiday e-cards
Common Social Media Attacks/Threats
- Presented at RSA Europe Security Conference in Amsterdam in 2013 [5] - Penetrated a US government agency in 2012
- First 15 hours: - 60 Facebook connections - 55 LinkedIn connections.
- After 24 hours: - 3 job interview offers
- Received a work laptop - Received network access - Obtained passwords - Installed applications - Stole sensitive documents
Employee1
Employee2
Organization ABC
Employee3
![Page 12: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/12.jpg)
Location Tracking:
• Apps transmit Smartphones location. • Geo-tagging Photos.
How?
Cell tower identification ~100 meters Global Positioning System (GPS) ~20 meters WIFI triangulation ~200 meters IP Address approximation ~metro area
Social Media Vulnerabilities
![Page 13: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/13.jpg)
Mental Health:
- Stalkers
Social Media Vulnerabilities
- Stress!
- post/share things to improve your image - Relationship drama - Always Plugged-in Addiction (Study by Anxiety UK) [6]
![Page 14: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/14.jpg)
Social Media Vulnerabilities
- The more YOU share the more YOU are vulnerable
![Page 15: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/15.jpg)
Social Media Vulnerabilities
Communication Patterns Thinking Health Beliefs Group Behaviour Personality
• Voting Trends • Buying Trends • Interests & Health Concerns
![Page 16: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/16.jpg)
- A study done in 2010 by Ben-Gurion University, researchers stated that new intelligent stealth type of attacks called Stealing Reality [7]. - Feeds on social communication patterns to predict future natural patterns to achieve its targeted goal slowly and without detections.
- Based on user’s behaviour life patterns which rely on user existing trusted network and daily behaviours.
Social Media Vulnerabilities
![Page 17: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/17.jpg)
Security Starts From Within
Home
Work
City
Nation
![Page 18: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/18.jpg)
Improved Authentication - More than 2 millions social media passwords have been leaked online according to report by Trustwave in 2013 [8]
Social Media Counter Measures
Don’t stay logged on Avoid using personal information Different passwords for each account One base password and unique pattern Write and lock them down The longer the better (more than 7 characters) Change every few months Two factor authentication
![Page 19: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/19.jpg)
Social Media Counter Measures
Account Border Control Don’t accept connections that you don’t know A friend of a friend is NOT a friend Categorize your connections Limit your circle of trust Keep your friends list private Block scanning your email address book
![Page 20: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/20.jpg)
Develop Your Social Data Leakage Prevention Technique
Social Media Counter Measures
Exercise discretion about: Photos/Videos shared Opinions on controversial issues Anything involving coworkers,
employers, teachers
Review your posts before submitting Review and delete old posts Don’t post when you are happy or angry
Be careful clicking away (Too Good to be True)
![Page 21: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/21.jpg)
(Chrome/Firefox)
Force SSL Anyway Possible Use https in URL Use tool
Social Media Counter Measures
Disable Location Tracking Disable through browsers [9] Disable through operating system [9] Disable GPS/WIFI Disable feature on Apps
Remove Apps/Extension Only install ones you cant live without Trusted sources
![Page 22: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/22.jpg)
(Firefox/Chrome)
Limit Appearance in Search and Advertisements - Over 1300 tracking companies run 2800 scripts to deliver advertisements using users online activity [10] Opt out of Ads Enhanced Security Settings. block banners, pop up and rollover ads. By using
Social Media Counter Measures
![Page 23: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/23.jpg)
1) First Party Cookies by legitimate websites 2) Third Party Cookies sold and sent to online
marketers. 3) Flash Cookies: uses Adobe Flash
Delete cookies manually in all used web browsers [11].
Clears cookies automatically
Scans for trackers
Blocks tracking Blocks third party tracking
Deletes flash cookies Firefox extension
Block and Clear your Cookies
Social Media Counter Measures
![Page 24: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/24.jpg)
Use Google Alerts for your name search Install ESET social media scanner: scans your wall, newsfeed and private messages. scans your friends ensure you have active antivirus on all devices malicious URL detection anti-phishing
Social Media Counter Measures
Monitor your Social Online Presence
![Page 25: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/25.jpg)
Social Media Counter Measures
Secure your Family Social Online Presence
Review their security settings Tools to help monitor social media activity in a home network [12]
Stay Updated! http://www.welivesecurity.com/ http://www.facecrooks.com/
![Page 26: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/26.jpg)
Conclusion
Future is NOT Friendly. Be Careful! Your Social Media Junk, might be Someone’s else Treasure Strength Security from within
![Page 27: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/27.jpg)
[1] http://www.jeffbullas.com/2014/01/17/20-social-media-facts-and-statistics-you
-should-know-in-2014/
[2] J. Drömer and D. Kollberg, “The Koobface malware gang – exposed!”, 2012,
http://nakedsecurity.sophos.com/koobface/
[3] Wikipedia,https://en.wikipedia.org/wiki/Suicide_of_Megan_Meier
[4] http://www.firmex.com/blog/spear-phishing-whos-getting-caught/
[5] http://www.itworld.com/security/380874/fake-social-media-id-duped-security
-aware-it-guys
[6] http://www.huffingtonpost.com/2012/07/10/social-media-anxiety_
n_1662224.html
[7] Yaniv Altshuler, Nadav Aharony, Yuval Elovici, Alex Pentland,
Manuel Cebrian. Stealing Reality. arXiv, 2010
[8] http://blog.spiderlabs.com/2013/12/look-what-i-found-moar-pony.html?
utm_source=dlvr.it&utm_medium=twitter
[9] http://www.reputation.com/reputationwatch/how-disable-internet-tracking
-location
Reference (1)
![Page 28: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/28.jpg)
[10] http://www.itworld.com/it-management/349218/web-trackers-are-completely
-out-control
[11] http://www.pcworld.com/article/242939/how_to_delete_cookies.html
[12] http://facebook-parental-controls-review.toptenreviews.com/
[13] Private traits and attributes are predictable from digital records of human
behavior by M. Kosinski, D. Stillwell, T. Graepel, Proceedings of the National
Academy of Sciences (PNAS), 2013.
[14] http://psychcentral.com/news/2014/02/14/using-social-media-as-new
-tool-to-explain-human-behavior/65880.html
Reference (2)
![Page 29: How to Build Your #SocialMedia #Defense #Armour?€¦ · Your #SocialMedia #Defense #Armour? Issam Al-Dalati - Senior IT Security Engineer, M.A.Sc., CISSP . Outline Social Media Today](https://reader033.fdocuments.us/reader033/viewer/2022042923/5f7111a7982036294a3e5eb3/html5/thumbnails/29.jpg)
Questions?