Category Archives: Facebook
Facebook ‘Friend’ or Foreign ‘Spy’
The internet and the current phenomenon of social media has changed the way we communicate, do business and even socialize, it is a paradigm shift that society has embraced at such speed and ease that rarely a moment goes by in a civilised nation where such technology has not impacted each and every person.
The way in which social media flourishes is that it requires engagement and ‘engagement’ is encouraged by ‘sharing’, and ‘sharing’ comes in various forms whether it be via Facebook’s or LinkedIn ‘Likes’ or actual ‘sharing’ buttons, to sharing the mobile App you have downloaded via a ‘share’ button.
Sharing introduces a whole new realm to how we perceive trust. Studies have shown that the majority of the figures below are a result of people ‘sharing’.
General Internet statistics 2012
- In one day on the Internet:
- Enough information is consumed to fill 168 million DVDs
- 294 billion emails are sent
- 2 million blog posts are written (enough posts to fill TIME magazine for 770 million years)
- 172 million people visit Facebook
- 40 million visit Twitter
- 22 million visit LinkedIn
- 20 million visit Google+
- 17 million visit Pinterest
- 4.7 billion minutes are spent on Facebook
- 532 million statuses are updated
- 250 million photos are uploaded
- 22 million hours of tv and movies are watched on Netflix
- 864,000 hours of video are uploaded to YouTube
- More than 35 million apps are downloaded
- More iPhones are sold than people are born
(http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/)
As we know ‘sharing’ brings trust, loyalty and generally out of this comes relationship development, whether personal or professional and in turn it is here vulnerabilities may emerge.
Recently the media has been awash with not only industrial cyber espionage reports but of a major issue facing the internet community and that is ‘country sanctioned’ cyber espionage and or attacks.
History may one day reveal that as the United States fretted over the possibility of a “cyber Pearl Harbor” – a catastrophic attack that would take down electrical grids – its economic lifeblood was being slowly drained away by a massive hacking enterprise located in the People’s Republic of China. (Magnuson, 2012)
Cyber Command Commander Army Gen. Keith Alexander last year called the cyber-espionage being conducted against U.S. companies the largest transfer of intellectual property from one nation to another in the history of the world. (Magnuson, 2012)
Eric Rosenbach, deputy assistant secretary of defense for cyber policy, said the nation is not as focused on intellectual property theft as it should be. A catastrophic cyber war is important to prepare for, but an unlikely scenario. Stealing data important to the nation’s economic security, meanwhile, is occurring here and now. (Magnuson, 2012)
We all have seen them on our travels or have had friends bring back ‘knock offs’ from trips to Asia, watches, handbags, sunglasses, fashion items even IPHONEs and computer software. All produced with such high quality similarities that it is hard at times to distinguish the ‘fake’ from the real item.
The proliferation of the internet and its related activity has allowed for ‘copying’ to occur at a rate that cannot be controlled or monitored. The aforementioned figures identify the staggering internet traffic and streaming that is taking place on any given day.
Experts describe a large, technologically advanced and well organized enterprise coming out of China that is going after businesses large and small. Any firm that has a trade secret, or could be used as a stepping stone to a larger company, is a potential target. Intellectual property theft has the potential to erode a company’s profits or even bankrupt it. There is no magical software that can stop every intrusion attempt, but even companies with few resources can take steps to mitigate the risk, experts told National Defense. (Magnuson, 2012)
To thwart the Chinese cyber-espionage enterprise, it is important to characterize it. In the world of network security, it was once called the “advanced persistent threat.” But government officials have done away with using that euphemism: it’s China, they now say. The October 201 1 “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace” report, produced by the FBI‘s office of national counterintelligence executive, acknowledged that the attacks came from China, but stopped short of blaming the Chinese government, which routinely denies involvement. (Magnuson, 2012)
Jason Lewis, chief technology officer of Looking Glass Cyber Solutions, said, “In general, when you have a situation where the state runs everything, you have to assume that the state is involved in any enterprise.”
Phishing Attacks
In country “scouts” doing the reconnaissance are increasingly using social media websites to gather personal information to use in phishing attacks, said Dave Papas, chief operating officer of Cyveillance, a subsidiary of QinetiQ North America that provides security for Fortune 500 companies. (Magnuson, 2012)
Friends, hometowns, hobbies, anything that can be placed in the email to make the target believe it is a legitimate message, can be used and every piece of information is a means to an end.
It was recently reported in the Australian Financial Review that an “…Australian chief executive was travelling in China recently when he received a curious email from his adult daughter asking if “Daddy” was having a good time. But it wasn’t his daughter who had sent the email…” (Grigg, 2013) It was a ‘phishing’ attack to penetrate the chief executives lap top and such a line in the email idicates the logistical efforts of a well resourced and technologically advanced team to not only hack into the executives daughters email but to establish his travel movements and the like. Had it not been for the executive being alert and realising that his daughter had not called him ‘daddy’ for a long time, the attempt by the perpetrators failed on this occasion.
This attack is a clear example of an attack that attempts to infiltrate a network in the form of an phishing email, a well-crafted letter that seemingly comes from a friend or business associate. This tactic has not changed in years, but is growing more sophisticated and frequent. Why? Phishing attacks work and, “it is a lot easier to control humans than the technology,” said Rick Doten, vice president of cybersecurity for DMI, a firm that does work for the U.S. government. (Magnussen, 2012)
This example clearly, supports that we must not count on it being written in anguished English like the common scam letters purportedly originating from Nigerian princesses as it is common place now that native speakers of English are helping compose the phony emails.
Once an attachment or a link to a fake website is opened, specialists in moving around a network without being detected take over and probe for other vulnerabilities. This may mean taking over an email account in order to generate more trusted, fake emails as most likely would have bene the case with the example identified in the Australian Financial Review.
It is well founded that smaller companies, particularly in the defense industrial base, may be used to go after bigger companies – big prime contractors – higher in the food chain. Once the cyberspies have located the information they want, another team takes over to exflltrate it. It is ideally ferreted away in normal traffic without being detected. (Magnussen, 2012)
Unit 61398
Unit 61398 Shanghai
Open source defence journals have reported the following:
- A US company has identified an organisation in China that it says is responsible for stealing hundreds of terabytes of data from US government organisations and companies
- According to the company, the organisation receives direct funding from the Chinese government through a PLA department called Unit 61398
China is conducting a campaign of sustained and persistent state-sponsored hacking by an organisation referred to as Advanced Persistent Threat 1 (APT1), according to a report from US cyber security company Mandiant that was released on 18 February.
The report, entitled ‘APT1: Exposing One of China’s Cyber Espionage Units’, details wide-ranging hacking activities that Mandiant has traced back to China. It focuses on a particular series of cyber security breaches and intrusions carried out against at least 141 victims from 2006, all of which Mandiant has attributed specifically to APT1. According to the report, “hundreds of terabytes” of data have been stolen in these attacks.
Mandiant concludes that APT1 is able to carry out such sustained and extensive hacking activities because it receives direct government backing. It names the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s 3rd Department, or Unit 61398, as the organisation behind this activity. This group is also informally referred to as Comment Crew or Comment Group. Mandiant states the allegations are based on its own forensic analysis of similarities in the characteristics and geographical sources of hacking activity.
Comment Crew’s activities were traced to the Pudong New Area of Shanghai, where Unit 61398 is believed to engage in computer network operations. Mandiant said Unit 61398 is staffed by “hundreds, if not thousands” of people that have undergone cyber training and are proficient English speakers. Of the victims tracked in the Mandiant report, 87% are headquartered in countries where English is the native language.
Andrew Beckett, head of cyber security consulting at Cassidian, told IHS Jane’s that “the Mandiant report provides no surprise to those involved in cyber security and this should provide a wake-up call to industry and governments. Comment Crew are one of many groups Cassidian know of that are operating in this area”.
China’s Ministry of National Defence rejected Mandiant’s findings. “The Chinese military has never supported any kinds of hacker activities, so saying that the Chinese military is involved in internet attacks is neither professional nor consistent with the facts,” it said in a statement released on 19 February.
However, I recall from one of my lectures in my Masters of National Security, from American Military University that China allegedly has in excess of 50,000 persons engaged in ‘internet espionage at any one time.
So, next time you get that ‘friend’ request or you ‘like’ or ‘fan’ a page in Facebook or in any other form of social media or email, always remember that ‘friend’ or ‘like’ could be just be a foreign spy……
References:
Grigg, A, 2013, ‘Australian Execs Among Those Hacked In China’ The Australian Financial Review, 26 January 2013.
Magnuson, S. (2012). Stopping the chinese hacking onslaught. National Defense, 97(704), 26-28. Retrieved from http://search.proquest.com/docview/1026586020?accountid=8289
Social Skinny, 2012, http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/
Disasters Social Media and False Alarms/Information
Social media in particular Twitter and Facebook have been heralded as excellent communication mediums to pass on critical information to the masses during natural disasters and critical incidents. However, recent events such as Hurricane Sandy, the Sandy Hook massacre and Australia‘s bush-fires and floods have seen social media being used by persons both innocently and maliciously to spread misinformation about the events.
The results of unverified information can lead to:
- Mass panic or hysteria
- Unnecessary evacuations that clog up roads
- Overuse of telecommunications services
- Looting and
- Anti social behavior.
Overall the three main groups of people who communicate misinformation are either:
- Innocent parties who have good intentions and believe they are passing relevant information to their followers for their well being
- Persons with malicious intent
- Persons who believe in their mind it is just harmless fun
A hoax tweet that was sent during recent Queensland Floods
One notable instance that could have led to all of the above points with regards to unverified ‘Tweets’ was the recent ‘Tweet’ and ‘Re-tweet‘ of a large water ‘spout’ off the coast of Australia that was re-tweeted during the current storm and floods crisis in Queensland, Australia.
Undoubtedly the ‘Re-Tweet’ that was from a well known sports person with in excess of 50,000 followers was sent with the best intentions at heart and it was even inadvertently ‘Re-Tweeted’ by a local newspaper.
Within minutes of the Australian sporting star Re-Tweeting this image some of the persons ‘followers’ advised that is was from a previous storm and is not related to the current threat. As a result the sporting person apologized and posted a retraction.
This incident clearly shows how persons and even the media itself can set off a chain of events that can impede emergency services in the region.
Additionally the anxiety it causes innocent third parties also compounds the stress levels that may be being experienced if they were from the area and may result in them feeling bad for passing on such information.
Worst case scenario would be persons evacuating or first responders taking action to assist local residents and having an accident as a result of the social media posting.
Overall such Tweets that started out as a ‘joke’ or even as a malicious act have a far reaching ‘domino’ effect that remain in ‘cyber space’ permanently.
History Of Calling For Help
Having grown up in inner city Melbourne, Australia I can still recall the old red ‘Firebox’ across from my house in the late 1960′s early 1970′s. These ‘Red Fire’ boxes were connected directly to the local fire station and hardly a week would go by without a local rascal breaking the glass and pushing the ‘Fire’ button before running off.
Time and time again the fire trucks would respond only to find no one there to report a fire.
A common sight on the streets of Melbourne in the 1960′s and early 1970′s.
Home Telephone
Over time, first responders relied on the home telephone as a means in which they would be alerted to calls for assistance and this allowed for habitual ‘prank’ callers to be identified and dealt with by the law where necessary.
The home telephone or ‘land line’ as it is often referred to also allowed emergency services to utilize caller id to verify the location of the caller and this reduced false alarms to a limited degree.
Analogue Cell/Mobile Phones
Then in the late 1980′s early 1990′s analogue mobile/cell phones were starting to become popular and were being used to call emergency services and like the home telephone were on occasions being used to make ‘prank’ calls with false alarms being called in at an alarming rate.
Emergency services responded over the years with limited education programs and the odd prosecution of offenders and this had a limited effect on false alarm call rates.
Cellular Network In The Digital Age
However, with the advent of digital cellular phones, pre paid sim cards, illegal sim cards and international sim cards, calls to first responders are being made with limited detection or prosecution of habitual offenders.
Additionally the digital network is also compounding the effect of not only contributing to caller anonymity, it also contributes to persons with fictitious social media accounts communicating anomalously
Social Media and Disaster/Emergency Communication
It has recently been reported in the media both in Australia and the United States that social media channels like Twitter and Facebook have resulted in alarming levels of false reports being made by persons with regards to natural disasters, critical incidents, fake celebrity deaths/arrests and even the collapse of publicly listed companies.
Not only has digital communication anonymity contributed to such communication becoming common place so too has the ease in which persons can create fake accounts either from within their home country or via a third party overseas in countries like India and south-east Asia. For security purposes I will not reveal how accounts can be created offshore, apart from stating that it is now quite common for such accounts to be set up with total anonymity and combine this with anonymous ISP addresses and emails that cannot be traced or self destruct within seconds of being opened and you have a communication medium that allows for a proliferation of false Tweets and postings.
Recommendations:
The only way to reduce such activity is to throw the full weight of the the law behind telecommunications legislation and enact special legislation that relates to malicious false reports that can lead to emergency services responding or causing undue stress or anxiety on persons who read such postings.
Additionally as posted in earlier Cyber Guardians Online blogs time has come for a 100 point identification system for all social media accounts similar to financial institutions under Anti Money Laundering-Counter Terrorism Legislation requiring customers to verify their identity.
Only then, can we educate and inform social media users of the power of social media when used appropriately to inform of imminent dangers and conditions and how malicious activity will be investigated by authorities and appropriate penalties handed out.
The Power of Twitter & Sharing Information
Location Stalking & Social Media
Stalking is clearly defined under criminal codes around the world and a good example of the definition of ‘stalking‘ can be found at Section 21(A) of the Crimes Act 1958 (Vic) as outlined in this link.
http://www.austlii.edu.au/au/legis/vic/consol_act/ca195882/s21a.html
Upon review of the legislation relating to stalking it appears to be a broad piece of legislation that has moved with the times to ensure it also covers a course conduct that involves the use of the internet. It is quite clear that under Section 21(A)(2)(ii) that a person who “arouses apprehension or fear in the victim for his or her own safety or that of any other person-with the intention of causing physical or mental harm to the victim to the victim. including self harm, or of arousing apprehension or fear in the victim for his or her own safety or that of any other person” can be deemed to be stalking.
As a practising Attorney I have recently been involved in several matters where Magistrates have referred to ‘stalking’ and it is one of the conditions set in domestic violence or personal safety intervention orders, however law enforcement bodies have limited resources to investigate stalking offences in general.
Whilst the law is quite clear with regards to ‘stalking’ the reality is enforcing such legislation is quite onerous on law enforcement and it appears that only in extreme cases will such matters proceed to court.
It is here that I would like to focus on ‘location stalking’ which whilst it applies to the general public at large it is extremely prevalent amongst celebrities, sporting stars and various other public figures and with social media use being adopted by society the opportunities for persons that engage in such activity will also increase.
The majority of social media users are aware that under various privacy settings in Facebook, Twitter, Instagram and the like that individual location geocodes(1) can be turned off therefore the exact location is not highlighted on a map for all to see. However, where people want to share a momentous occasion or just share a picture for their ‘friends, family, followers, subscribers and fans to see that one picture may in fact identify their exact location.
As a business decision to understand my law practice area and for other parts of my business where my market is heavily involved in social media I am an avid user of social media and use Facebook, Twitter and Instagram where I ‘follow’ or ‘fan’ a variety of persons, celebrities, sporting stars and businesses. Most I must say as mentioned previously are conscious of having privacy settings set so that their exact location is not revealed, however simple photographs can give away locations to persons who may be set on ‘stalking’ that individual.
I can appreciate how sporting stars and celebrities are using social media as a way to get their personal ‘brand’ out there and it is imperative that they use social media in a manner that encourages growth of their ‘fan’ base it must however, be front of mind that some photographs that they want to share may best be ‘posted’ 24 hours or so after the event so not to give away their current location.
Constantly I see persons who are very protective of their privacy for security purposes post photographs of locations that to most people in the area would know the location and as an example I have posted my favorite picture of my preferred hotel for when I am in Sydney, the Intercontinental. It is here, this morning I awoke to see a sporting star that I ‘follow’ on Instagram post a picture that was taken at this particular hotel. For the sporting stars ‘privacy’ I have not posted her ‘picture’ but have posted a picture that reveals how a ‘picture’ can pass on your exact location.
Not only can iconic locations give your position away, general landmarks, backdrops of freeway/interstate highways, buildings etc can also assist persons who are set in their ways on ‘stalking’ or just finding out your location, whether it be your workplace, home or favourite restaurant or bar.
We cannot live our lives in ‘bubble-wrap’, we can however be mindful that whilst sharing pictures on social media is part of everyday life for a lot of people, personal safety is an area that needs to be considered before every ‘posting’.
(1) For geographical data to be stored on a map it requires a geocode that contains the address in detail.
2013 New Years Resolution Friends Fans Likes Followers & The Dangers
With 2013 just hours away, now is the perfect time to sit down with your children and have a family round table and review their social media activity and open communication channels to make sure that all their activity is safe and most importantly enjoyable for them.
Awareness is the key to online safety and by being aware of all the possible dangers out there in ‘cyber space’ places you in a good place to sit down and openly discuss the dangers that may lurk in the world of ‘cyber space’. These dangers are more than just physical threats, they can even be psychological threats and threats from unscrupulous spammers who flood our networks with pornographic links and the like that place material that if sold at our newsstands to minors would be deemed illegal.
Having a thirteen year old daughter who is an active social media ‘early adopter’ I am all too aware of how easy it is now for children to be exposed to these dangers and illicit images and as a parent it is paramount that open communication is maintained to make sure her safety online.
A great way to start 2013 with regards to ‘Online Safety‘ is to make a New Year Resolution with your children around social media and its use in the household.
Australia‘s leading and largest telecommunications provider Telstra have an excellent ‘Teenagers & Young Adults’ internet safety page located at http://www.telstra.com.au/abouttelstra/advice/internet/teenagers-young-adults/ that reinforces what most of us have already shared with our children but it is always good to refer back to regularly to make sure that no one in the family has become complacent. The following is a summary of Telstra’s Internet Safety advice:
- Be careful about talking to people you meet online. Not everyone is who they say they are.
- Don’t post, send or share anything you wouldn’t want your parents, teachers, future employers or someone who may be making unwanted advances towards you to see.
- Remember what you post online stays online for a long time – so think before you click!
- Keep your private information private – do not give out personal details online like your birthday or address, even on social networking sites like Facebook.
- Your username and password should belong to you, and only you.
- Remember to change your passwords regularly. Passwords should be completely random and unique, but still memorable. Try using numbers and letters.
- Don’t leave a computer whilst your account is still logged in – anyone could start using it.
- If you wouldn’t say something to someone offline then don’t say it online.
- Monitor your online and mobile usage. Not all content you view online is free to browse. If you’re with BigPond, look out for green dot content as it doesn’t count towards your download limit. Look at your usage meter regularly or think about getting a pre-paid account.
- If you feel like you are being bullied talk to someone you trust – don’t deal with it on your own. Your parents, teacher or even the Kids Helpline can help you. You can call Kids Helpline on 1800 551 800 – it’s Australia’s only free, private and confidential, telephone and online counselling service specifically for people aged between five and 25.
Friends Fans Likes Followers & The Dangers
Across all social media networks a common perception is the more ‘friends, fans, likes and followers’ one has the more popular they are individually or if the social media page is for a business they appear to have an extended reach in society. However, it is here that the dangers can hide beneath the façade of ‘friend, fan or follower’.
How many of you would meet a person in reality and instantly call them a friend? Yet online people tend to ‘friend’ at a drop of a hat with little or no due diligence performed with regards to checking out who they are actually ‘friending’. Yet time and time again cyber safety warnings constantly remind us all to on friend those we really know.
This area would have to be one of the toughest to reinforce with your children and it is here that your New Years resolution with your children should consider consisting of a regular informal chat over dinner, breakfast or any other time where you actually sit down with your children and discuss what is happening in the world of Facebook and the like. Incorporate social media activity where they openly discuss with you their ‘new friends’ and I would suggest having an informal policy with them that they quarantine all new ‘friend’ requests until you all sit down for your regular family discussion and really identify how well they really know this person or persons.
How you approach this area is most important and I honestly believe if you sit down and talk generically about ‘new friend’ requests regularly without making them feel like they have to tell you all the details of how the request may have come about it is a good way for them to feel like they can open up and discuss the key events surrounding the new friend. At this point you can reinforce how it is ok not to ‘friend’ everyone initially and to just wait until they feel really comfortable with ‘friending them if it is an appropriate person in their network.
Twitter is an excellent business marketing tool and its use with teenagers is increasing and so are the dangers of ‘followers’ either gaining access to your childs personal ‘tweets’ or ‘spamming’ them with links to illicit sites that promote pornographic images and the like.
Once again open communication is the key where you highlight to your children that the amount of ‘friends, followers or fans’ is not a social indicator as to how popular they are. All Twitter accounts for children should be set as ‘private’ and all follow requests should be vetted carefully. Advise your children that the latest trend in social media and Twitter is the ‘Social Imposter’ who impersonate celebrities and the like and if they want to allow a ‘celebrity to ‘follow’ them it is best to look for the Twitter ‘verification’ tick next to their name. Again, it may pay to let them know it is most likely the marketing machine behind the celebrity that is ‘following’ them and not the real teenage heart-throb.
Instagram is virtually ‘Twitter’ with pictures and all your children’s accounts should be set to ‘Private’ and similar ‘follower’ vetting that is applied to Twitter should apply to Instagram following requests. Spam posts are on the increase in Instagram and whilst they are trying to implement safeguards to protect the user experience, your children’s accounts are still vulnerable to unscrupulous persons trying to have your children view their sites.
Final Checklist
Encourage your child to share all friend, fan and follower requests with you and if not all at least the ones they feel are a little dubious. Sit down with them regularly and reinforce the importance of online privacy and security and how you really appreciate that they are sharing with you their online activity and that you trust them and value the way in which you all can sit down and discuss the online environment.
Social media is here to stay with constant instantaneous connectivity consuming our teenagers at some would say are alarming levels. As parents we all need to keep abreast of the current trends to ensure we are all aware of any dangers that may lurk behind each social media platform.
Cyber Guardians Online constantly monitors the trends in social media and any threats will be shared with our ‘followers’. Feel free to share this blog post with friends or family if you feel it was helpful and should you subscribe to our blog you will be updated with current trends and threats across all social media platforms.
How Many Are Really Friends?
Bradley W. Deacon
