Category Archives: Uncategorized
Facebook ‘Friend’ or Foreign ‘Spy’
The internet and the current phenomenon of social media has changed the way we communicate, do business and even socialize, it is a paradigm shift that society has embraced at such speed and ease that rarely a moment goes by in a civilised nation where such technology has not impacted each and every person.
The way in which social media flourishes is that it requires engagement and ‘engagement’ is encouraged by ‘sharing’, and ‘sharing’ comes in various forms whether it be via Facebook’s or LinkedIn ‘Likes’ or actual ‘sharing’ buttons, to sharing the mobile App you have downloaded via a ‘share’ button.
Sharing introduces a whole new realm to how we perceive trust. Studies have shown that the majority of the figures below are a result of people ‘sharing’.
General Internet statistics 2012
- In one day on the Internet:
- Enough information is consumed to fill 168 million DVDs
- 294 billion emails are sent
- 2 million blog posts are written (enough posts to fill TIME magazine for 770 million years)
- 172 million people visit Facebook
- 40 million visit Twitter
- 22 million visit LinkedIn
- 20 million visit Google+
- 17 million visit Pinterest
- 4.7 billion minutes are spent on Facebook
- 532 million statuses are updated
- 250 million photos are uploaded
- 22 million hours of tv and movies are watched on Netflix
- 864,000 hours of video are uploaded to YouTube
- More than 35 million apps are downloaded
- More iPhones are sold than people are born
(http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/)
As we know ‘sharing’ brings trust, loyalty and generally out of this comes relationship development, whether personal or professional and in turn it is here vulnerabilities may emerge.
Recently the media has been awash with not only industrial cyber espionage reports but of a major issue facing the internet community and that is ‘country sanctioned’ cyber espionage and or attacks.
History may one day reveal that as the United States fretted over the possibility of a “cyber Pearl Harbor” – a catastrophic attack that would take down electrical grids – its economic lifeblood was being slowly drained away by a massive hacking enterprise located in the People’s Republic of China. (Magnuson, 2012)
Cyber Command Commander Army Gen. Keith Alexander last year called the cyber-espionage being conducted against U.S. companies the largest transfer of intellectual property from one nation to another in the history of the world. (Magnuson, 2012)
Eric Rosenbach, deputy assistant secretary of defense for cyber policy, said the nation is not as focused on intellectual property theft as it should be. A catastrophic cyber war is important to prepare for, but an unlikely scenario. Stealing data important to the nation’s economic security, meanwhile, is occurring here and now. (Magnuson, 2012)
We all have seen them on our travels or have had friends bring back ‘knock offs’ from trips to Asia, watches, handbags, sunglasses, fashion items even IPHONEs and computer software. All produced with such high quality similarities that it is hard at times to distinguish the ‘fake’ from the real item.
The proliferation of the internet and its related activity has allowed for ‘copying’ to occur at a rate that cannot be controlled or monitored. The aforementioned figures identify the staggering internet traffic and streaming that is taking place on any given day.
Experts describe a large, technologically advanced and well organized enterprise coming out of China that is going after businesses large and small. Any firm that has a trade secret, or could be used as a stepping stone to a larger company, is a potential target. Intellectual property theft has the potential to erode a company’s profits or even bankrupt it. There is no magical software that can stop every intrusion attempt, but even companies with few resources can take steps to mitigate the risk, experts told National Defense. (Magnuson, 2012)
To thwart the Chinese cyber-espionage enterprise, it is important to characterize it. In the world of network security, it was once called the “advanced persistent threat.” But government officials have done away with using that euphemism: it’s China, they now say. The October 201 1 “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace” report, produced by the FBI‘s office of national counterintelligence executive, acknowledged that the attacks came from China, but stopped short of blaming the Chinese government, which routinely denies involvement. (Magnuson, 2012)
Jason Lewis, chief technology officer of Looking Glass Cyber Solutions, said, “In general, when you have a situation where the state runs everything, you have to assume that the state is involved in any enterprise.”
Phishing Attacks
In country “scouts” doing the reconnaissance are increasingly using social media websites to gather personal information to use in phishing attacks, said Dave Papas, chief operating officer of Cyveillance, a subsidiary of QinetiQ North America that provides security for Fortune 500 companies. (Magnuson, 2012)
Friends, hometowns, hobbies, anything that can be placed in the email to make the target believe it is a legitimate message, can be used and every piece of information is a means to an end.
It was recently reported in the Australian Financial Review that an “…Australian chief executive was travelling in China recently when he received a curious email from his adult daughter asking if “Daddy” was having a good time. But it wasn’t his daughter who had sent the email…” (Grigg, 2013) It was a ‘phishing’ attack to penetrate the chief executives lap top and such a line in the email idicates the logistical efforts of a well resourced and technologically advanced team to not only hack into the executives daughters email but to establish his travel movements and the like. Had it not been for the executive being alert and realising that his daughter had not called him ‘daddy’ for a long time, the attempt by the perpetrators failed on this occasion.
This attack is a clear example of an attack that attempts to infiltrate a network in the form of an phishing email, a well-crafted letter that seemingly comes from a friend or business associate. This tactic has not changed in years, but is growing more sophisticated and frequent. Why? Phishing attacks work and, “it is a lot easier to control humans than the technology,” said Rick Doten, vice president of cybersecurity for DMI, a firm that does work for the U.S. government. (Magnussen, 2012)
This example clearly, supports that we must not count on it being written in anguished English like the common scam letters purportedly originating from Nigerian princesses as it is common place now that native speakers of English are helping compose the phony emails.
Once an attachment or a link to a fake website is opened, specialists in moving around a network without being detected take over and probe for other vulnerabilities. This may mean taking over an email account in order to generate more trusted, fake emails as most likely would have bene the case with the example identified in the Australian Financial Review.
It is well founded that smaller companies, particularly in the defense industrial base, may be used to go after bigger companies – big prime contractors – higher in the food chain. Once the cyberspies have located the information they want, another team takes over to exflltrate it. It is ideally ferreted away in normal traffic without being detected. (Magnussen, 2012)
Unit 61398
Unit 61398 Shanghai
Open source defence journals have reported the following:
- A US company has identified an organisation in China that it says is responsible for stealing hundreds of terabytes of data from US government organisations and companies
- According to the company, the organisation receives direct funding from the Chinese government through a PLA department called Unit 61398
China is conducting a campaign of sustained and persistent state-sponsored hacking by an organisation referred to as Advanced Persistent Threat 1 (APT1), according to a report from US cyber security company Mandiant that was released on 18 February.
The report, entitled ‘APT1: Exposing One of China’s Cyber Espionage Units’, details wide-ranging hacking activities that Mandiant has traced back to China. It focuses on a particular series of cyber security breaches and intrusions carried out against at least 141 victims from 2006, all of which Mandiant has attributed specifically to APT1. According to the report, “hundreds of terabytes” of data have been stolen in these attacks.
Mandiant concludes that APT1 is able to carry out such sustained and extensive hacking activities because it receives direct government backing. It names the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s 3rd Department, or Unit 61398, as the organisation behind this activity. This group is also informally referred to as Comment Crew or Comment Group. Mandiant states the allegations are based on its own forensic analysis of similarities in the characteristics and geographical sources of hacking activity.
Comment Crew’s activities were traced to the Pudong New Area of Shanghai, where Unit 61398 is believed to engage in computer network operations. Mandiant said Unit 61398 is staffed by “hundreds, if not thousands” of people that have undergone cyber training and are proficient English speakers. Of the victims tracked in the Mandiant report, 87% are headquartered in countries where English is the native language.
Andrew Beckett, head of cyber security consulting at Cassidian, told IHS Jane’s that “the Mandiant report provides no surprise to those involved in cyber security and this should provide a wake-up call to industry and governments. Comment Crew are one of many groups Cassidian know of that are operating in this area”.
China’s Ministry of National Defence rejected Mandiant’s findings. “The Chinese military has never supported any kinds of hacker activities, so saying that the Chinese military is involved in internet attacks is neither professional nor consistent with the facts,” it said in a statement released on 19 February.
However, I recall from one of my lectures in my Masters of National Security, from American Military University that China allegedly has in excess of 50,000 persons engaged in ‘internet espionage at any one time.
So, next time you get that ‘friend’ request or you ‘like’ or ‘fan’ a page in Facebook or in any other form of social media or email, always remember that ‘friend’ or ‘like’ could be just be a foreign spy……
References:
Grigg, A, 2013, ‘Australian Execs Among Those Hacked In China’ The Australian Financial Review, 26 January 2013.
Magnuson, S. (2012). Stopping the chinese hacking onslaught. National Defense, 97(704), 26-28. Retrieved from http://search.proquest.com/docview/1026586020?accountid=8289
Social Skinny, 2012, http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/
Social Media and Summoning Emergency Services
It has been reported recently that a student who died in a blaze which ripped through a Brazilian nightclub recently that killed in excess of 200 people posted a message on Facebook pleading for help. This would not be the first instance that someone has resorted to social media to call for help.
It is well known that it can take hours to write a good news article or blog post, 30 minutes to write a breaking news article, and even 5 minutes to write a couple lines to break the story, however, with status updates, it takes a matter of seconds, therefore social media and in particular Twitter can break a story in a matter of seconds. Ever wondered why the media follow you as soon as you follow them on Twitter? Generally you will find that in a small backroom within media HQ, a social media manager will be monitoring everyone’s tweets to try and capture that elusive scoop.
We can all remember when within minutes of US Airways flight 1549 ditching in New York’s Hudson river, cyberspace was buzzing with the news. Within seconds, Emails, Twitter messages, mobile phone photos and hazy videos about the crash flitted across cyberspace.
Flight 1549 on The Hudson
We really have entered a paradigm shift as identified by Rene Ritchie in his 2009 blog post, where he asked the question, “Have we entered a paradigm shift?” Ritchie stated, “…it happened with telegraph, with radio, with television, with satellite… is it happening again with the iPhone and Twitter?” (Ritchie 2009)
Several years since Ritchie’s observation I would say we have entered a paradigm shift and now we must ask, are we now in a mindset where we update statuses via Twitter, Facebook and other social media platforms before we make a conscious decision to call emergency services via 000 (Australia) 911 (USA) or 999 (UK)?
Exit Building Before Tweeting
Disasters Social Media and False Alarms/Information
Social media in particular Twitter and Facebook have been heralded as excellent communication mediums to pass on critical information to the masses during natural disasters and critical incidents. However, recent events such as Hurricane Sandy, the Sandy Hook massacre and Australia‘s bush-fires and floods have seen social media being used by persons both innocently and maliciously to spread misinformation about the events.
The results of unverified information can lead to:
- Mass panic or hysteria
- Unnecessary evacuations that clog up roads
- Overuse of telecommunications services
- Looting and
- Anti social behavior.
Overall the three main groups of people who communicate misinformation are either:
- Innocent parties who have good intentions and believe they are passing relevant information to their followers for their well being
- Persons with malicious intent
- Persons who believe in their mind it is just harmless fun
A hoax tweet that was sent during recent Queensland Floods
One notable instance that could have led to all of the above points with regards to unverified ‘Tweets’ was the recent ‘Tweet’ and ‘Re-tweet‘ of a large water ‘spout’ off the coast of Australia that was re-tweeted during the current storm and floods crisis in Queensland, Australia.
Undoubtedly the ‘Re-Tweet’ that was from a well known sports person with in excess of 50,000 followers was sent with the best intentions at heart and it was even inadvertently ‘Re-Tweeted’ by a local newspaper.
Within minutes of the Australian sporting star Re-Tweeting this image some of the persons ‘followers’ advised that is was from a previous storm and is not related to the current threat. As a result the sporting person apologized and posted a retraction.
This incident clearly shows how persons and even the media itself can set off a chain of events that can impede emergency services in the region.
Additionally the anxiety it causes innocent third parties also compounds the stress levels that may be being experienced if they were from the area and may result in them feeling bad for passing on such information.
Worst case scenario would be persons evacuating or first responders taking action to assist local residents and having an accident as a result of the social media posting.
Overall such Tweets that started out as a ‘joke’ or even as a malicious act have a far reaching ‘domino’ effect that remain in ‘cyber space’ permanently.
History Of Calling For Help
Having grown up in inner city Melbourne, Australia I can still recall the old red ‘Firebox’ across from my house in the late 1960′s early 1970′s. These ‘Red Fire’ boxes were connected directly to the local fire station and hardly a week would go by without a local rascal breaking the glass and pushing the ‘Fire’ button before running off.
Time and time again the fire trucks would respond only to find no one there to report a fire.
A common sight on the streets of Melbourne in the 1960′s and early 1970′s.
Home Telephone
Over time, first responders relied on the home telephone as a means in which they would be alerted to calls for assistance and this allowed for habitual ‘prank’ callers to be identified and dealt with by the law where necessary.
The home telephone or ‘land line’ as it is often referred to also allowed emergency services to utilize caller id to verify the location of the caller and this reduced false alarms to a limited degree.
Analogue Cell/Mobile Phones
Then in the late 1980′s early 1990′s analogue mobile/cell phones were starting to become popular and were being used to call emergency services and like the home telephone were on occasions being used to make ‘prank’ calls with false alarms being called in at an alarming rate.
Emergency services responded over the years with limited education programs and the odd prosecution of offenders and this had a limited effect on false alarm call rates.
Cellular Network In The Digital Age
However, with the advent of digital cellular phones, pre paid sim cards, illegal sim cards and international sim cards, calls to first responders are being made with limited detection or prosecution of habitual offenders.
Additionally the digital network is also compounding the effect of not only contributing to caller anonymity, it also contributes to persons with fictitious social media accounts communicating anomalously
Social Media and Disaster/Emergency Communication
It has recently been reported in the media both in Australia and the United States that social media channels like Twitter and Facebook have resulted in alarming levels of false reports being made by persons with regards to natural disasters, critical incidents, fake celebrity deaths/arrests and even the collapse of publicly listed companies.
Not only has digital communication anonymity contributed to such communication becoming common place so too has the ease in which persons can create fake accounts either from within their home country or via a third party overseas in countries like India and south-east Asia. For security purposes I will not reveal how accounts can be created offshore, apart from stating that it is now quite common for such accounts to be set up with total anonymity and combine this with anonymous ISP addresses and emails that cannot be traced or self destruct within seconds of being opened and you have a communication medium that allows for a proliferation of false Tweets and postings.
Recommendations:
The only way to reduce such activity is to throw the full weight of the the law behind telecommunications legislation and enact special legislation that relates to malicious false reports that can lead to emergency services responding or causing undue stress or anxiety on persons who read such postings.
Additionally as posted in earlier Cyber Guardians Online blogs time has come for a 100 point identification system for all social media accounts similar to financial institutions under Anti Money Laundering-Counter Terrorism Legislation requiring customers to verify their identity.
Only then, can we educate and inform social media users of the power of social media when used appropriately to inform of imminent dangers and conditions and how malicious activity will be investigated by authorities and appropriate penalties handed out.
The Power of Twitter & Sharing Information
Bradley W. Deacon
