surveying the landscape of threats facing users in the social web
DESCRIPTION
Surveying The Landscape of Threats Facing Users In The Social Web. Steve Webb, Ph.D. Emory Guest Lecture April 16, 2009. Introduction. The World Wide Web is evolving into a “social Web” World’s top Web destinations are now dominated by social environments. Introduction (cont.). - PowerPoint PPT PresentationTRANSCRIPT
Surveying The Landscape of Threats Facing Users In The Social Web
Steve Webb, Ph.D.
Emory Guest Lecture
April 16, 2009
Introduction
The World Wide Web is evolving into a “social Web”
World’s top Web destinations are now dominated by social environments
Introduction (cont.)
New and exciting ways to connect with others
Wildly popular 200 million active
Facebook users
100 million YouTube videos
1.5 million SecondLife residents
Introduction (cont.)
And as always... attackers love crashing big parties
Threat categories Traditional Attacks
Socially Enhanced Attacks
Social Web-specific Attacks
Let’s take a closer look…
Traditional Attacks
Social environment characteristics Large and very distributed
Numerous communication mechanisms
Relatively naïve user bases
That seems like a paradise for attackers…
Malware Propagation
Worms Samy Mikeyy
Spyware Ad networks Rogue apps
Adware Zango
Spam
Comment spam
Bulletin spam
Message spam
Phishing
Fraudulent login display
Grants access to resources outside of the community
Compromised accounts used to launch additional attacks
Research Challenges
Same problems… new and more challenging environment
More information available… but it’s a double-edged sword
Research Challenges
How can we adapt existing techniques to these environments?
What new approaches are necessary?
Socially Enhanced Attacks
Obviously, social environments are vulnerable to traditional attacks
But that’s just the beginning…
Socially Enhanced Attacks (cont.)
Key barrier for attackers has been private information
Generic attacks against the masses
Socially Enhanced Attacks (cont.)
What if attackers knew private information about their victims?
Oh, wait! Isn’t that what social environments provide?!?!
What’s The Big Deal?
Name, Age, Gender, and Location Friends Relationship Status Interests and Favorite Things Education/Employment History Etc., Etc., Etc.
Socially Enhanced Attacks (cont.)
ORIGINAL
From: Bellusci Thresa <[email protected]> Subject: Jessica Alba's hot scene
If your powder is damped and gun can't fire: We know the spark you need! http://yqazqvot.com/
Socially Enhanced Attacks (cont.)
SOCIALLY ENHANCED
From: Li Xiong <[email protected]> Subject: Jessica Alba's hot scene
Steve,
Check out this link: http://yqazqvot.com/
-Li
Socially Enhanced Attacks (cont.)
Scary, right?!
Not isolated to spamMalware
propagation and phishing attacks benefit too
Socially Enhanced Attacks (cont.)
Socially Enhanced Attacks (cont.)
SOCIALLY ENHANCED
From: Li Xiong <[email protected]> Subject: Check out this auction…
Steve,
I think you might like this Kevin Smith auction… http://url.com/
-Li
Research Challenges
How can we protect users without killing the fun of these environments?
How do you identify a needle in a stack of needles?
Social Web-specific Attacks
Phishing revisitedQuestionably more
dangerous than “old school phishing”
Creates a new set of problems…
Social Identity Theft
“Bryan NEEDS HELP URGENTLY!!!”
Twitter fail
Fake Profiles
“Fakesters”
Impersonators
Thin line between fun and slander
Fake Profiles (cont.)
The next generation of spam
The next generation of malware propagation
Research Questions
How do we collect examples of these new attacks? Social Honeypots
(CEAS 2008)
More importantly, how do we protect users…
Purewire Trust Demo
http://www.purewiretrust.org
Questions