http://tinyurl.com/pmxu229

http://tinyurl.com/pmxu229

 According to Information Week, on October 17, 2014, Facebook ensured that the leaked Dropbox[1] data didn't compromise the Facebook accounts. On October 14, "a group of anonymous hackers claims to have stolen nearly 7 million Dropbox username and password combinations. But Dropbox denied that it was hacked. The hackers have posted several hundred email addresses and passwords so far on Pastebin.com, releasing more logins as they receive more bitcoin donations."[2]

Chris Long, security engineer at Facebook said that "theft of personal data like email addresses and passwords can have larger consequences because people often use the same password on multiple websites. Lots of household company names have experienced the unpleasant phenomenon of seeing account data for their sites show up in these public ['paste'] lists, and responding to these situations is time-consuming and challenging." he also mentioned that Facebook's automated system scans for large-scale data breaches and monitors a selection of sites that hackers commonly use to divulge the stolen data. "Once we find a set of stolen credentials, we pass the data into a program that parses it into a standardized format".[3]

As I presented in the paper Effects of Social Media Networks on National Security for the Intelligence in the Knowledge Society 2014 conference, these kind of situations are not rare. On 28 February 2013, Uzi Moscovitch, chief of the Center for Computer and Information Systems in the Israeli Computer Services Directorate, declared that Israel is preparing for information warfare with Palestine following some cyber attacks and incidents from Palestinians. "Palestinian hackers have broken into a 30MB database, containing detailed information on 400 Israelis, including their names, telephone numbers, addresses and credit card numbers. This has been considered the biggest information leak in Israeli history, pushing the Israeli National Cyber Bureau to coordinate defense operations and develop systems for protection."[4] The Israel Defense Forces are the military forces of the State of Israel and in the last years they have been training and teaching hundreds of soldiers for electronic warfare, but their focus was on the military and security aspects ignoring some of the actual vulnerabilities brought by the development of networking and internet: electricity network, the banking system, the stock market, the water system or telecommunication system. Social media has brought a new vulnerability including the possibility that Hamas might be able to track down IDF members through social networking. This took to a series of measures, so in June 2013 IDF was on its way of passing official rules and regulations specifying the restrictions and acceptable behavior of its soldiers on their social media accounts, local newspaper Harretz, reported. The draft of the said rules and regulations states that "IDF Information Security Department will monitor social networks and ensure that military personnel are observing the new restrictions. Unit commanders will also have the power to increase the severity of the regulations."[5]

On the other hand, other IDF members, such as pilots, intelligence officers and soldiers assigned in sensitive units need to follow strict limitations with their social media accounts like hiding their identities as soldiers, not uploading photos wearing uniform and should not be tagged in similar photos. Also, they are not allowed to use "check-in" apps that may reveal their actual location.

These cases point out on what Gregory B. Saathoff, Troy Nold and Christopher P. Holstege called "insider threat".[6] There is a need of increasing the personal responsibility and risk awareness. The moment the attacks began to unfold in cyberspace and often in the private area is the moment when ignorance and a false sense of security virtually left the door wide open for such events. In physical space, the presence of visual, spatial awareness produces behavioral changes that stimulate the instinct of self-preservation and alertness. If we look at the online social environment, regardless of the platform, and consider it an organization, we find among the causes listed by Eric Cole and Sandra Ring in Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, the main reasons for which the "invisible walls" that should provide user protection do not exist:

  1. Organization does not know what is happening;
  2. It’s much easier to be in denial than accept such possibility;
  3. Fear of negative publicity.[7]

The user becomes the inside threat. Probst and Hunker assign to the user the following attributes: System access, capacity of representing the organization for the outsiders, knowledge, and trust by organization.[8] From this perspective, the person who is behind an online profile on a social network has a high degree of risk. If we discuss about the people trained for such activities, it’s obvious, the degree is lowered by the education level. But what was attempted by the Palestinians, leads us to the second type of threat – fake accounts and attempts to infiltrate in the social groups or the military on online platforms.

To underline the importance of this data let us remember the case of Berthold Jacob in 1930. He was kidnapped on March 20, 1935 by agents of the German Secret Service because of a book he published which presented every detail of the " revived General Staff, the army group commands, the various military districts, even the rifle platoons attached to the most recently formed Panzer divisions. It listed the names of the 168 commanding generals of the army and supplied their biographical sketches."[9] The question was where did he get his data? He answered himself:

"Everything in my book came from reports published in the German press, Herr Oberst. When I stated that Major General Haase was commanding officer of the 17th Division and located in Nuremberg, I received my information from an obituary notice in a Nuremberg newspaper. The item in the paper stated that General Haase, who had just come to Nuremberg in command of the recently transferred 17th Division, had attended a funeral.

In an Ulm newspaper, I found an item on the society page about a happier event, the wedding of a Colonel Vierow’s daughter to a Major Stemmermann. Vierow was described in the item as the commanding officer of the 36th Regiment of the 25th Division. Major Stemmermann was identified as the Division’s signal officer. Also present at the wedding was Major General Schaller, described in the story as commander of the division who had come the paper said, from Stuttgart where his division had its headquarters."[10]

A social network has the advantage that we can trace relations, events, locations and so on without searching within a huge amount of data. The value comes from the analysis of the data. And the best part is that we can construct this automatically. Today there is free software on the internet that can mine data and build a personal profile like http://www.yatedo.com/ that collects data from various online platforms. They are designed for specific interests but a professional miner can be easily designed to collect specific info’s and sort them according to our needs or interests.

 

[1]Dropbox is a free service that lets you bring your photos, docs, and videos anywhere and share them easily. Read more at the Internet address https://www.dropbox.com/

[2]David GOLDMAN, "Dropbox: We weren't hacked!" , CNN, October 14, 2014, the Internet address http://money.cnn.com/2014/10/14/technology/security/dropbox-hack/

[3] "Facebook Automates Fight Against Hackers", Information Week, October 17, 2014, the Internet address http://www.informationweek.com/software/social/facebook-automates-fight-against-hackers/d/d-id/1316744

[4]Adnan Abu AMER, "Israel Braces for Cyberwarfare With Palestinians", Palestine Pulse, February 28, 2014 at http://www.al-monitor.com/pulse/iw/originals/2013/02/israel-palestine-cyber-war.html#

[5]Athena YENKO, "Israel Defense Forces to Ban Social Media Accounts", International Business Times, June 7, 2014 at http://au.ibtimes.com/articles/475834/20130607/female-israeli-soldiers-racy-photos-israel-defense.htm#.U9DHs_mSyzE

[6]Gregory B. SAATHOFF, Troy NOLD and Christopher P. HOLSTEGE, "We Have Met the Enamy and They are Us: Insider Threat and Its Challenge to National Security", Strategic Intelligence Management: National Security Imperatives and Information and Communications Technologies, Oxford, Butterworth-Heinemann, 2013, pp. 24-36

[7] Eric COLE and Sandra RING, Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, Rockland: Syngress, 2006, p.18

[8] Christian W. PROBST, Jeffrey HUNKER, Insiders and Insider Threats, An Overview of Definitions and Mitigation Techniques, accessed August 1, 2014 at the Internet address http://isyou.info/jowua/papers/jowua-v2n1-1.pdf

[9]William Edward DAUGHERTY, Morris JANOWITZ, A Psychological Warfare Casebook, Baltimore: The Johns Hopkins Press, 1958, p.514

[10]William Edward DAUGHERTY, Morris JANOWITZ, A Psychological Warfare Casebook, Baltimore: The Johns Hopkins Press, 1958, p.515

Related Posts Plugin for WordPress, Blogger...