This presentation provides an inside view of how the Social media presence could harm any individual if no proper vigilance is kept while being active on various social platforms.

1. Social Networking Security
Issues
-Mangesh Gunjal

2. Social Networking Site…???

3. Threats Posing Risk to Social Networks
Digital Database Collection
Secondary Data Collection
Face Recognition
Content Based Image Retrieval
Image Data Linkability
Complete Account Deletion
Profile Squatting and Reputation Slander through ID
Theft

4. Continued…
Stalking
Bullying
Corporate Espionage
Spam
Cross Side Scripting
Spear Phishing
Infiltration of Networks

5. Digital Database Collection
Digital dossier of Personal Data for immoral
purposes
Regular Snapshots of entire network
Private Attributes can be accessed directly via
search
Miss out on Employment Opportunities
Information for negative use
E.g. Miss New Jersey Case

6. Secondary Data Collection
Personal Information to the Network Operator
E.g. time and length of connections
IP Address, other users’ profile visited
Messages sent and received
Powerful Data warehouse
Lack of Transparency about Data Collection
Privacy Policies tend to be vague
Transfer of Information to third party through resale

7. Example of Privacy Statement
“[SNS Provider] also logs non-personally identifiable
information including IP address, profile information,
aggregate
user data, and browser type, from users and visitors
to the site.
This data is used to manage the website, track
usage and
improve the website services. This non-personally-
identifiable
information may be shared with third-parties to

8. Face Recognition & CBIR
Face Recognition
User Provided Digital Images
They indentify the profile holder
Linking of Images Instances across services and websites
Content Based Image Recognition
Able to match features from Large Databases of Images
No Privacy control on the accountability on CBIR
Possibility of deducing User Location
May lead to Stalking, Blackmailing, Unwanted Marketing,
etc.

9. Image Data Linkability
Tag Images with metadata
Name of the person in the photo
Link to their profile
Their e-mail address
No control over images posted by others

10. Difficulty in Complete Account Deletion
Easy to remove Primary Pages
Secondary Info remains
Ambiguity over Information deletion upon account
closure
Facebook Privacy policy Statement:
“Removed information may persist in backup copies
for a reasonable period of time but will not be
generally available to members of Facebook.”
Manual Deletion is the only solution

11. Spam
Unsolicited messages
Free Traffic for the Spammers
Use of Specialized Spamming software – FriendBot
Provides links to Pornographic or other product sites
Links to phishing websites
Flood with Comments and Posts
Stealing Member’s Passwords to advertise on others
profiles
Traffic Overload
Loss Of Trust
Reduce the value of SNS if no. of fake profiles
Increases

12. Cross Side Scripting
Can post HTML code within profiles
SNS’s are vulnerable to XSS attacks
SAMY virus
Denial of Service

13. Spear Phishing
Highly personalized Phishing Attack
The worm JS/Quickspace.A was designed to
spread up through MySpace pages.
Effective Form of Phishing Attack
Identity Theft
Reputation Damage

14. Infiltration of Networks
Weak First line of Defense
FriendBot and FriendBlasterPro- commercial software
No implementations of CAPTCHA’s
SOPHOS- an Antivirus company Case Study
Polluting SNSs’ with irrelevant misleading Profiles
Allows to view Private Information
Conducts spamming and marketing campaigns

15. Profile Squatting & Reputation Slander
Fake Profiles
Profiles of Dead Celebrities
Galileo on MySpace (as well as over 3000 Friends)
Weak Authentication of Registration
Most unlikely the person
Easy to target the abuse at the people (e.g. Class
Teacher)
Damage Reputation
Phishing
Marketing under false pretences

16. Stalking
Involves threatening behaviour
Seeks repeated contacts through any means
SNSs’ are an easy means for stalking
SNSs’ emphasize on location data
Loss of Privacy
Physical Harm and psychological Damage

17. Bullying
Repeated and Purposeful acts of harm that are carried
out using technology.
The ease of remaining anonymous
The one-stop-shop effect
The generation gap
Forms Of CyberBullying:
Flaming
Harassment
Denigration
Impersonation
Outing
Trickery
Exclusion

18. Corporate Espionage
Its an Underrated Risk to Corporate Infrastructure
Access Sensitive Enterprise Data; mostly by using
Employees themselves
Privacy Settings are neglected
Threshold for gaining information is very low
Lists of employees and connections between them
Stakeholders Information
Publication of information about its infrastructure, network
directories.
Loss of Corporate Intellectual Property
Blackmailing
Access Physical assets

19. Which Social Network do you think poses the
biggest Risk to Security…???
Courtesy: SOPHOS Security Threat Report
2010

20. Social Networks Spam, Phishing and Malware
Report for year 2009
Courtesy: SOPHOS Security Threat Report
2010

21. Malwares, Number One Concern for the Firms
with Social Nerworks.
Courtesy: SOPHOS Security Threat Report
2010

22. Permission to Access Basic Information

23. Recommendations and Suggestions
Encourage Awareness raising and Educational
Campaigns
Review and Reinterpret Regulatory Framework
Increase Transparency of Data handling Practices
Discourage Banning of SNSs’ in Schools
Promote Stronger Authentication and Access control
Implement Countermeasures against Corporate
Espionage
Maximize Possibilities for Reporting and Detecting
Abuse
Set Appropriate Defaults
Require the Consent of the Data Subject to include
Profile Tags or e-mail Address Tags in Images

24. Social Networking Security Issues- Legal Aspects
Section 66A: Punishment for sending offensive messages
through service, etc.
Imprisonment may extend to Three years and with fine
Section 66B: Punishment for dishonestly receiving stolen
computer resource or communication device
Imprisonment may extend to Three years and with fine up to
Rs.1Lakh or Both
Section 66C: Punishment for Identity Theft
Imprisonment of either description term up to 3 years and fine up
to Rs.1Lakh
Section 66D: Punishment for cheating by personation by using
computer resource
Imprisonment may extend to Three years and with fine up to
Rs.1Lakh or with both
Section 66E: Punishment for violation of Privacy
Imprisonment may extend to Three years and with fine up to
Rs.1Lakh or with both

25. Continued…
Section 66F: Punishment for Cyber Terrorism
Imprisonment which may extend to imprisonment for life
Section 67: Punishment for publishing or transmitting Obscene
material in electronic form
Imprisonment of either description up to three years and fine of up
to Rs. 5Lakh.
Section 67A: Punishment for publishing or transmitting of
material containing sexually explicit act, etc., in electronic
form.
Imprisonment of either description up to five years and fine of up
to Rs. 10Lakh.
Section 67B: Punishment for publishing or transmitting of
material depicting children in sexually explicit act, etc., in
electronic form.
Imprisonment of either description up to three years and fine of up
to Rs. 5Lakh.

26. Conclusion
If used correctly enhances Data Privacy providing
Interactive User Generated Content to anyone, if not
it provides a dangerously powerful tool in the hands
of Spammers, unscrupulous marketers and other
who may take criminal advantages of Users.

27. References
SOPHOS Security Report 2010
European Network and Information Security Agency
Report

28. Questions…???