1. Security in Social Networks 1
“SECURITY IN SOCIAL NETWORKS”
Hernández Castro Araceli
Tenorio Martínez Arlethe
February, 2014
2. Security in Social Networks 2
ABSTRAC
Social networking has had a great impact today, have grown exponentially and
store a lot of private information about its users and their interactions, data stored
with all these social networks can attract malicious persons to harass, defame, do
spam and phishing.
The respective advantages of social networks are known well worldwide but talk
about privacy and security on them is of little people, which is why it is necessary
to talk about safety, how to optimize how and the proper use thereof, subject of this
article. To mention security in the social web is a key point in the passwords we
use for our accounts, which must be combined with numbers, letters and
characters for your safety.
A simple option is to make good use of social networks and not creating a very
personal inquisition, the protection is paramount importance in social network
research as private users, may cause undesirable or harmful effects on the
personal life.
3. Security in Social Networks 3
KEYWORDS
Internet ---------------------- Internet
Inseguridad ---------------- Insecurity
Privacidad ----------------- Privacy
Seguridad ----------------- Security
Redes Sociales ---------- Social Networks
4. Security in Social Networks 4
INTRODUCTION
Social networks are based on the Theory of Six Degrees of Separation, as this
anyone can be connected elsewhere in the world through a chain of acquaintances
that has no more than five intermediaries, connecting two people with only six
bonds. The theory was first proposed in 1929 by Frigyes Karinthy. The concept is
based on the idea that the known number grows exponentially with the number of
links in the chain, and only a small number of links are required for known
assembly becomes the entire human population.
The number of users in social networks has increased considerably in recent
years, to be part of social networks the user must register, usually for free, and
then complete a series of forms with your personal data, hobbies, personal photo
etc. We see this as a simple means of maintaining communication with our
surroundings, we see and publish photos, share feelings and thoughts, but do you
really know about the people who will see the other side of the computer or some
other means are?
In recent years, the popularity and the trust of social networks are being exploited
by cybercriminals, who have found a new way of exploiting their fraudulent
activities. The rise of social networking has taken the concept of privacy to a
dangerous terrain in which the vulnerability of each person on the network
increases. It is advisable to consider some points that can protect our data if we
use online social networks.
5. Security in Social Networks 5
CHAPTER I: NETWORKS
ANTECEDENTS
Social networks are based on the Theory of Six Degrees of Separation, whereby
anyone can be connected to any other in the world through a chain of
acquaintances that has no more than five intermediaries, connecting people with
only two six bonds. This theory attempts to prove that our grandparents saying "the
world is a handkerchief," that is, that anyone on Earth can be connected to any
other person through a chain of acquaintances that has no more than five levels
intermediaries. (PANDA, 2008, p. 4)
Figure 1.1.1 theory of six degrees of separation.
The origin of social networks goes back to 1995 when Randy Conrads
classmates.com website created with the objective that people could regain or
maintain contact with former classmates from school, college or university.
(PANDA, 2008, p. 3)
With the advent of Internet, network par excellence, has given rise to hundreds of
sites that facilitate the formation of social networks in relation to their academic
status, your workplace, your geographic region, interests, hobbies, taste, among
others.
6. Security in Social Networks 6
SOCIAL NETWORK
A network is an abstract way to visualize a number of systems, and in general,
almost all complex systems.
Figure 1.1.2 The Rise of Social Networks
When talking about social networks refers to those services where users can
create a personal profile and interact with other users is. These platforms allow you
to interact through messages, share information, pictures or videos, so that these
publications are immediately visible for all the users form their group of contacts.
To join them you must register by filling out a series of forms with personal details,
photographs, etc. Normally just create a basic profile, and from there to provide all
the information about yourself that you want to increase the data provided to the
network. (INTECO, 2010)
Figure 1.1.3 The Rise of Social Networks2
7. Security in Social Networks 7
Social networks show clear network effects, the greater the number of users and
the more rich and complex profiles are created, more capacity has the social
network to get new users, and present value as an advertising platform or as a
platform for submission of applications or services.
In this sense, Privacy management represents one of the key elements for social
networking, not only by the need to comply with relevant legal obligations, but by
the perception of users regarding the use and visibility of their data, which can put
the privacy policies employed as a competitive factor among different social
networks.
ADVANTAGES
Revisiting known.
Opportunity to join Flashmobs (short meetings via online for games and
entertainment in order to mobilize thousands of people).
Excellent for promoting new contacts affective as matchmaking, friendship
or sharing interests nonprofit.
Share special moments with those close to our lives.
Dilute geographical boundaries and serve to connect people regardless of
distance.
Perfect for connections to the professional world.
Get updates on topics of interest information, and let you attend events,
participate in events and conferences.
Communication can be in real time.
Can generate mass movements of solidarity in a crisis situation.
8. Security in Social Networks 8
Figure 1.1.4 Advantages of Social Networking
DISADVANTAGES
Apart from the general disadvantages (invasion of privacy, lack of security,
addiction) has emerged a new disadvantage arising from boredom or boredom of
some who have proposed anti social networks such as travesty to authentic.
In the same way the happy customers to write good reviews of a product,
annoying customers also write about their bad experience. These comments
can be viewed by thousands of people in a short time and affect the image
of any business in weeks or even days.
A further disadvantage is the loss of privacy. Suddenly we become
accessible to anyone and is not always good. Avoid revealing sensitive
information how phone numbers, addresses not to mention bank accounts
and passwords.
Figure 1.1.5 Disadvantages of Social Networks
9. Security in Social Networks 9
CHAPTER II: PRIVACY
SECURITY
Joined this public display of your privacy is a lack of security. There is too much
personal information rolling around, and little assurance that is well protected.
Participation in social networks is not without risks, such as identity theft. Even the
most careful users may provide personal information to strangers without realizing
it, to download and install an application designed by third parties that include
games, contests, contests of knowledge and virtual gifts. People entering these
networks think that information is considered private, can see only friends or
specific groups, but programmers sometimes used to bring together users with
similar interests. Sometimes used to broadcast advertising aimed at specific
sectors, taking into account things like age and gender.
The magnificent growth of social networking sites has changed the way of
communication, creating messages often unintelligible to users. Shared ideas and
dysfunction of the information is difficult to understand. Although the process of
transmitting information is perhaps easier and more comfortable, the amount of
information that can be run from one country to another in seconds is unlimited and
cannot control. Another disadvantage found in social networks, we can not be
certain that the information set out is there genuine or true.
Many companies have made the move to the new era and have established social
networks have caution when carrying a message. The companies aim networks,
but many managers and owners of the same fear for what employees can say
about them and the reputation that you provide to them. Public relations company
can not control what your employees commenting, but if you teach ethics and
responsibility that each must have.
10. Security in Social Networks 10
PRIVACY
Today, the rise of social networks has led to the concept of privacy dangerous
territory in which the vulnerability of each person on the network increases. If we
use them, you should keep in mind some points that can protect our data online.
Privacy is a set of practices that divide public and private things. In this regard, let
us start from the point of view that privacy and confidentiality are imperative part of
computational activity. Thus, the problems that surround conflict systematically for
information security become, in many cases go beyond computer science.
At first glance, these problems would not impact such a sensitive issue as the
consequences of social engineering attacks, or maybe a little more dangerous as it
can be the subject of kidnapping, extortion and even "bullying" or "bullying" to
children and youth. (BOURBON Sanabria, 2012)
Intimacy and privacy is a right that anyone has. But with social networking privacy
is in check. Having a profile on social networks is almost a necessity to keep in
touch with family, friends or work. Few people who are not on Facebook, Twitter or
other social network. The problem that arises with these is privacy affected.
Numbers, ideology, religion or directions are some of the data they can get to
appear in the profiles of social networks. That's why you have to be more cautious
about sharing personal information. Public sharing of sensitive information that
may be more dangerous, beyond that there are few confirmed cases of
kidnappings, theft or fraud cases generated from the networks. (GRIVA, 2011)
The issue of privacy in social networks has increased relative to other online
services due to the ease with which users reveal personal information, as well as
the lack of awareness of these on the risks involved and the difficulty of some
users configured appropriately for such tools. (RODOTA, 2011)
11. Security in Social Networks 11
PRIVACY IN THE CONTEXT OF SOCIAL NETWORKS
Anonymity of the user's identity
Protecting the actual identity of users, changes depending on which social network
we are registered. In social networks like Facebook, people use their own name as
such listing, to make them easier to locate users and especially to locate them
within the social network.
Everything we put on the net, stays on the net, so we must be careful what we do
not harm us or get into problematic situations.
But on social networks like Twitter, usually people can put aliases or addresses of
your own web page as a profile.
Privacy of personal space
The visibility of the user profile in a social network to another varies, in some
networks profiles can be found by doing a search on Google, such as Facebook or
Twitter; however the social network Tuenti this is not possible, is completely closed
to people registered on the website. This part also entered the profiles that may or
may not see people.
Depending on a social network or another, the default permissions are public or
private. Facebook takes a different approach by default; users who are on the
same subnet can view other profiles, unless a profile has decided to deny
permission for your subnet. As mentioned above, most social networks allow
friends to see aggregate profiles you're seeing.
As we have said, in most networks, you can see the list of friends we have,
although there are exceptions either because the social network itself gives you the
option to hide your friends list or because you hacked the profile from exit.
12. Security in Social Networks 12
Privacy of user communication
A part of the data we provide to the social networks, as our photos, our comments
etc. A user of the social network discloses additional data, such as connection
time, the IP address used (and of course, their geographical location), visited
profiles, messages sent and received, i.e., a whole log of personal information
about what we've done while we were in the social network. All this should be
private, remember that an IP address in a period is unique, identifying a single
person, and it is illegal publication without user consent.
All this is summarized in that privacy must be present in both the social network
and information sharing (photos, messages etc.), and logs that are recorded in this
social network. Unauthorized entities should not know the contents of private data
sent and received via the network.
This aspect of the privacy of the data involves data confidentiality and anonymity of
homeowners, and must have access control. Access to information about a user
can only be granted by the user. Unauthorized entities, nor should they be able to
link the private data with the profile owner.
13. Security in Social Networks 13
FRAUD IN SOCIAL NETWORKS
Identity Theft
Identity theft is a crime in which a person appropriates personal information to
commit fraud or other crimes. This a problem that affects millions of people
annually in the United States, including children who are victims of child identity
theft.
We can all take steps to prevent identity theft, but unfortunately sometimes
it depends on vulnerability in the computer systems or carelessness of
others who have access to our personal data.
If you think someone has stolen your personal information without your
permission, know what steps to take to report identity theft and protect your
money and your credit and reputation.
It is also important to learn how to protect your privacy, both personal and
financial, medical and Internet, to control what information is shared with
others and what it is used. Take care of your personal data in transactions
and avoid becoming a victim of identity theft.
Malware
Malware (malicious software) is a term that describes a variety of programs that
are installed on the computers of users usually through deception. The malware
can multiply quickly through social networks, infected user's computer and then
expand to the computers of your contacts. This is because the malware may
appear to come from a trusted contact, and therefore users are more likely to click
on links or downloading malicious software.
Some of the most common techniques for propagation of malware are:
14. Security in Social Networks 16
Short URLs, especially those that appear in the area of updates or news
updates. This may cause the user to download a virus or visit a site that
attempts to download malware onto your computer.
Messages that appear to come from reliable sources that invite the user to
click on a link, view a video or download a file.
An email that appears to come from the same social networking site, which
requests information or asks the user to click on a link.
Third-party applications that infect computers with malicious software,
which spreads through contact.
False security alerts. These are applications that are passed by a virus
protection program and informs the user that your safety program is expired
or has detected a threat.
Social Engineering
An absolute truth, in terms of information security, is the weakest link in the chain is
the user human. This means that it is easier to attack a person and obtain
information or actions of this that violate achieve an information system that is
secured, shielded and protected against possible attackers. This leads to the
definition of social engineering:
"Art and science of manipulating people into performing actions that may be of
interest or goal" Chris Hadnagy.
"An act of manipulating people and develop actions or disclose".
In short one can speak of social engineering as a kind of human hacking.
Now and in the hacking work is performed to obtain information (Information
Gathering) of a possible target, just as obtaining information is the basis of social
engineering attacks, with the difference that normally the objective of attack will be
a person, a human, and for this you need to delve into every possible media
15. Security in Social Networks 16
containing target information possible, this containing target information possible,
this is where the Internet and social networks appears.
From the perspective of a social engineer, any information about the person aims,
can contribute to form a profile or outline of tastes, haunts, activities performed,
place of work and activities, among other data. That is why without a doubt; social
media can provide a lot of information that can be useful. Next, let's look at a short
table that spans some data can get to get through these information systems:
Table 1. Data obtained through social networks
SOCIAL NETWORK /
PLATFORM
INFORMATION OBTAINED UTILITY
Facebook / G+ / Hi5/Badoo
/ ...
• moods
• Visits
• pictures
• Interests
• Family
•
Relationships
• Etc.
These
networks
provide a lot of
general
information
about the
person and
their contacts.
Twitter / Myspace / BBM /
...
• moods
• Visits
• pictures
• Interests
Establish a list
of activities,
psychological
profile, sites
visited,
information
consulted and
tastes of the
individual.
MySpace / Grooveshark /
LastFM / ...
• Music heard
• Musical
Tastes
Set a profile of
preferences
and musical
tastes.
Linkedin/... • State labor
• Knowledge
• Wage
Assignment
• Studies in
process
Identify job
profile of the
person, current
job, past,
education,
knowledge,
interests, work,
etc..
16. Security in Social Networks 16
Foursquare / ... • Visits
• Gourmet
Tastes
Allows
geoposicionar
people and
places
frequented
identify
possible
demonstrations
or through
travel.
Flickr / Picasa / ... • Visits
• individual
tastes
• Environment
in which the
individual
develops
Establish a list
of activities,
psychological
profile, visited
places and
tastes of the
individual.
Now, knowing that I usually have information published by these systems, taking
into account that this information can be indexed in search engines with or without
the consent of the user, it is necessary to validate both being shared.
17. Security in Social Networks 17
SAFETY STANDARDS
To understand the challenge of balancing security and privacy, sociability and
usability have to see the main standards of network security.
Notice: Requires that information is accessible only to authorized entities. It
is vital in social networking misuse because information could have serious
consequences on the lives of people.
Integrity: Requires that information be modified only by authorized entities.
Availability: Requires that system resources are always available.
Non-repudiation: To provide protection against a user other then denying he
made some communication.
18. Security in Social Networks 18
RESULTS
According to statistics based on a September 2013 report of eBizMBA Rank, one
of the largest networks is visited Facebook than 750 million unique visitors per
month.
As for the surveys conducted by ESET Latin America in July 2013, noted that the
total Latin American users surveyed 51.4% said using social networks to work.
Although communication with friends and family (85.6%), and the study (53.6%)
are the reasons most often cited by users regarding the use of social networks, the
fact that a little over half share corporate data and the job position as the third
largest in the graph (51.4%) reason, shows that companies and corporate users
also use these media for business purposes:
19. Security in Social Networks 19
On the other hand, face the question about the level of security of information
stored on the servers of social networks, 52.2% think that their information is
slightly insecure:
20. Security in Social Networks 20
DISCUSSION
Today, most people is recessed in the world of technology, make use of the tools
offered by Web 2.0 and is favorable because they remain on the advantages they
offer, but hey that is the problem we focus on the benefits, we settle for being
communicated with our friends, colleagues or even knowing other people. Most are
not aware of what we publish and if there are no privacy in the media, such
information can be read or take any user on the network and to misuse it in order
to cause any damage to our person.
The security and privacy begins with ourselves, of what we publish, we discuss
and permissions that grant, we are aware of our attitudes toward the media is true
has many advantages if we give the proper use but it is also appropriate to provide
for the consequences resulting for inappropriate behavior.
In conclusion, the study of security and privacy in social networks allows us to be
alert to himself about our behaviors to make use of them, as we all realize the
problems appear for privacy by the lack of knowledge by the user options that can
be enabled to restrict certain account data. The technology is advancing, social
networks evolve but we must focus regarding security and privacy to our person to
make use of them.
21. Security in Social Networks 21
GRATITUDE
This article is written with an expression of gratitude to teacher Valeriano Orozco
Meztli and our fellow reviewers who provided moral support for writing this.
Araceli&Arlethe
22. Security in Social Networks 22
REFERENCES
BORBÓN Sanabria , J. S. (2012). Seguridad.
FUNDACIÓN TELEFÓNICA. (2012). El debate sobre la privacidad y seguridad en
la Red: Regulación y mercados. Fundación Telefónica.
GOUJON, A. (21 de Agosto de 2013). welivesecurity. Recuperado el 15 de Mayo
de 2014, de http://www.welivesecurity.com/la-es/2013/08/21/51-usuarios-
latinoamericanos-utiliza-redes-sociales-fines-corporativos/
RODOTÁ, S. (2011). Social Networks and children's privacy. Reus.
INTECO, I. (17 de 05 de 2010). Seguridad de La Información y Redes Sociales.
GRIVA, J. P. (19 de 09 de 2011). Privacidad en las redes Sociales. Recuperado el
12 de 04 de 2014, de http://redaccion1.bligoo.com.ar/la-privacidad-en-las-
redes-sociales
PANDA, S. (28 de 08 de 2008). PandaLabs. Recuperado el 10 de Abril de 2014,
de http://www.pandasecurity.com/img/enc/Red_Soc_punto_mira.pdf