Slide 1

Dr. Scott A. Wells Ph.D. socialmedia@ultimateknowledge.com Facebook: UltimateKnowledge Twitter: UKI_Twitter Ultimate Knowledge Institutes Social Media Security Course Focusing on Social Media Foundations and Security Concepts Slide 2 Welcome Slide 3 Social Media is the New Medium By 2010 GenY will outnumber the baby boomers. And 96% of them have joined a Social network. Social Media has overtaken porn as the #1 activity on the web Three of the worlds most popular brands online are social-media related and the world now spends over 110 billion minutes on social networks and blog sites. Socialnomics: How Social Media Transforms the Way We Live and Do Business http://blog.nielsen.com/nielsenwire/global/social-media-accounts-for-22-percent-of-time-online/ Slide 4 850 million people using Facebook account for 1 out of every 5 page views on the internet worldwide 250 million photos are uploaded to Facebook daily There are an estimated These 850 million people And . Facebook Statistics Slide 5 As a country Facebook would be the third most populated country behind China and India Slide 6 There are over 3 billion videos watched per day on YouTube. Over 35 hours of video uploaded every minute. 5 billion Photos hosted by Flickr (September 2010 3000+ Photos uploaded per minute to Flickr. and 25 billion Number of sent tweets on Twitter 175 million People on Twitter as of September 2010 and Video Images Tweets Some Social Media Statistics by Category Slide 7 Served as Mechanism for political change Egypt Tunisia Yemen Libya Slide 8 Assists in disaster notification and response Slide 9 The Dark Side of Social Media. Source: http://www.darkreading.com/insider- threat/167801100/security/privacy/225702468/index.html Robin Sage gained roughly. LinkedIn ----- 148 connections Facebook ----- 110 friends Twitter ----- 141 followers. Over a period of 28 days starting in late December and ending in January of this year. Slide 10 The Dark Side of Social Media. Attackers are employing reconnaissance techniques to penetrate computer networks Source: http://www.securecomputing.net.au/News/165600,hackers-ran- detailed-reconnaissance-on-google-employees.aspx Slide 11 The Dark Side of Social Media. Attackers are employing reconnaissance techniques to penetrate computer networks http://www.betanews.com/article/Personal-data-of-170-million-Facebook-users- exposed-collected-and-shared-without-any-hacking/1280439164 Slide 12 The Dark Side of Social Media. Source: http://www.nytimes.com/2010/11/29/world/29cables.html?_r=1 Slide 13 Leveraging the Dark Side The Matrix (1999 film) Slide 14 Really More Like This Slide 15 Attack Characterization & Anatomy Slide 16 Data Profiling Malware Based Attacks Phishing Attack Evil Twin Identity Theft 16 Characterization & Anatomy Ultimate Knowledge Institute Ref: For the next slides we will characterize and walk through some typical attacks associated with Social Media Slide 17 17 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Data profiling attacks normally include multiple threat activities defined earlier in this seminar. Data profiling attacks are used as a basis for many other attacks. Lets take a methodology employed in a data profiling attack. Preparation Phase Attack Phase Back out Phase During the the preparation phase the attacker develops the attack plan that will be used within the attack phase During the attack phase the attacker employs Social Media focused attack techniques. During the back out phase the attacker finalizes the attack phase and covers tracks. 1 2 3 Slide 18 18 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Engagement Timeline Create a Dossier Repository Identify the expected timeline for Social Media Dossier Attack. This will tie into the overall goals of the dossier build and how the information gathered will be used (extortion, blackmail, defamation, reputation attack preface for espionage activity etc.) The amount of data that will be collected will be immense needs to be searchable. This data should be stored in a database with some form of frontend. Slide 19 19 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Target CharacterizationUsing open and closed sources identify the targets personal information. Names, relatives, locations, public records etc. Closed sources include the hiring of private investigators or background investigation services. Slide 20 20 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Social Media Presence Discovery Using characterization information conduct a discovery of the individuals Social Media presence and document all Social Media profiles and activity. Target: John Smith Search for Presence Output is a list of social sites that the target is a member of. Slide 21 21 Characterization & Anatomy Ultimate Knowledge Institute Ref: http://www.paterva.com/web5/ Lets use Maltego-3 and some other internet based tools and do a little Open Source Intelligence Gathering. For this demo will start with a target, create a digital profile of activities, and determine locations and relationships. Data Profiling Preparation Phase Slide 22 22 Characterization & Anatomy Ultimate Knowledge Institute Another great source of gathering information is GeoTagging. Many social media photo based websites allow you the ability to strip out geotag coordinates but others do not. Flickr is a great source for geotags. Data Profiling Preparation Phase Slide 23 23 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Document the Targets Social Context Determine how the individual use Social Media, what type of social presence and the level of social activity. Unique Attributes of Social Media Presence Images and Media Relationships with people 3rd Party Applications External Links and Usage Slide 24 24 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Determine Tools and Techniques Identify the expected tools and techniques that will be used during the attack phase. These tools will need to integrate with data repositories Slide 25 25 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Develop Social Actors Develop actors that will be used in the Dossier building. These actors should have their own Social Media character profile /context and they should align with the Social media context and profile of the target. Actors can assume the role of an individual, application, place or business. Time should be allocated to develop Social Media actors. Slide 26 26 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Preparation Phase Develop Social Actor Activity Plan Each actors activity should be carefully scripted. The activity plan will document the specific roles and activities of each actor when populated within the targets Social Media presence. Assurances should be made that each activity plan has a monitoring plan to detect for target anomalies such as switching Social Sites or actor realization. Populate Social Sites Using developed actors and activity plans populate Social Media sites Slide 27 27 Characterization & Anatomy Ultimate Knowledge Institute Data Profiling Attack Phase Develop and Execute Supporting Attacks The intent is to compromise the targets relationships. Supporting attacks include executing web based attacks against targets relations and impersonations (multiple actor types). Supporting attacks require dedicated plans and should be conducted outside of the dossier attack plan. Support plans should have a mechanism to feed information into the dossier attack plan. Attacker Target Targets Relationships Slide 28 28 Characterization & Anatomy Ultimate Knowledge Institute Ref:http://en.wikipedia.org/wiki/Cross-site_scripting Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware. PersistentNon-Persistent (Reflected) The code is upload to the vulnerable server within the application. The client activated the script when the page is loaded The code is delivered to the victim by the attacker via link embedded with malicious JavaScript. 1 2 3 4 2 3 1 Slide 29 29 Characterization & Anatomy Ultimate Knowledge Institute Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware. Reflected Input Output Slide 30 30 Characterization & Anatomy Ultimate Knowledge Institute Malware Based Attacks The Cross Site Scripting Attack is commonly used to propagate Malware. Stored Input Output Source Slide 31 31 Characterization & Anatomy Ultimate Knowledge Institute Ref:http://www.technewsworld.com/rsstory/68946.html Malware Based Attacks Persistent XSS Attacks and Social Media - Twitter 1 Victim Attacker Site Twitter Attacker View Infected Profile 3 Establish AJAX Connection 6 Steal Auth Token 7 Post Status & Change More Info. URL 2 Download Malicious JavaScript 5 Image Request 4 Forward cookie and username StalkDaily.Com Michael Mooney Slide 32 32 Characterization & Anatomy Ultimate Knowledge Institute http://www.zdnet.com/blog/security/hackers-selling-25-toolkit-to- create-malicious-facebook-apps/8104 Malware Based Attacks Hackers selling $25 toolkit to create malicious Facebook apps The do-it-yourself toolkit offers a template for spreading malware, directing users to click- fraud accounts and for pushing Facebook users to bogus surveys to hijack personal information. This commoditization of Facebook malware is further confirmation that social networks are a happy hunting ground for cyber-criminals looking to hijack personal data for use in identity theft attacks. TINIE VIRAL APP V3.6 Facebook Profile Creeper Tracker Pro RAMNITZues SpyEye Slide 33 33 Characterization & Anatomy Ultimate Knowledge Institute Ref:http://www.infowar-monitor.net/reports/iwm-koobface.pdf http://www.abuse.ch/?p=2103 Malware Based Attacks Koobface Phase 1 Koobface Attack Phases Phase 2Phase 3Phase 4 Koobface Monetization Hijacked website with JS Fake Video with.exe The Koobface does not just exist for funbut for profit as well. Koobface Mothership Malicious AV Affiliates Pay Per Click Affiliates Compromised Host Fake posts are redirected to. Malicious bit.ly and blogspot URLredirect to. User redirected to. Server that spreads Koobface Slide 34 34 Characterization & Anatomy Ultimate Knowledge Institute Ref:http://en.wikipedia.org/wiki/Phishing Phishing Attacks Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication 3.2 Billion Lost in 2010 Gartner Group Anatomy of Generic Phishing Attack Categories of Attacks Spearphishing Phishing Pharming Vishing Categories of Attacks Redirect Attacks Disclosure Attacks Impersonation Unauthorized Usage Phase I Redirect Phase II Disclosure Phase III Impersonation Phase IV Unauthorized Usage Fraudulent Transaction Impersonate Victim Actual Site Spoofed Site Victim Attacker Steal Identity Slide 35 35 Characterization & Anatomy Ultimate Knowledge Institute Ref:http://en.wikipedia.org/wiki/Phishing Phishing Attacks Phishing Attacks and Social Media Facebook App. User clicks on the link and is presented with a Facebook login The attack then returns you to Facebook, installs an app called Media Player HD,and asks you to download the FLV player --- Malware! Slide 36 36 Characterization & Anatomy Ultimate Knowledge Institute Ref: http://www.gnucitizen.org/blog/social-networks-evil-twin-attacks/ Impersonation Attacks Impersonation Attacks involve the registering a username with the intent to mislead others as to the identity behind the username. John Smith Sam Hacker Impersonation Individual or Organization Compromise Relationships Damage Reputation Phishing Attack Confidence attacks John Smith Conduct Malicious Activities Identity Theft Activities Slide 37 37 Characterization & Anatomy Ultimate Knowledge Institute Data Leakage Social Media Data Leakage is characterized as the unauthorized release of organizational information. LeakDistributionPropagation Slide 38 38 Characterization & Anatomy Ultimate Knowledge Institute Ref: http://codebutler.com/firesheep Identity Theft Identity theft is the actual taking over the identity of an individual. The Firefox plugin Firesheep is a tool that automates the capturing of a set of predefined Social Media session cookies. This allows an attacker to steal an unsuspecting victims Social Media identity. Slide 39 39 UKI Social Media Program Ultimate Knowledge Institute Ultimate Knowledge Institute is offering both a training and certification program for Social Media Technologies. Social Media Foundations Course Social Media Engineering & Security Course Social Media for Managers Course Social Media Practitioner Certification Social Media Engineering & Security Certification Social Media Governance Certification The Social Media for Managers course and certification encompasses the governance strategies policy development and processes that should be put into place to support Social Media initiatives within an organization. The Social Media Foundations Course is designed for individuals who must indoctrinate other users and who work with Social Media on a daily basis The Social Media Engineering and Security Course and Certification is meant for individuals who must design, implement and operate secure Social Media solutions. Slide 40 # Questions are not limited to one hundred and forty characters