Symantec Internet Threat Report – Volume 16, Research Paper Example

Introduction

The use of social network sites is the most advanced form of communication today. People use sites such as Facebook and Twitter on a daily basis. Social networking media has introduces a different set of vulnerabilities when attempting to protect an individual’s information.Recent studies have confirmed that millions of people are victims to identity theft each year due to their affiliation with social media sites. Social media sites generate revenue by targeting advertisement due to a person’s personal information. When an individual signs up with a social media site, he/she is required to enter certain personal information about themselves. Many people are confident that their information is safe, so they are not reluctant to type in personal information such as, date of birth, hometown, current occupation, phone numbers, or even a mother’s maiden name. All of this information can be used to steal someone’s identity.

Background Information   

According to statistics published by some of the most well-known social networking services, there are more than 500 million active users on Facebook1, 175 million registered users on Twitter, more than 100 million users on MySpace, and more than 80 million members on LinkedIn (Federal Bureau of Investigation, 2010 ). One can compromise his/her personal safety by posting certain types of information on social media sites. Because social media users can upload information from nearly anywhere, researchers believe that people often post or comment out of impulse and later regret what they have posted. Nonetheless, one must remember that once information has been posted, deleting it will not guarantee the information or posts have not already been shared or saved. Social media sites have many unique risks that can be minimized by practicing good security practices. About 15 percent of American users of social media sites say they have never checked the privacy and security settings of the site they frequent most often (  Federal Bureau of Investigation, 2010  ). In a survey conducted, about 21% of internet users have had an email or social networking account compromised or taken over by someone else without permission and about 6 percent had been the victim of an online scam that involved money (Federal Bureau of Investigation, 2010).

Popular Social Media Sites

Several social networking sites are popular around the world. BlackPlanet was originally designed for professional African-Americans to network in the business world.  However, it has evolved into much more. Members can watch music videos, chat with each other, blog, and look for job openings. This site was used by President Obama to reach potential voters during his first election. BlackPlanet was founded in 1999 and currently has more than 16 million registered users. In late 2011, the site was sued in a federal lawsuit by a woman who says the site did very little to ensure that members were a part of professional society. The woman was drugged and raped by two men who she thought were potential clients.  Another popular site is Instagram.Currently there are more than 200 million members. This site allows members to share information through a series of pictures. All the photos that members post are public, which means that they are visible to anyone on Instagram. However, there is a special private option that a member can use to select who sees his/her pictures. All pictures that members post to the site are saved in what they call your “camera roll” Any picture posted can be saved, printed, or downloaded by other members. In a recent breach of security, members had images uploaded from their accounts as if they had posted them. Although no members reported anything particularly harmful from the incident, it just reminds members of how vulnerable they are. Finally, Tumblr has become very popular with teens and younger members. It use mostly for blogging and sharing visuals. Members can customize blog themes and be followed by other users. This is called reblogging. When people like what the member has posted, they can choose to follow the member. Tumblr had a recent breach in its security because the company is suspected of failing to use SSL servers for logging users into their app. As a result, anyone who is using public Wi-Fi on his/her device can have his password compromised.

Implications of Security Breaches

Cyber-security is affecting people more than they actually realize it. Cybercrimes have grown astoundingly with the growth of technology. For example:

“In addition to over-sharing, there are other risky behaviors in social media: 39% of users don’t log out after each session, 25% share their passwords, and 31% connect with people they don’t know. As a result, 15% of social media users have had their profiles hacked and impersonated. On the surface, 15% being compromised doesn’t seem like many. But, consider that there are 1.4 billion people on Facebook alone. That equates to an astounding 210 million who have potentially been hacked and impersonated, giving criminals even more information to create targeted attacks on a growing percentage of the population” ( Toma, Hancock, & Ellison, 2008  ).

The average person shares quite a bit of information on social media sites. Most sites post information like a person’s full name, age, birthday, hometown, family members, work location, and even phone numbers. Some savvy hackers can use this information to steal a person’s identity. Some sites even share a person’s whereabouts at any given time. This creates easy targets for burglars. If the burglar knows that the entire family is enjoying a movie, he knows they are not home. This gives him adequate time to rob the unsuspecting victim’s home. However, most cases of cybercrimes involve phishing. This occurs when a person creates “fake persona” in order to “friend” the person he/she is planning to commit a cybercrime against. For example,

“The Internet and social networks provide rich research for tailoring an attack. By sneaking in among friends, hackers can learn interests, gain trust, and convincingly masquerade as friends. The information gained by the use of social networking media renders obsolete the telltale signs of a phishing attack of strange e-mail addresses, bad grammar and obviously malicious links. Social media has made a well-executed social engineering attack almost impossible to spot” (Symantec, Inc., 2011).

Using the fake persona allows the criminal to learn details about the victim that can help him steal the person’s information.

Consequences

Currently, LinkedIn is facing a 5 million dollar lawsuit due to its security practices. A hacker was able to obtain millions of the users network passwords. About 6.5 million of the passwords were linked to LinkedIn; another 1.5 million were traced to the dating site eHarmony. The lawsuits questions whether or not LinkedIn security practices were adequate enough to protect its user’s personal information. LinkedIn promises its users that “all information that they provide to LinkedIn will be protected with industry standard protocols and technology” (Graves, 2010) However, according to the lawsuit, LinkedIn did not do everything possible to ensure the users’ information was protected. Often, people use the same passwords for several different sites and other secured information, like an online banking account. Once a thief has gotten personal information and passwords, it can be quite easy to damage the victims’ credit.

What Can Be Done

There need for training on the vulnerability of social media sites is imperative. Many individuals are just unaware of how to limit their chances of becoming a victim due to the information they have made available on social media sites. Each individual needs to be adequately trained in how to operate the sites security system. The training could be done using scenarios to ensure that each person understands the importance of protecting personal information. The training will ensure that individuals do not accept the less secure default settings, limiting the posting of personal information, and never accepting friend requests from persons not known (Toma, Hancock, & Ellison, 2008)

Each person who has this training will drastically reduce vulnerability levels.

Conclusions

Breaches in security on social media sites have major consequences for individuals. Usually, the primary loss is financial. Achieving levels of identity management that are required to ensure social media sites will not be breaches will not happen overnight.  To ensure that cybercrimes and identity theft is eradicated, both individualsand social media site management must work together. Being vigilant is the key.  Cybercrimes and identity theft differs from other types of crimes because these crimes are committed with the personal information that victims have provided the criminals with. Medical identity theft is one of the most dangerous.  When the two person’s medical information become intertwined the victim may receive the wrong medicine or even have a procedure performed that is not needed. The most important fact about ensuring that one’s personal information does not fall into the hands of criminals, is to remember to not post too much information about one’s self and family. For example, one should never post when he/she is going out of town, how long the trip will be, and tentative return date. This gives a would be criminal all the information he needs to wreak havoc (Federal Bureau of Investigation, 2010).

References

Symantec, Inc. (2011). Symantec Internet threat report – volume 16. Retrieved June 20, 2011, from Symantec.com: http://www.symantec.com/business/threatreport/index.jsp Hung, P.K.

Federal Bureau of Investigation. (2010). FBI Business Alliance Presentation – Social Media and Open Source Collection. Open Source Research Project – PowerPoint Presentation. Washington, DC: USA: Federal Bureau of Investigation.

Graves, K. (2010). CEH: Certified ethical hacker. Indianapolis, IN: Wiley Publishing, Inc.

Toma, C., Hancock, J., & Ellison, N. (2008, August). Separating fact from fiction: An examination of deceptive self-presentation in online dating profiles. Personality and Social Psychology Bulletin, pp. 1023–1036.