Cyber crime has shifted from simple scams including phishing, spoofing, worms and viruses to more sophisticated attacks shutting down network servers and cloud-based systems affecting companies and individuals. Social networking sites are fertile grounds for breeding cyber crime.

The biggest information security threats today is attacks on pervasive devices, social networking and physical systems related to information exchange with accredited cyber security issues. More than 150 social media sites are in vogue today. Such threats have become more acute due to sophistication of botnets and their commercialisation for committing cyber crimes to gain fiscal and other advantage. Globally, 95 per cent of spam is being generated by botnets and millions of computers are attacked via social networking sites where cyber defence is weak. Mobile phone users are estimated to be three times in number to daily Internet users numbering over 1.5 billion. Bulks of both these categories are hooked to social networking sites. You step out of the house and you find any number of people texting their smart phones on Facebook, tweeting on Twitter or using other networking sites. Most smartphones have increasingly attractive third party applications. While the number of smartphone users may triple by the end of this decade, they make an attractive target for cyber criminals. It is easier for them to launch attacks, sabotage and take control of your critical data, communication devices and computers. With extensive implementation of devices like iPhones and iPads, new malware attacks are likely to affect smart phones, VoIP/Mac, social media and even Adobe’s Acrobat Reader.

Dangers of Social Networking

Social networking sites provide organisations with a mechanism for marketing online but they can also lead to serious consequences. Cyber criminals exploit the increased corporate use of cloud computing, social networking, and use of Macs and smartphones for remote access. Cyber crime has shifted from simple scams including phishing, spoofing, worms and viruses to more sophisticated attacks shutting down network servers and cloud-based systems affecting companies and individuals. Social networking sites are fertile grounds for breeding cyber crime. With the incredible growth of their popularity also has come equally large amount of malware. Shortened URLs are the main technique used in attacking social networking sites and it is extremely difficult to identify the source of such attack as millions of people are logged onto the same website. Shortened URLs are used to leverage news feed capabilities of popular social networking sites. The victims are easily tricked into injecting malware and phishing. Abbreviated URLs are the attack method to innocently share link to an e-mail or webpage. Mass distributed attacks are achieved by logging onto a compromised account on the social networking site by posting the short URL linked to a malicious website. Thousands of unsuspecting victims get infected in a matter of minutes as the social networking site automatically distributes this link to the victims’ friends in a multiplying spiral. All that the attacker has to do is to log on to a compromised social networking account and post a shortened link to a malicious website in the status area of the intended victim. Though shortened URLs are not the only method to effect malicious links in news feeds, they definitely are the primary method of attack and responsible for bulk successes.

Recent times have seen dramatic increases in frequency and sophistication of targeted attacks on enterprises. Most social networking sites are being used as attack distribution platforms. Vulnerabilities of Java together with more sophisticated attack/infection tactics are being exploited to ingress traditional computer systems. Only a single negligent user or unpatched computer is enough to give attackers access into an organisation from which to mount additional attacks on the enterprise from within. As a popular cross-browser, multi-platform technology, Java is an appealing target for attackers. Wide availability of attack toolkits and software programmes that can even be used by novices to facilitate launch of widespread attacks on networked computers, has made the threat more complex. Phoenix toolkit that exploits Java vulnerabilities was responsible for most web-based attacks during the last year. In fact, two-thirds of web- based threat activity observed by Symantec during 2010 was attributed to attack toolkits. More and more cases of identities being wiped out from social networking sites and even being taken over by someone else are coming to light. This is no more a matter of fiction and yesteryear movies. Theft of a single identity in a social networking site can cause considerable damage to both the individual and the organisation. E-commerce too is being exploited by cyber attackers while users order goods online and request parcel delivery. In case of social networking sites, the users generally have their guard down and do not suspect the attack since the attacker attacks you through ‘your friend’. Cyber criminals now have automated tools capable of releasing very large volumes of malware with sophisticated features and extreme varieties. Smartphones are the laptops of tomorrow. As per estimates, about four to five billion smart phones maybe in use by 2020. Today’s smartphones offer as many gateways for attack as the desk top computer. Mobiles are threatening the enterprise today in a big way as their application stores become vast malware delivery systems when exploited by cyber criminals.

Terrorism and Social Networking

The terrorists are increasingly using social networking sites to gather information and recruit people to join their cause. These social networks enable terrorist organisations to get personal with users, psychologically work on those inclined to the cause, and brainwash the educated and even affluent ones. Profiling of intended victims is being done by fooling them into accepting communication, even them luring into believing that they will discover who is secretly viewing their profile. Messages are sent from other social network users who have already fallen into the trap of clicking on the link and following the scammers’ instructions. Children are more prone to fall into the trap and since they share social networking platforms and web pages with their friends and relatives, terrorists, scamsters and cyber attackers have a field day. Global terrorist organisations are able to recruit thousands of future terrorists in a matter of months through these social networking sites and it is well nigh impossible for governments to keep tag of millions/millions of daily users including those using smart phones. It is also not possible for any government to curb such communication or invade the privacy of individual users. While the Global War on Terrorism (GWOT) has been on for a couple of years with patchy success, it has really not helped reduce radicalisation. Cyberspace and in particular social networking has increased the pace of radicalisation especially since no Global War on Cyber Terrorism (GWOCT) has been declared and not even international norms for cyberspace have been defined and affected. Therefore, one can be sure of rapid spread of radicalisation resulting in expanding terrorism and cyber terrorism unless ways are found to monitor the bad guys, stop radicalisation and deal with them before they strike.