The vulnerabilities to internet have been also presented new threats to the social networking sites .The paper reports the current security issues related to the social networking sites of which user is completely unaware. In this report I have studied the threats to social networks in recent years and tried to point out security issues that common user does not take care of and it helps to spread malware across the internet. There are many possible hidden security threats such as identity theft and disclosure of personal information on internet for example an internet security consultant Ron Bowles has collected and published sensitive user data of 100 million Facebook on the internet in the form of a downloadable file. So idea behind this report is to point out general security measures that a user can take in order to protect his personal information from such attacks. There are many users who are not aware of these threats and privacy settings of their social network accounts .Moreover, some Social Networking sites does not provide enough security settings to protect users personal information .This report has gathered data about few such studies that have been already conducted and which examines the privacy protection issue on Social Networking Sites such as MySpace, Facebook and LinkedIn. This report also includes data from a report that studied attitudes of people towards data security issues and awareness of the risks involved in publishing your personal information on Social Networking Sites. In this paper I will also discuss the security measures against the threats to social networking sites .In the end I will propose a security framework for the social networks.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Introduction
People share multimedia data and information now days to keep in touch with friends and family or for fun in social networks on the internet. Within last 5 years numbers of social networking users have been increased tremendously .For Example according to Facebook statistics [5] the number of people currently on Facebook is more than 500 million ,50 % of active users log on to their account every day, average user has 130 friends and people spend over 700 billion minutes in a month on Facebook .
So the social networking is a new movement that affects social and behavior of the society, so the companies based on social networking sites are now responsible for maintaining proper security for not only customer account but their emotional and social privacy too.
Before getting more into detail here is a brief definition of social networking sites “A Social Networking Site is a website that provides a virtual community for people having common interest, or just to ‘hangout’ together (Computer Desktop Encyclopedia)[2]. According to Bob Ivins, Vice president of comscore.com,”Social networking is not a fad but rather an activity that is being woven into the very fabric of the global internet “.
For example LinkedIn (www.linkedin.com) is a well known online network with more than 25 million experienced professionals from around the world, representing 150 industries. The fast growth of Social Networking sites in past few years shows that they are now a day a main communication vehicle for the millions of users.
Through social networking sites people keep in touch with friends, family ,especially people they have not seen in recent times .In the process people also make friends of friends and some times people they do not know even personally .with the increase of social networking people have smart choice to find the people who share common interest with them .On the other hand the recent activities on Social networking sites have spoiled the reputation of Social networking behavior and made people think is their privacy is secured. Few examples are worldwide spam campaign in Quenchup [3].So the Social Networking sites are common and easy target of attackers to attack them. With the advent of modern web programming languages in which most of the Social Networking Websites are designed it is easy task for normal programmers to attack and affect functionality of these sites.
So firstly, I will try to group some of the primary privacy threats these can be broadly divided into few categories 1.) Phishing, 2.) Reputation risks 3.)Profiling risks (Spam, Collection of user data the example I mentioned above).
Although Social Networking sites provide security features to the users but some of the are very basic and cannot detect the possible attack.
The most important problem with privacy of users is danger of making private their personal information .The main problem behind this threat is that it does not emerge in a user mind even to look at their privacy settings. Moreover, at the time of creation of account user is never voluntarily prompted to look at his/her privacy settings.
The second issue is that tools for privacy in social Networking sites are not easily ready to change requirements to protect the user personal secrecy .By default maximum of accounts settings are for everyone for example Facebook keeps its settings everyone or friends of friends by default, so it is easy for spams to get speeded just by clicking a lucrative links .But on the other hand Facebook provides detailed privacy settings of which most users are unaware.
The third problem is that if user can control access to his account but some times he cannot control what other users reveal about him. for example recently an underage girl posted her video on YouTube and received weird comments which she cannot control .So the issue is most of the social Networking sites does not provide control on third party comments, and also the proper age control .For example a friend can upload an embarrassing picture of his friend and can even tag him without his consent. This has an emotional affect on the victims mind.
The fourth problem is usage of data for third party advertisements and market, many upcoming Social networking sites makes user data available to advertisers and make the personal information of the user a commodity .For example emarketer .com reported that $ 900 million were spend on advertisement on social networking sites and it is expected to grow by $2.5 billion by the year 2011 [4].
Attacks on Social Security Networks
In the year 2005 a worm attacked MySpace. “Sammy” utilized common loopholes in the MySpace and spread very fast .Although it did not steal any information but it affected the functioning of MySpace at high level. Similarly, in April 2009 “Mikeyy” attacked twitter and modified several users account .Similarly “Koobface” stole passwords of user’s .The Social Networking Sites are the easiest means now a day for the hackers to collect personal user information and use it for cracking their sensitive information on their bank accounts.
Malware is not the only one to affect. Due to complete access to millions of profile [5], attacker can gain the commercial and corporation level secretes. According to a survey 66 % companies believe that Social Networking websites prove to be dangerous security threat for companies’ plans and secretes. It also serves as the source for illegal income for attackers. For example on Facebook many users play games designed in flash application ,which prompts them to buy credits using credit cards which is encoded poorly to prevent a possible attack. Figure can explain that [1]
Figure1. Total number of malicious programs targeting social networking
Sites in recent years
As shown in figure, we can assume that now a day we are more unsecure due to the social networking sites .It has a solid reason behind the fact is that it is easy to entice the user of the social networking sites to fill out information for these possible attacks.
What is the Motive of Attackers
Here i have provided easy targets of attack in Social Networking Sites and analyze how such attacks are performed to steal the user data.
What an attacker want
There are many reasons for an attack to happen, that means there might be different purposes for an attack. The possible targets are as follows:
Jokes: Some friend might want to joke on other friend in order to satisfy their own superiority to other. These kinds of attacks are not that severe but can cause a possible entry point for a more severe threat.
User Access Control: Some professional attackers want access to control the computes assets of other users in order to guide a potentially big and fore planned attack.
Get Personal Information: The important personal information is always helpful to the attacker in order to gain basic or potential personal information of the user to get more information like bank account, and social security numbers.
Company Information: In some Social security Networks such as LinkedIn users are possible business people. So the personal information means possible business policies and future plans associated with the companies. Once the plans are exposed to the hackers they can misuse the information and become a possible threat.
Money and Fame: We can easily find the attacks on Social Security Network Users in which the motive is monetary gain and sometimes easy fame as I have given the example of 1 million records of Facebook user, it gives easy fame to the person associated.
Counter Measures against General Attacks
Security can be taken into account at two levels 1.) At user level 2.) At Social Networking Site level.
Social Engineering is the tool that attackers use commonly in order to spread the attack .On the other hand Social Networking sites cannot impose a restriction on user interaction and behavior, because this keeps their business running .But if the user is smart enough he can prevent majority of attacks
Users must know difference and behavior of different social networking sites before they join any .Because each of them have certain level of security imposed and user is not generally aware of it [5].
Whatever any user is uploading he must have control of the user, uploaded information must be limited and should have access to certain group only.
Do not post Social Security Number, Personal telephone numbers, Full Name, Organizational contacts, Business details, Password hints etc.
User must understand that whatever he uploads on the internet is not private fro then, because information in internet is like words that cannot be taken back.
User must not add any stranger, and must not click any suspicious links like “Congratulations you have won $ 10,000 $ “.
User must remain about new threats and keep check on browsers settings, must update antivirus very often.
Social Networking Site Level
Users are generally not aware of security settings even if they are present .So it is necessary that social networking sites should also provide strict security constrains for the privacy of user.
SNS must provide various functions to different user’s .Most of the privacy settings must be implemented by default, without loss of general behavior.
Users must be notified of the possible security threats very often .User help should be very simple and detailed so that user can understand them.
Have proper account maintenance and span filters along with automatic deletion of suspicious links.
Security vendors affiliated to particular SNS must be strong enough to defend mass attacks.
Delete suspicious pages and posts to prevent users, limited control to advertisements.
Social Networking Sites must have specialized Software Engineers to make their product more secure from SQL injections and XSS or reverse engineering attacks.
Sites must be securely designed while keeping calls to different web API.
Privacy Framework
A general definition of privacy frame work is, it is a common platform for the social networking sites to provide foundation for the security. According to analysis here is a common security framework that can be used:
USER: User activity is defines – find friends, join groups, communicate with others
SECURITY: Stay alert, do not click suspicious links, upload with caution, remain updated, secure patches, and look at security settings often.
Social Networking sites:
SECURITY: Block spams, Filter links, Embed Antivirus, Security alerts.
Services: Chat, posts, videos, music, photo sharing.
This is a arbitrary informative frame work that must be taken into consideration while using Social Networks.
Conclusion:-
Here it is important to notice that to protect individual privacy it is responsibility of both users and Social Networking Sites to impose security at their level. As a necessity social networks must provide user proper facilities for their support and security.
In this paper I have tried to outline the common security issues associated with Social Security Networks without delving into technical intricacies .I tried to look up the new trends in Social Networking sites. I also tried to find the common and easy way for attackers to attack Social Networking sites , and the common measures users and site administrators should take to prevent such common attacks for example :- The attacks like 1 million user data leaked though such attacks are not practically important but can affect the networks at a vast level if ignored.
REFRENCES
1. Ai Ho, Abdou Magia, and Esma Aimuer, Privacy Protection Issues in Social Networking Sites,. University of Montreal Canada. IEEE 2009.
2. Weimin Luo,Jingbo Liu,Jing Liu and Chengyu Fan,” An Analysis of security in social Networks”, (Master’s Thesis :College Of Mathematics and Computer Science Chongquing Three Gorges University Wanzhou, Chongqing ,China).
3. Facebook Statistics, Last modified June 2010,” http://www.facebook.com/press/info.php?statistics”.
4. LinkedIn Statistics, Last modified July 2010,” http://press.linkedin.com/”.
5. Twittercounter, Last modified December 4 2008,” http://twittercounter.com/”.
6. Facebook personal info of 100 million users published, last modified 07/29/2010,
http: //www.cbsnews.com/8301-501465_162-20012031-501465.html
7. “Details of 100 million Facebook users published online,” last modified7/29/2010,http://www.msnbc.com/id/38463013/ns/technology_and_science.html.
8. J.Nagy, “‘Social Networks Security’: (paper presented at the third international conference on emerging security information, Systems and technology, 2009).
Cite This Work
To export a reference to this article please select a referencing style below: