Cyber Security Challenges a social informatics touch on old attacks S. Felix Wu University of California, Davis 16/5/2013IEEE Intelligence and Security Informatics
2 Urgent! Please contact me! FROM:MR.CHEUNG PUI Hang Seng Bank Ltd Sai Wan Ho Branch 171 Shaukiwan Road Hong Kong. Please contact me on my personal box Let me start by introducing myself. I am Mr. Cheung Pui,director of operations of the Hang Seng Bank Ltd,Sai Wan Ho Branch. I have a obscured business suggestion for you. Before the U.S and Iraqi war our client Major Fadi Basem who was with the Iraqi forces and also business man made a numbered fixed deposit for 18 calendar months, with a value of Twenty Four millions Five Hundred Thousand United State Dollars only in my branch. Upon maturity several notice was sent to him,…
11/05/2009Davis Social Hong Kong University3
11/05/2009Davis Social Hong Kong University4 To me personally, this was a typical social spam.
11/05/2009Davis Social Hong Kong University5 Oops…
11/05/2009Davis Social Hong Kong University6 11/16 / /26 /2007 In my office 11/27 /2007 Spammed? 12/10 /2007 “Memoryless” For Felix Wu
IEEE Intelligence and Security Informatics OSN DSL/FAITH Policy/Reputation-based Route discovery Community Oriented Keywords Name-ID resolution Social Context FAITH over OSN Application Eric Felix Social-Enabled Applications and Games Existing Applications Wrapper Social network transformation tagging DSL FAITH Emphasizing Trustworthiness in Social Informatics 6/5/20137
IEEE Intelligence and Security Informatics WillJohnAmy JustinFelix NancyMarySamTim Eric X-DSL 0x15EF2AC4 GENI geni /5/20138
908/16/2012Social Packets for Intel, Hillsboro, OR
6/5/2013IEEE Intelligence and Security Informatics10 Social Media Systems
Attacks leveraging Social Informatics 6/5/2013IEEE Intelligence and Security Informatics11
Socware Attacks leveraging Social Informatics 6/5/2013IEEE Intelligence and Security Informatics12
Social Media Systems But, they (attackers) can go much deeper! 6/5/2013IEEE Intelligence and Security Informatics13
Relationships & Structures 6/5/2013IEEE Intelligence and Security Informatics14
Applications 6/5/2013IEEE Intelligence and Security Informatics15 Justin EricFelix FB friends: 790+ FV neighbors: 30+ neighbor friend The “Add me please” push!!!
Social Interactions 16
Social Relationships and Structures Applications Social Interactions How much of you has been revealed and recorded? 6/5/2013IEEE Intelligence and Security Informatics17
Social Relationships and Structures Applications Social Interactions (Public Forums) How much of you has been revealed and recorded? 6/5/2013IEEE Intelligence and Security Informatics18
Public FB Discussions pages/groups: 880,664 posts: 18,618,481 comments: 150,430,423 likedby: 1,013,593,179 message_tags: 889,444 places: 4,735 shares: 8,924,826 story_tags: 102,943 fb_users: 116,388,463 6/5/2013IEEE Intelligence and Security Informatics19
6/5/2013IEEE Intelligence and Security Informatics20
21 Linguistic Features Cognitive Elements Affective Element
22 Occupy LA
23 Top 10%
6/5/2013IEEE Intelligence and Security Informatics24
Opinion Classification 25
Time of Participation 6/5/2013IEEE Intelligence and Security Informatics26
11/05/2009Davis Social Hong Kong University27 The “attacker” can do a lot more now!
Challenges Cyber Attacks deeply leveraging Social Informatics Risk Assessment on Public Social Informatics Real-Time Analysis and Monitoring of Social Interactions Binding Social Informatics with Computation, Communication, and Information Flow 6/5/2013IEEE Intelligence and Security Informatics28
Samples of Social Sciences Bandwagon Effect, Information Cascade, Media Framing, Spiral of Silence, Goal Detection, Opinion Formation Social Structure, community development, Social Capitals Psychological Linguistics 6/5/2013IEEE Intelligence and Security Informatics29
6/5/2013IEEE Intelligence and Security Informatics30 November 6-12 of 2011 November of 2011
And, of course,… 316/5/2013IEEE Intelligence and Security Informatics
32
6/5/2013IEEE Intelligence and Security Informatics33
Social Informatics 6/5/2013IEEE Intelligence and Security Informatics34 1. Social Relationship and Structures 2. Behavior 3. Influence among Content, Discussion and Community Formation Partial Projection/Reflection of Real-life Human Relationship Relationships established only via Online Interactions
Social Informatics But, they (attackers) can go much deeper! “We need to promote”, e.g., some fund raising activities – – On the subjects, you have deeply involved – Within the community, you have actively interacted with – And, your passion reveals much of yourself. 6/5/2013IEEE Intelligence and Security Informatics35
Challenges Social Informatics, Big Data Depth and Threat of Social Informatics Plane – It’s not just applications like Zynga’s Human + Cyber + Social Informatics – Future play ground for cyber security 6/5/2013IEEE Intelligence and Security Informatics36
6/5/2013IEEE Intelligence and Security Informatics37
Social Computing Leveraging Social Informatics within Computational Activities 6/5/2013IEEE Intelligence and Security Informatics38 Computing EntityInformation Entity RelationshipP ath Selection Social Entity Social Entity Systematic/Digitized
6/5/2013 Social-Centric OS Kernel Social Informatics 39IEEE Intelligence and Security Informatics
6/5/2013IEEE Intelligence and Security Informatics40 IPUPR. LYR. PAYLOADTCP/UDP HDR Attack Code Exploit (ReturnAddr) Decryption Code NOP System State Changes Focus on “Primitives” being used in the “Epsilon” phase! Application dependent analysis
6/5/2013IEEE Intelligence and Security Informatics41
6/5/2013IEEE Intelligence and Security Informatics42