Ssas Dc2011 Aaron Barr

8/3/2019 Ssas Dc2011 Aaron Barr

1/35

Social Media andEvolving Cyber Threats

Aaron Barr

Director Cyber Security

Sayres and Associates


2/35

Communications Revolution

Dramatic shifts in media and

communication Continuous and direct dialog

and action with lesscontemplation andorganization

Persistence of PII across avariety of platforms


3/35

Driving Technologies

STATIC SOCIAL REAL-TIME GEOLOCATED

Ad-hoc ConvergedContinuous

Socia

l VisualMobile


4/35

Social

Commerce and content

driving aggregation to mega-platforms

50% of network traffic createdby 150 networks

15% by Facebook/Google

Battle for PII advantage: Social graph

Preferences


5/35

Mobile

Organic continuous user

experience Hyper-targeting

information based onlocation, preferences, andconnections

Services work towardsholy grail of marketing andadvertising


6/35

Video

On-demand video

Video conferencing Facial and object recognition

Augmented reality

Real-time manipulationDiminished Reality


7/35

Social Media Engagement


8/35

Migration to Amateur Content

Amateur voice of many is more responsive and accurate thanthe professional voice of one.

More choice to select the voices of interest (rss).


9/35

The Tweet Heard Round the World

@keithubahn : 1,046 followers

1 min. 80 re-tweets 2 min. 300 re-tweets

35 min. 5,106 tweets a sec.

Sohaib Athar liveblogged the raid

but didnt know it


10/35


11/35

Your Digital Self


12/35

Social Media Guy

Checked in atNSA Visitor Parking

Johnny BravoLikes RedskinsFriends with Lives in Columbia, MD

Acme ContractorNavy CryptologistMember Intelligence Group...

@Securityguru Cyberspace

the new domain of warfare:WASHINGTON: With thecreation of the U.S. CyberCommand in May and

last... http://twurl.nl/bgt0xq

thank you, thank you very much
http://twurl.nl/bgt0xqhttp://twurl.nl/bgt0xq


13/35

Implicit Release of Private Information

Facial recognition

Tagging Data aggregation and mining


14/35

Meta Data Exposure


15/35

Vulnerability of Location

Linkedin Page shares he is a

iPhone field product tester Location information on Gray

including spots he frequentsmost and friends.


16/35

Information Exploitation

Technology is allowing for easy information exposure and

exploitation in real-time that can not be easily monitored orprotected

Little discussion about aggregated information exposure acrossplatforms?

Information manipulation becoming more prevalent


17/35

Following PII Bread Crumbs


18/35

Link Analysis

Sensitive Customer

Employee1 Employee2

Company ABC

Company XYZ

The more we interact onlineand expose relationships theeasier it is for an attacker todiscern hidden details aboutan individual and developexploitation paths.


19/35

Employee1

Employee2

Company ABC

Employee3

Link Analysis

The more we interact onlineand expose relationships theeasier it is for an attacker todiscern hidden details aboutan individual and developexploitation paths.


20/35

Link Analysis and Time Correlation

A competitive intelligence capability with inputs from theseservices.

Conducting time and data correlations of RFP release, jobpostings, contract awards, and profile modifications could tellyou down to individual who is working on what contracts.


21/35

People Are the New Worm

Avg. user has 130 friends. 82,368,000 users exposed.

Scam started Aug 2nd.and peaked on Aug 4th.

1,267,200 visitors a dayAvg. of 1% share the video


22/35

Social Media Manipulation


23/35

Future of Social Media Security

The growing popularity and convergence of social media and

mobile to deliver real-time tailored information will provideincreased opportunity for collection and manipulation


24/35

Evolution of Cyber Threats

In the last 18 months we have seen significant advancements

in the organization and TTPs of cyber threats. Individuals - collaborating, more aggressive, public

Groups - specializing, process improvement, established

State - operational experience, integrating


25/35

Aurora

Large scale attack on commercial

and defense companies. Started with social media targeting

and spear phishing attack vector

Accessed dissident accounts andstole source code


26/35

Stuxnet

SCADA Malware now a reality

Physical damage for cyber attackno longer theory

Critical infrastructure moving to IP

Essential target for state sponsoredasymmetric objectives


27/35

Financial

NASDAQ compromise in Oct.

Attacks not limited to direct assault. The significant loss of corporate IP

has significant repercussions onfinancial markets


28/35

Hacktivism

Insider Threat has few defenses

Very vocal attacks create greatersense of fear

Politically and socially motivated

Leverages the capability and voiceof many


29/35

Arab Spring

Social and political movements

organized in information controlledcountries using social media

Protests in Egypt were organizingon Facebook and Twitter weeksbefore physical protests

#jan25#Tunisia

#SidiBouzid

@Sandmonkey

@SultanAlQassemi


30/35

Flash Mob

Initially an attention and marketing

tactic Now being used to organize and

overwhelm

Social media a more effectivecommunications tool than any

military or government


31/35

DigiNotar Certificate Authority Hacked

531 fake certs. created

Microsoft, Google, CIA, Mi6

Mobile platforms highlyvulnerable because of lowupdate rates

Monitor rerouted traffic

Considered by some to beworse than Stuxnet


32/35

Mobile Applications

1/2 of 30 randomly selected apps

sending PII to advertisers Jackeey Wallpaper app (1M)

Sent to www.imnet.us

Droid Dream Light

30K - 120K devices infected

26 Apps

Authors also made 50 earliermalicious apps
http://www.imnet.us/http://www.imnet.us/


33/35

Social Media Services

Single Sign-on compromises

In-service privacy disclosures Links, posts, apps - all can contain

links to malicious content (shortlinks)

Lots of unvetted content that looksvetted.


34/35

Future of Security

Mobile - perimeter is faded to gone. Fight is at the end points.

Personal and organizational social media vulnerabilitymonitoring and protective services

Can not be reliant on compliance. More complex rulesets andsophisticated technologies to identify vulnerabilities and threatsin real-time.


35/35

Questions & Comments

Documents

Ssas Dc2011 Aaron Barr