Online Social Networking: A Source of Intelligence for Advanced Persistent Threats

Online Social Networking: A Source of Intelligence for Advanced Persistent Threats

Nurul Nuha Abdul Molok (Department of Information Systems, The University of Melbourne, Melbourne, VIC, Australia), Atif Ahmad (Department of Information Systems, The University of Melbourne, Melbourne, VIC, Australia) and Shanton Chang (Department of Information Systems, The University of Melbourne, Melbourne, VIC, Australia)
Copyright: © 2012 |Pages: 13
DOI: 10.4018/ijcwt.2012010101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The professionalization of computer crime has resulted in a shift in motivation away from bragging rights towards financial gain. As a result, the operational tactics of cyber criminals is beginning to incorporate reconnaissance and intelligence gathering to inform attack planning. This paper discusses why information leakage in general, and Online Social Networking (OSN) in particular, has become a source of intelligence for attackers. Further, the paper profiles a range of security measures available to organizations to combat information leakage through OSN and identifies future directions for research into security culture and behaviour change.
Article Preview

Leeson & Coyne (2005) cite a number of papers (Blake, 1994; Sterling, 1991; Taylor, 1999; Thomas, 2002) that suggest fame or peer recognition as the primary reason for hacking. The following quote from Bruce Sterling’s hacker classic “The Hacker Crackdown: Law and Disorder on the Electronic Frontier” makes this point (Sterling, 1991):

Hackers can be shy, even reclusive, but when they do talk, hackers tend to brag, boast and strut. Almost everything hackers do is INVISIBLE [sic]; if they don't brag, boast, and strut about it, then NOBODY WILL EVER KNOW [sic]. If you don't have something to brag, boast, and strut about, then nobody in the underground will recognize you and favor you with vital cooperation and respect. The way to win a solid reputation in the underground is by telling other hackers things that could only have been learned by exceptional cunning and stealth… Hackers hoard this knowledge, and dwell upon it obsessively, and refine it, and bargain with it, and talk and talk about it.

However, in the last five years, a clear shift in the motivation of attacks towards financial gain and away from ‘bragging rights’ has become apparent (CSI, 2007; Gartner, 2006). The annual Computer Security Institute (CSI) survey reported the following in its 2007 edition:

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing