Abstract
Online social networks (OSNs) are nowadays an indispensable tool for communication on account of their rise, simplicity, and efficacy. Worldwide users use OSN as a tool for social interactions, news propagation, gaming, political propaganda, and advertisement in building brand awareness, etc. At the same time, many OSN users unintentionally expose their personal information that is used by the malicious users and third-party apps to perform various kind for cyber-crimes like social engineering attacks, cyber espionage, extortion-malware, drug-trafficking, misinformation, cyberbullying, hijacking clicks, identity theft, phishing, mistrusts, fake profiles, and spreading malicious content. This chapter presents an overview of various cyber-crimes associated with OSN environment to gain insight into ongoing cyber-attacks. Also, counter mechanisms in the form of tools, techniques, and frameworks are suggested.
TopIntroduction
The outburst of the World Wide Web is the most productive and expedient ways to find and distribute information. The Web 2.0 has emerged from “read-only web” to “read-write web” constitutes tools such as podcasting, blogging, tagging, RSS feed, social bookmarking, social networking platforms, web content voting etc. With the start of Web 2.0, the media becomes very dynamic and used as blogs, messenger services, websites, social networking sites etc. to provide vast applications such as communication, news, entertainment, businesses, gaming, marketing and advertisement, live-streaming, job search, dating, education, healthcare etc. Among many social media tools, the popularity and usage of OSNs have increased at an incredible rate and becomes an essential tool for every OSN user worldwide. The main focus of this chapter is towards OSNs and its associated cyber-crimes. (Anderson, 2016). In figure 1, the relationship between web 2.0, social media and online social networks is mentioned.
In OSNs, the developers and designers have given much focus on the design and features. However, less emphasis is provided on the privacy and security of OSN users. So this has become a wide area of research and has fascinated the interest of many research scholars. In this chapter, authors aim is to provide valuable understandings regarding the social media ecosystem, various cyber-crimes and vulnerabilities associated with OSNs, and security mechanisms to prevent such attacks.
Figure 1. Relationship between web 2.0, social media and OSNs
TopOnline social media ecosystem is used as a vehicle for communication and is based on 3C's, i.e. creation, curation, and consumption. The content on the social media ecosystem can be self-created/owned in the form for posts, page, and blogs etc., paid media in the form advertisement and earned media in the form of spam and viral messages etc. In figure 2, the Social media ecosystem (Sharma et al., 2020) is mentioned. Social media ecosystem consists of numerous entities represented as different forms of media, social media content used (text, audio, video, real-time and on-demand etc.), various types of users, usage, computing platform, personalization and management and so forth.
Figure 2. (Sharma et al., 2020) TopOnline Social Network - Model And Services
OSN is a web-based tool that offers many as web-based services to the OSN user such as profile creation, adding friends/follower, content creation and sharing etc.
OSN platforms such as Facebook, Twitter, and LinkedIn etc. use social network services (SNS) to perform a set of operations (Cutillo et al., 2010). The three-layered architecture of Social Network Model is shown in figure 3.
Figure 3. The three-layered architecture of OSN model
Social network services can be described by a three-layered model with specific tasks as follows:
- 1.
Social Network (SN) Layer: Constructs the digital representations of members and their connections. This layer offers two classes of functions to each member depending on their social communications. Real-time communications management functions such as chats, posts, phone calls, emails and tweets etc. are managed by first class. In contrast, relationship management functions such as profile access rights, reputation administration and friend requests etc. are controlled by second class.
- 2.
Application Service (AS) Layer: Establishes the application infrastructure supervised by OSN platforms. This layer implements SN layer functions such as data storage, network and communication services. The essential functions managed by this layer are data retrieval, indexing, data access control and shift control to other servers in case of failures etc.
- 3.
Communication and Transport (CT) Layer: Characterizes the communication and transport internet services governed by one or more network service providers.
Key Terms in this Chapter
Intrusion Detection System (IDS): It is a type of security software system that monitors network traffic and alerts the administrators for any suspicious, malicious activities or security policy violations.
Denial-of-Service (DOS) Attack: A denial of service (DoS) event is a cyber-attack in which hackers make a machine, online service, or network resource unavailable to its intended users.
Uniform Resource Locator (URL): It is used to denote or refer to any resource on the internet.
Cybersecurity: Cybersecurity refers to the set of technologies, processes, and practices designed to safeguard networks, devices, programs, and data from attack, threats, or unauthorized access.
Cyberspace: Cyberspace, is supposedly “virtual” world/network created by links between computers, Internet-enabled devices, servers, routers, and other components of the Internet’s infrastructure.
Child Pornography: Any visual depiction of sexually explicit conduct involving a child which includes a photograph, video, digital or computer-generated image indistinguishable from an actual child and an image created, adapted, or modified but appeared to depict a child.
Spyware: A software that installs itself on the computer and starts monitoring your online behavior without user permission is known as spyware.
Application Programming Interface (API): It is an intermediate software that enables two applications to speak to each other. You're using an API any time while using an app like Facebook, sending an instant message, or monitoring the weather on your screen. As a consumer, you just observe one interface; however, in the background, numerous applications are cooperating utilizing APIs.
Advanced Persistent Threat (APT): It is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network, to mine highly sensitive data and are significantly more complicated.
Cookie: A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to store preferences and other information for the visited webpages.
Malicious Code: Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.
Fake News: News headlines and stories that have no factual basis but are presented as facts. The spreading of untrue facts online or through Social Networking Sites that may influence readers’ opinions, voting choices, and election outcomes.
Machine Learning: Machine learning is an application of artificial intelligence (AI) that provides systems with the ability to learn and improve from experience without being explicitly programmed automatically.
Stalking: Stalking is unwanted surveillance by an individual or group toward another person, invading their privacy, and that may result in a potential safety threat.
Artificial Intelligence: It is the science and engineering of making intelligent machines. Artificial intelligence (AI) makes it possible for machines to learn from experience, adjust to new inputs and perform human-like tasks. Examples of AI-based personal assistant are Siri, Google Assistant, Cortana, Bixby, etc.
JavaScript: It is an object-oriented scripting language commonly used to create interactive effects within web applications.