The primary reason for almost 90% of all data leaks or attacks on social networks is the financial benefit of the attacker. He/she tries to sell the data to third parties, or even directly blackmail people under the threat of publishing data, photos, information. The price of credit card data on the black market ranges from USD 20 depending on the card, the client’s creditworthiness, etc. Attackers can sell medical data, such as social security numbers, as low as $ 10. However, it is not just about direct financial enrichment. Just remember the great case from 2018, where the British company Cambridge Analytica, which is dedicated to data collection and analysis, led the campaign using data from Facebook, where it obtained information about almost 50 million Facebook users and used them to develop software to support Trump’s election campaign in 2016. According to Reuters, the Cambridge company in 2014 developed a computer program to help predict voters’ preferences and influence their decisions. The company drew on private data without the permission of users. The system was to profile voters and manage the distribution of personalized political advertising accordingly. Here you can see that the use of data from social networks is huge, and it only depends on how and for what purpose the attacker can process them.
The remaining 10% of attacks are more about a personal motive, in an effort to prove that I am able to break security.
The vast majority of people who access social networks do not even realize what digital footprint – indelible – they are leaving behind and how this data can be misused even after several years. E.g. they wouldn’t have to let you into the U.S. a few months ago if you posted / shared information on social media that is directed against the U.S..
An example is the increasingly popular Clubhouse network based on voice messages. Alpha Exploration Co., which launched it, was struggling with poor data security, data sharing, and not always correct processing from the start. People don’t realize that this can be the largest spoken word database in the world in a few years, with accurate identification and data about the users. We have the time of “fake video” and “fake voice” can be misused for voice identification in various institutions (banks, etc.). With the current rapid development of artificial intelligence, this situation may arise sooner than we think.
Therefore, it is necessary to approach these things rationally, consider where we publish what, where we click and, of course, what strong security and passwords we use.
Every coin have two sides. One of them may be weaker security on the part of social networks. It should be borne in mind that security methods are evolving rapidly, but just as fast, if not faster, by hackers trying to circumvent them.
On the other hand, there are data that these networks send to third parties. These are the companies that, for example, analyze this data, convert it and then resell it. Thus, the leak can occur at any time on the “road” or directly on the servers of these third parties, which may not be the best secured.
In 2019, data leaked by almost 533 mil. Facebook users, where the data protection commission found a violation of the EU directive and Facebook had to paid a record fine of $ 5 billion. However, the investigation is still not complete.
Útoky nemusia smerovať len priamo na siete, napríklad za zle vyradený hardvér spoločnosti Morgan Stanley, kde unikli údaje klientov z 2 dátových centier, bola stanovená pokuta vo výške 60 mil. USD.
But it’s not just social networks where data leaks from. It happens on a daily basis, in various places where personal data is collected. E.g. the Marriott hotel chain was fined $ 124 million, or Uber, a taxi company that was fined $ 150 million in 2016 for unauthorized use of data.
This is a necessity for them. If they didn’t, they would have no clients, no income, and they would cease to exist. But the situation is more complicated. Although companies are investing millions of dollars in security, the human factor may still fail, that part of the technology is not sufficiently protected, that hackers are one step ahead and have found a weakness such as during the recent massive attack on Microsot Exchange servers worldwide (more than 200,000) through a server software bug more than 8 years ago. LinkedIn also used SHA1 for hashing passwords, which security experts have long pointed out that it is not suitable for securing passwords, but they still used it for some time and increased the risk of password cracking.
If an attacker uses social networks as a reconnaissance tool, he sends a targeted message that entices you to visit a fake website. Its purpose is to steal users’ credentials and money. In a similar way, cybercriminals can manipulate you through chat services. How? Simply. Interesting content in a message from an unknown but good looking gentleman or lady who forces you to open an attachment, but it contains malicious malware. It can serve as a preparation for the arrival of other malicious software, such as advent or spy.
The more we use social networks, the more we simplify the work of cybercriminals and hackers. They like to use these platforms to spread malware, steal personal data, identity and money.
Another risk is identity theft or profile cloning. Criminals steal photos, names and other unique personal information from legal profiles that are shared publicly. They can then use this information to commit fraudulent identity fraud, using a technique known as social engineering to obtain this information. This has happened, for example, in the recent disruption of celebrities’ profiles on Twitter.
If possible, change the password to the account or accounts, set up 2-factor authentication, verify whether its data – e.g. email address – was not stolen. Often, however, he does not even know it and only indirectly knows that he sent an e-mail to a friend without his knowledge.
It’s safest not to post anything you wouldn’t post outside of social media. A very simple tool is the idea of your Facebook message board in the real – off-line world. Social networks handle a huge amount of data, they know your name, as well as your age, place of residence, employment, hobbies, friends and family members. They know what you look like, they even know very well where you are. Would you publish this information voluntarily and anywhere?
The fines that companies receive vary depending on the type of leakage in% of turnover, or in global companies as % of worldwide turnover. It is a repressive form, but one of the most effective ones is forcing companies to store data according to the rules, keep it safe and not misuse it.
Facebook was fined more than $ 5 billion, a record amount. But it’s not just social networks that have our data, where those data leak or they have been misused.
For example, in 2013, hackers stole information about user identities – username, email and encrypted passwords of 153 million Adobe account users, with Dropbox it was a similar scenario – 69 million. records.
E.g. Yahoo was fined 85 mil. USD, when in 2013 the company suffered a major security breach that affected its entire database. It was about 3 billion accounts – which at the time was a significant part of the entire population of the site. However, the company did not disclose this information for three years.
Tesco Bank: A retail branch of a UK supermarket chain was fined £ 16.4 million ($ 21.2 million) by the UK Financial Management Authority (FCA) in 2018 after 9,000 customer accounts were stolen in 2016 less than $ 3 million.
If we mean whether they intentionally steal data, we will probably never know the truth. But when we look at the fines that companies operating soc. networks for such detected leaks get, the cooperation does not seem unrealistic, or it would be too risky.
However, if we look at cases where the required amount was paid by a hacker, we can talk about cooperation, but it was certainly not intentional. Rather, it aims to reduce the consequences of hacking.
Lake City hackers encrypted a large amount of important data, blocking access to emails and a payment gateway through which citizens could pay taxes. Despite the fact that the technicians disconnected the computers from the network only a few minutes after the detection of the hacker attack, it was too late to intervene. The city council finally managed to agree with the hackers on a lower ransom. They had to pay in bitcoin – virtual currency for access to the files, which is close to $ 500,000. The city was insured against data loss, but they still have to pay $ 100,000 out of their own pocket.
In 2016, the already mentioned disruption of the Uber application with a database of 600,000 drivers and 57 million user accounts took place. Instead of reporting the incident, the company paid the perpetrator $ 100,000 to keep the attack secret. However, these steps were very expensive for the company in the end. In 2018, she was fined $ 148 million – the largest fine for data breaches in history at the time.
Sharing information has become an easy way for many people to let others know what they are doing and share their experiences and feelings. But the more information they send to the online world, the more they run the risk of spreading information that could get us under the attention of cyber-attackers.
I would compare it to insurance. If nothing happens to you, you don’t usually think about it. Although an IT technician calls for data backup in a PC in the company, most do not, only after when they lose them for whatever reason, but then it is too late. And it is similar with the data on social networks, which we knowingly publish there. It does not occur to us at all where the photo may end, and that the data about us is collected everywhere and how it will be used. I dare say that even after the leak of data from FB, most did not even change the password. Not to mention that most people have the same passwords in various other applications to make them easier to remember. This is already an ideal way for an attacker to access the necessary data.
On the dark web, one can “buy” various services for ridiculous sums – from obtaining data to attacking the system. I note that in this case these are most often illegal contracts.
In my opinion, this will not happen, and not at all nowadays, when we all connect mostly online. If a major data leak is detected, or an attack on some soc. network occurs, users will switch to another. Alternatively, they will switch to it due to better functionality, where even today very many people switch from Facebook to other types of social media. networks. So they will not boycott them, but the number of their users will decrease, similar to WhatsApp, where many people have started switching to competing messengers.
Cyber attacks are likely to increase, it’s like a cat and mouse game. Once a hacker is ahead, other times a company. The financial effect will still be in the background, all the more so as there will be more and more data on the Internet and the number of devices connected to the network will continue to increase. There is already 25 billion of devices in IoT alone and by 2025 it should be 45 billion devices in the world, not to mention the 5G network and its capabilities. This includes industrial espionage, data leaks from companies and corporations, website malfunctions, etc. It happens every day, every minute.
Protection against similar types of attacks is difficult because similar groups use sophisticated methods to spread the malware. These methods adapt to the current situation and discovered vulnerabilities in the operating system or its components. Given that the state of cyber security in our country to some extent copies the development in Western Europe and the USA, there is a great presumption that the number of identity thefts and its misuse will increase, most often for the financial benefit or manipulation of the victim.Neznalosť základných bezpečnostných konceptov (napríklad vloženie čísla svojej platobnej karty na neznámu stránku)
The company Aliter Technologies has been a general partner of the HN (Hospodárske noviny) conference organized in cooperation with the expert guara...
Following an alleged data leakage from up to 500 million Facebook profiles, hackers reports another case.
How do attackers gain money these days?