A Brief Discussion of Current Information Security Threats on Facebook

As Internet changed our ways of living, Social Network applications such as Facebook changed our ways of interacting with others. According to a report written by Emil Protalinski this year, Facebook users spent more than 10.5 billion minutes per day on Facebook during January 2012, excluding mobile devices. This comes out to 12 minutes and 26 seconds per user. With so much time consumed, Facebook users definitely created tons of information concerning all the aspects of our lives.

To begin with, let’s see what kind of information Facebook has. Facebook consists of four parts, which are personal page, friends, groups and apps. Personal page includes people’s daily activities, profiles, photos and events. Friends include news, messages and events from their friends. Groups provide people a place to discuss, communicate and share their thoughts. Facebook also contains millions of third-party apps to help people entertain and work. Each part of Facebook contains immeasurable information. Most of the information on Facebook is visible to the outside world for the purpose of sharing and exchanging information.

While Facebook users share a wide range of information, a lot of people show their concerns about user privacy. Kathy Kristof (2011) stated that users make Facebook so treacherous. Further she explained that the crooks can get the name, age, birthday, address and other basic information of end-users directly from their website and such information increases the chances of cracking bank accounts of users and other important accounts. Another concern posted by SOPHOS (2011) demonstrates many different methods of Facebook scams such as Self-XSS, click jacking and survey scams. All of these ways are trying to trick users into cutting and pasting a malicious JavaScript code into their browser’s address bar. In addition, Linda McGlasson (2011) listed top 9 security threats in which Social Networks like Facebook ranked No.2 in that such sites provide an easy platform for crooks to fool some innocent users. Andrew R Hickey (2011) added that about 40 percent users have been sent malwares such as worms or suffered phishing attacks based on a survey conducted by SOPHOS. Also Michael Rundle (2011) showed a figure that over 45,000 passwords and login details of Facebook account have been stolen by computer worms, which endanger a wide range of users. Besides, Facebook itself suffers many kinds of anonymous attacks every day.

With so many concerns presented by different people from different perspectives, we can summarize those into three categories considered as threats to user information security: * Users release too many details about themselves to public. Many users do not have the awareness that criminals are watching them at their convenience and thus sometimes give criminals the “key” (derived directly from user’s basic information) to open the door, step into users’ “rooms” and take whatever they want. To avoid such misfortunes happen, users should be aware of what is important and build good habits that think twice before uploading pictures, modifying profiles and adding status. A good way to reduce this risk is not to link any other accounts information with user’s basic information such as birthday, address and others. * Facebook does not take adequate actions to protect user information security.

At first the purpose of Facebook is to share information. For example, the “advanced search” gives everyone including crooks the right to ask its database for any of fields in a profile. It is easy for one to search for students from New York in UW. However, such function facilitates not only users but also crooks. In addition, Facebook provides millions of apps on its platform. These apps are actually good places for criminals to obtain user’s information. For example, one can easily collect user’s birthday by creating a birthday reminder app or access user’s calendar by creating a calendar management app. Therefore, Facebook actually gives crooks space to fulfill their needs. * Third parties are actively seeking out end-user information using Facebook. Unlike previous times people are trying to get used to Facebook, now people have the awareness that Facebook has huge information of which can be made use. Many website and apps allow user to use Facebook account to log into their systems. This actually improves the chances for crooks to do something evil.

To sum up, users, Facebook itself and third parties are three key factors affecting information security. As the host, Facebook should realize the threats and build complete policy to help guide users and third parties to the right track of protecting and valuing information.

Reference:

[1]Andrew R Hickey, 2011, Social Networking A Major Security Threat, Cybercriminals Eye Facebook, http://www.crn.com/news/security/229000883/social-networking-a-major-security-threat-cybercriminals-eye-facebook.htm [2]Emil Protalinski, 2012, 10.5 billion minutes spent on Facebook daily, excluding mobile, http://www.zdnet.com/blog/facebook/10-5-billion-minutes-spent-on-facebook-daily-excluding-mobile/11034 [3]Facebook To Share Users’ Home Addresses, Phone Numbers With External Sites, http://www.huffingtonpost.com/2011/02/28/facebook-home-addresses-phone-numbers_n_829459.html [4]Biggest Security Threat: Facebook & You, http://www.cbsnews.com/8301-505144_162-36944079/biggest-security-threat-facebook–you/ [5]Protection strategies for social networking (Facebook security best practices: A summary) http://www.sophos.com/en-us/security-news-trends/security-trends/social-networking-security-threats/protection-strategies.aspx [6]Social Networking Security Threats, http://www.sophos.com/en-us/security-news-trends/security-trends/social-networking-security-threats/facebook.aspx [7]Top 9 Security Threats of 2011, http://www.bankinfosecurity.com/top-9-security-threats-2011-a-3228/op-1 [8]Facebook Security Threat: 45,000 Passwords Stolen By Ramnit Worm, Seculert Claims, http://www.huffingtonpost.co.uk/2012/01/06/facebook-security-threat-_n_1189387.html [9]Facebook: Threats to Privacy, Harvey Jones, http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-papers/facebook.pdf