Monday, February 18, 2013

Big Brother Meets Big Data

The security assault on social networks
Forget hacking. It works but it's illegal.

Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on "open" social networking Web sites are most vulnerable.

Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.

A US security firm has conducted joint research with the US government over the past two years to develop software capable not just of tracking people but also predicting their future behavior by mining vast volumes of data from social networking sites like Facebook, Twitter and Foursquare.

Massachusetts-based defense contractor Raytheon said it has not sold the software known as RIOT, or Rapid Information Overlay Technology, but its capability to tap the into the myriad amounts of information on social media sites would surely turn heads inside the world of intelligence and national security. You can also imagine the reaction of privacy advocates.

This RIOT software combs through social networking accounts with just a few clicks of a button like any Google search, as shown in this
video posted by The Guardian last week.

Input a name and the software can track down relevant photos, tweets and Facebook posts to map out everything someone has been doing on a number of social media platforms. It shows relationships, places, images and even who the person has chatted with online.

The software can analyze that same big database and predict future behavior and movements, such as where a person is likely to be on a given day based on past social media posts and activity.

Sure, you might assume you can limit the potential damage by locking down all the privacy settings on your social networking accounts, but these measures are useless so long as your friends and their messages are not locked in the same manner.

Basically, nobody on these social networking websites is safe from intrusion of this sort.

Separately, a new IBM security tool called IBM Security Intelligence with Big Data lets employers scan through archives of emails, financial transactions, Web traffic and social networks to identify various threats, including "disgruntled" employees. It can also detect patterns of security threats and frauds, according to a recent Wall Street Journal report. IBM explains the tool in this video.

This Big Data software uses a huge historical database for "sentiment analysis," picking out patterns that may indicate disloyalty among employees. If you smile and say "yes" to the boss at the office and then complain on Facebook, you could be at risk here. The logic goes that a nagging employee is more likely to divulge company information.

The software also helps companies protect themselves against threats like hacker attacks and frauds by allowing security personnel to look for patterns in past attacks ‑ like the time, date and location of certain incidents – since the software analyzes past and present data.

This kind of software gets to the core the current obsession with social networking and exposes the fact that users need to be aware that casual remarks made on a Twitter account could come back to haunt you. These are not private conversations over a beer at the pub, they leave data trails that never go away.

Of course, it is one thing to be hacked and an entirely different matter to behave carelessly on a social network but data is data.

I have often received requests from concerned parents to warn their kids about using Facebook and Twitter. Their concerns are understandable, but imagine telling them some real life nightmare stories.

There was a bizarre case where several undercover agents of an intelligence agency in Asia found to their horror that their real identities were exposed on Facebook after attending the wedding of a colleague. The bride was unaware that these friends of her husband were undercover and she happily uploaded all the wedding photos with accompanying captions that disclosed the names of every guest.

Earlier this month, I gave a guest lecture on investigative journalism and out of the blue, a student posed the innocent question: Is it safe to use Facebook? That is a more complicated question than it appears on the surface. The popularity and benefits of various social networking sites these have been well documented, but on the reverse side are real security and privacy concerns.

For example, Facebook just revealed over the weekend that it was the target of a sophisticated hacker group, though there was no evidence that user data was compromised, according to the company.

This came shortly after Twitter's announcement earlier this month that it had been hacked with potentially a quarter of a million user accounts compromised.

Other recent high-profile hacking victims include the US Federal Reserve, major Wall Street financial institutions and prominent newspapers like the New York Times, Washington Post and Wall Street Journal.

The severity of these threats prompted US President Barack Obama to announce last week a Cybersecurity Executive Order that outlined policies to defend against cyber attacks and espionage on US companies and government agencies.

Now the software world is getting very close to making all of us subject to targeted espionage of a different kind on the basis of what we thought we were sharing with "friends" and followers. The RIOT might come in your professional or personal life if that software is used to target your history, and IBM could soon be a warning to us all to be wary of behaving like an "International Big Mouth."

As for social networking, you can Facebook but face the risks.

(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. He blogs at

No comments:

Post a Comment