Abstract
In this paper, we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, a type of attack which we dub Stealing Reality. We explain how Stealing Reality attacks differ from traditional types of attacks against individuals’ privacy and discuss why their impact is significantly more dangerous than that of other attacks such as identity theft. We then analyze this new form of attack and show what an optimal attack strategy would look like. Surprisingly, it differs significantly from many conventional network attacks in that it involves extremely slow spreading patterns. We point out that besides yielding the best outcome for the attackers, such an attack may also deceive existing monitoring tools because of its low traffic volumes and the fact that it imitates natural end-user communication patterns.
This chapter is based on a paper that was published in IEEE Journal of Intelligent Systems, 26(6), 2011.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altshuler Y, Aharony N, Pentland A, Elovici Y, Cebrian M (2011) Stealing reality: when criminals become data scientists (or vice versa). IEEE Intell Syst 26(6):22–30. doi:10.1109/MIS.2011.78
Lazer D, Pentland A, Adamic L, Aral S, Barabasi AL, Brewer D, Christakis N, Contractor N, Fowler J, Gutmann M, Jebara T, King G, Macy M, Roy D, Alstyne MV (2009) Social science: computational social science. Science 323(5915):721–723
Altshuler Y, Pan W, Pentland A (2012) Trends prediction using social diffusion models. In: Proceedings of the international conference on social computing, behavioral-cultural modeling, and prediction. Lecture notes in computer, Springer, pp 97–104
Barabasi AL, Albert R (1999) Emergence of scaling in random networks. Science 286(5439):509–512
Newman M (2003) The structure and function of complex networks. SIAM Rev 45:167–256
Watts D, Strogatz S (1998) Collective dynamics of “small-world” networks. Nature 393(6684):440–442
Altshuler Y, Aharony N, Fire M, Elovici Y, Pentland A (2011) Incremental learning with accuracy prediction of social and individual properties from mobile-phone data, CoRR
Altshuler Y, Fire M, Aharony N, Elovici Y, Pentland A (2012) How many makes a crowd? On the correlation between groups’ size and the accuracy of modeling. In: Proceedings of the international conference on social computing, behavioral-cultural modeling, and prediction. Lecture notes in computer science, Springer, pp 43–52
Eagle N, Pentland A, Lazer D (2009) Inferring social network structure using mobile phone data. Proc Natl Acad Sci (PNAS) 106:274–278
Yeung CA, Noll C, Meinel M, Gibbins C, Shadbolt N (2011) Measuring expertise in online communities. IEEE Intell Syst 26(1):26–32. doi:10.1109/MIS. 2011.18
Eagle N, Pentland A (2006) Reality mining: sensing complex social systems. Pers Ubiquit Comput 10(4):255–268
Gonzalez MC, Hidalgo CA, Barabasi AL (2008) Understanding individual human mobility patterns. Nature 453(7196):779–782. URL http://dx.doi.org/10.1038/nature06958
Eagle N, Macy M, Claxton R (2010) Network diversity and economic development. Science 328(5981):1029–1031
Madan A, Cebrian M, Lazer D, Pentland A (2010) Social sensing for epidemiological behavior change. In: Proceedings of the 12th ACM international conference on ubiquitous computing (Ubicomp ‘10). ACM, New York, pp 291–300. DOI http://doi.acm.org/10.1145/1864349.1864394, URL http://doi.acm.org/10.1145/1864349.1864394
Madan A, Farrahi K, Perez DG, Pentland A (2011) Pervasive sensing to model political opinions in face-to-face networks. In: Pervasive computing. Springer, Berlin, pp 214–231
Herley C, Florencio D (2010) Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore T, Pym D, Ioannidis C (eds) Economics of information security and privacy. Springer, New York, pp 33–53. URL http://dx.doi.org/ doi.org/10.1007/978-1-4419-6967-5_3
Flexo (2007) I won’t sell e-mail addresses. www.consumerismcommentary.com
Barbieri D, Braga D, Ceri S, Valle ED, Huang Y, Tresp V, Rettinger A, Wermser H (2010) Deductive and inductive stream reasoning for semantic social media analytics. IEEE Intell Syst 99 (Preprints). DOI http://doi.ieeecomputersociety.org/10.1109/MIS.2010.111
Krishnamurthy B, Wills CE (2009) On the leakage of personally identifiable information via online social networks. In: Proceedings of the 2nd ACM workshop on online social networks (WOSN ‘09). ACM, New York, pp 7–12. DOI http://doi.acm.org/10.1145/1592665.1592668, URL http://doi.acm.org/10.1145/1592665.1592668
Binde BE, McRee R, O’Connor TJ (2011) Assessing outbound traffic to uncover advanced persistent threat. Technical report. Sans Institute
Solutionary: White paper (2011) The advanced persistent threat (APT), 22 Apr 2011. http://resources.idgenterprise.com/original/AST-0056724_Advanced-Persistent-Threat-Solutionary.pdf
Svensson P (2011) Possible e-mail theft from Epsilon slams banks, retailers. USA Today, April 2011
Brunner M, Hofinger H, Krauss C, Roblee C, Schoo P, Todt S (2010) Infiltrating critical infrastructures with next-generation attacks. Technical report. Fraunhofer Institute for Secure Information Technology (SIT), Munich
Tang L, Liu H (2010) Toward collective behavior prediction via social dimension extraction. IEEE Intell Syst 99:1–17
AFP (2010) S. Korea to probe huge online data leak. www.enews.ma/korea-probe-huge_i165401_7.html
Jeffay N (2009) Israel poised to pass national ID database law. Jewish Daily Forward. www.forward.com/articles/112033/
Emery D (2010) Privacy fears over gay teenage database. http://www.bbc.co.uk/news/10612800
Perez JC (2007) Facebook’s beacon more intrusive than previously thought. PC World, 30
Stana RM, Burton DR (2002) Identity theft: prevalence and cost appear to be growing. Technical report, GAO-02-363. U.S. General Accounting Office, Washington, DC
Granger S (2001) Social engineering fundamentals, Part I: Hacker tactics. www.securityfocus.com, Symantec
Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society (WPES ‘05). ACM, New York, pp 71–80. DOI http://doi.acm.org/10.1145/1102199.1102214, URL http://doi.acm.org/10.1145/1102199.1102214
Korolova A, Motwani R, Nabar SU, Xu Y (2008) Link privacy in social networks. In: Proceedings of the 17th ACM conference on information and knowledge management (CIKM ‘08). ACM, New York, pp 289–298. DOI http://doi.acm.org/10.1145/1458082.1458123, URL http://doi.acm.org/10.1145/1458082.1458123
Pan W, Aharony N, Pentland A (2011) Composite social network for predicting mobile apps installation. In: Proceedings of the 25th conference on artificial intelligence (AAAI), San Francisco, pp 821–827
Rouvinen P (2006) Diffusion of digital mobile telephony: are developing countries different? Telecommun Policy 30(1):46–63
Erickson G, Currie P, Inouye B, Winn A (2006) Tyrannosaur life tables: an example of Nonavian dinosaur population biology. Science 313(5784):213–217
D’Onofrio A (2005) A general framework for modeling tumor-immune system competition and immunotherapy: mathematical analysis and biomedical inferences. Physica D 208:220–235
Christakis NA, Fowler JH (2010) Social network sensors for early detection of contagious outbreaks. PLoS ONE 5(9). doi:10.1371/journal.pone.0012948
Bennett CH (1987) Dissipation, information, computational complexity and the definition of organization. In: Emerging syntheses in science. Addison-Wesley, Redwood City, pp 215–231
Bennett CH (1990) How to define complexity in physics, and why. In: Complexity, entropy, and the physics of information, vol 8, SFI studies in the science of complexity. Addison-Wesley, Redwood City, pp 137–148
Bennett C (1986) On the nature and origin of complexity in discrete, homogeneous, locally-interacting systems. Found Phys 16:585–592. URL http://dx.doi.org/10.1007/BF01886523. 10.1007/BF01886523
Kolmogorov A (1965) Three approaches to the quantitative definition of information. Probl Inf Transm 1(1):1–7
McKay BD (1981) Practical graph isomorphism. Congressus Numerantium 30:45–87
Harary F (1973) Enumeration of graphs. Graph Theory, 185–187
Reed D (2001) The law of the pack. Harv Bus Rev 79(2):23–24
Metcalfe B (1995) Metcalfe’s law: a network becomes more valuable as it reaches more users. Infoworld 17(40):53–54
Madan A, Moturu ST, Lazer D, Pentland AS (2010) Social sensing: obesity, unhealthy eating and exercise in face-to-face networks. In: Proceedings of the wireless health 2010 (WH ‘10). ACM, New York, pp 104–110. DOI http://doi.acm.org/10.1145/1921081.1921094, URL http://doi.acm.org/10.1145/1921081.1921094
Aharony N, Pan W, Ip C, Khayal I, Pentland A (2011) The social fMRI: measuring, understanding and designing social mechanisms in the real world. In: Proceedings of the 13th ACM international conference on ubiquitous computing (Ubicomp ‘11). ACM, New York
Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE, Security Privacy 1(4):33–39. doi:10.1109/MSECP.2003.1219056
Apap F, Honig A, Hershkop S, Eskin E, Stolfo S (2002) Detecting malicious software by monitoring anomalous Windows registry accesses. In: Recent advances in intrusion detection. Springer, Berlin/Heidelberg, pp 36–53
Moskovitch R, Pluderman S, Gus I, Stopel D, Feher C, Parmet Y, Shahar Y, Elovici Y (2007) Host based intrusion detection using machine learning. In: Proceedings of the IEEE intelligence and security informatics, New Jersey, pp 107–114
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this chapter
Cite this chapter
Altshuler, Y., Aharony, N., Elovici, Y., Pentland, A., Cebrian, M. (2013). Stealing Reality: When Criminals Become Data Scientists (or Vice Versa). In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds) Security and Privacy in Social Networks. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-4139-7_7
Download citation
DOI: https://doi.org/10.1007/978-1-4614-4139-7_7
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-4138-0
Online ISBN: 978-1-4614-4139-7
eBook Packages: Computer ScienceComputer Science (R0)