Skip to main content
SpringerLink
Log in

Stealing Reality: When Criminals Become Data Scientists (or Vice Versa)

  • Chapter
  • First Online:
Security and Privacy in Social Networks

Abstract

In this paper, we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, a type of attack which we dub Stealing Reality. We explain how Stealing Reality attacks differ from traditional types of attacks against individuals’ privacy and discuss why their impact is significantly more dangerous than that of other attacks such as identity theft. We then analyze this new form of attack and show what an optimal attack strategy would look like. Surprisingly, it differs significantly from many conventional network attacks in that it involves extremely slow spreading patterns. We point out that besides yielding the best outcome for the attackers, such an attack may also deceive existing monitoring tools because of its low traffic volumes and the fact that it imitates natural end-user communication patterns.

This chapter is based on a paper that was published in IEEE Journal of Intelligent Systems, 26(6), 2011.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Altshuler Y, Aharony N, Pentland A, Elovici Y, Cebrian M (2011) Stealing reality: when criminals become data scientists (or vice versa). IEEE Intell Syst 26(6):22–30. doi:10.1109/MIS.2011.78

    Article  Google Scholar 

  2. Lazer D, Pentland A, Adamic L, Aral S, Barabasi AL, Brewer D, Christakis N, Contractor N, Fowler J, Gutmann M, Jebara T, King G, Macy M, Roy D, Alstyne MV (2009) Social science: computational social science. Science 323(5915):721–723

    Article  Google Scholar 

  3. Altshuler Y, Pan W, Pentland A (2012) Trends prediction using social diffusion models. In: Proceedings of the international conference on social computing, behavioral-cultural modeling, and prediction. Lecture notes in computer, Springer, pp 97–104

    Google Scholar 

  4. Barabasi AL, Albert R (1999) Emergence of scaling in random networks. Science 286(5439):509–512

    Article  MathSciNet  Google Scholar 

  5. Newman M (2003) The structure and function of complex networks. SIAM Rev 45:167–256

    Article  MathSciNet  MATH  Google Scholar 

  6. Watts D, Strogatz S (1998) Collective dynamics of “small-world” networks. Nature 393(6684):440–442

    Article  Google Scholar 

  7. Altshuler Y, Aharony N, Fire M, Elovici Y, Pentland A (2011) Incremental learning with accuracy prediction of social and individual properties from mobile-phone data, CoRR

    Google Scholar 

  8. Altshuler Y, Fire M, Aharony N, Elovici Y, Pentland A (2012) How many makes a crowd? On the correlation between groups’ size and the accuracy of modeling. In: Proceedings of the international conference on social computing, behavioral-cultural modeling, and prediction. Lecture notes in computer science, Springer, pp 43–52

    Google Scholar 

  9. Eagle N, Pentland A, Lazer D (2009) Inferring social network structure using mobile phone data. Proc Natl Acad Sci (PNAS) 106:274–278

    Article  Google Scholar 

  10. Yeung CA, Noll C, Meinel M, Gibbins C, Shadbolt N (2011) Measuring expertise in online communities. IEEE Intell Syst 26(1):26–32. doi:10.1109/MIS. 2011.18

    Article  Google Scholar 

  11. Eagle N, Pentland A (2006) Reality mining: sensing complex social systems. Pers Ubiquit Comput 10(4):255–268

    Article  Google Scholar 

  12. Gonzalez MC, Hidalgo CA, Barabasi AL (2008) Understanding individual human mobility patterns. Nature 453(7196):779–782. URL http://dx.doi.org/10.1038/nature06958

    Google Scholar 

  13. Eagle N, Macy M, Claxton R (2010) Network diversity and economic development. Science 328(5981):1029–1031

    Article  MathSciNet  MATH  Google Scholar 

  14. Madan A, Cebrian M, Lazer D, Pentland A (2010) Social sensing for epidemiological behavior change. In: Proceedings of the 12th ACM international conference on ubiquitous computing (Ubicomp ‘10). ACM, New York, pp 291–300. DOI http://doi.acm.org/10.1145/1864349.1864394, URL http://doi.acm.org/10.1145/1864349.1864394

  15. Madan A, Farrahi K, Perez DG, Pentland A (2011) Pervasive sensing to model political opinions in face-to-face networks. In: Pervasive computing. Springer, Berlin, pp 214–231

    Google Scholar 

  16. Herley C, Florencio D (2010) Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore T, Pym D, Ioannidis C (eds) Economics of information security and privacy. Springer, New York, pp 33–53. URL http://dx.doi.org/ doi.org/10.1007/978-1-4419-6967-5_3

  17. Flexo (2007) I won’t sell e-mail addresses. www.consumerismcommentary.com

  18. Barbieri D, Braga D, Ceri S, Valle ED, Huang Y, Tresp V, Rettinger A, Wermser H (2010) Deductive and inductive stream reasoning for semantic social media analytics. IEEE Intell Syst 99 (Preprints). DOI http://doi.ieeecomputersociety.org/10.1109/MIS.2010.111

  19. Krishnamurthy B, Wills CE (2009) On the leakage of personally identifiable information via online social networks. In: Proceedings of the 2nd ACM workshop on online social networks (WOSN ‘09). ACM, New York, pp 7–12. DOI http://doi.acm.org/10.1145/1592665.1592668, URL http://doi.acm.org/10.1145/1592665.1592668

  20. Binde BE, McRee R, O’Connor TJ (2011) Assessing outbound traffic to uncover advanced persistent threat. Technical report. Sans Institute

    Google Scholar 

  21. Solutionary: White paper (2011) The advanced persistent threat (APT), 22 Apr 2011. http://resources.idgenterprise.com/original/AST-0056724_Advanced-Persistent-Threat-Solutionary.pdf

  22. Svensson P (2011) Possible e-mail theft from Epsilon slams banks, retailers. USA Today, April 2011

    Google Scholar 

  23. Brunner M, Hofinger H, Krauss C, Roblee C, Schoo P, Todt S (2010) Infiltrating critical infrastructures with next-generation attacks. Technical report. Fraunhofer Institute for Secure Information Technology (SIT), Munich

    Google Scholar 

  24. Tang L, Liu H (2010) Toward collective behavior prediction via social dimension extraction. IEEE Intell Syst 99:1–17

    Google Scholar 

  25. AFP (2010) S. Korea to probe huge online data leak. www.enews.ma/korea-probe-huge_i165401_7.html

  26. Jeffay N (2009) Israel poised to pass national ID database law. Jewish Daily Forward. www.forward.com/articles/112033/

  27. Emery D (2010) Privacy fears over gay teenage database. http://www.bbc.co.uk/news/10612800

  28. Perez JC (2007) Facebook’s beacon more intrusive than previously thought. PC World, 30

    Google Scholar 

  29. Stana RM, Burton DR (2002) Identity theft: prevalence and cost appear to be growing. Technical report, GAO-02-363. U.S. General Accounting Office, Washington, DC

    Google Scholar 

  30. Granger S (2001) Social engineering fundamentals, Part I: Hacker tactics. www.securityfocus.com, Symantec

  31. Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society (WPES ‘05). ACM, New York, pp 71–80. DOI http://doi.acm.org/10.1145/1102199.1102214, URL http://doi.acm.org/10.1145/1102199.1102214

  32. Korolova A, Motwani R, Nabar SU, Xu Y (2008) Link privacy in social networks. In: Proceedings of the 17th ACM conference on information and knowledge management (CIKM ‘08). ACM, New York, pp 289–298. DOI http://doi.acm.org/10.1145/1458082.1458123, URL http://doi.acm.org/10.1145/1458082.1458123

  33. Pan W, Aharony N, Pentland A (2011) Composite social network for predicting mobile apps installation. In: Proceedings of the 25th conference on artificial intelligence (AAAI), San Francisco, pp 821–827

    Google Scholar 

  34. Rouvinen P (2006) Diffusion of digital mobile telephony: are developing countries different? Telecommun Policy 30(1):46–63

    Article  Google Scholar 

  35. Erickson G, Currie P, Inouye B, Winn A (2006) Tyrannosaur life tables: an example of Nonavian dinosaur population biology. Science 313(5784):213–217

    Article  Google Scholar 

  36. D’Onofrio A (2005) A general framework for modeling tumor-immune system competition and immunotherapy: mathematical analysis and biomedical inferences. Physica D 208:220–235

    Article  MathSciNet  MATH  Google Scholar 

  37. Christakis NA, Fowler JH (2010) Social network sensors for early detection of contagious outbreaks. PLoS ONE 5(9). doi:10.1371/journal.pone.0012948

  38. Bennett CH (1987) Dissipation, information, computational complexity and the definition of organization. In: Emerging syntheses in science. Addison-Wesley, Redwood City, pp 215–231

    Google Scholar 

  39. Bennett CH (1990) How to define complexity in physics, and why. In: Complexity, entropy, and the physics of information, vol 8, SFI studies in the science of complexity. Addison-Wesley, Redwood City, pp 137–148

    Google Scholar 

  40. Bennett C (1986) On the nature and origin of complexity in discrete, homogeneous, locally-interacting systems. Found Phys 16:585–592. URL http://dx.doi.org/10.1007/BF01886523. 10.1007/BF01886523

  41. Kolmogorov A (1965) Three approaches to the quantitative definition of information. Probl Inf Transm 1(1):1–7

    MathSciNet  Google Scholar 

  42. McKay BD (1981) Practical graph isomorphism. Congressus Numerantium 30:45–87

    MathSciNet  Google Scholar 

  43. Harary F (1973) Enumeration of graphs. Graph Theory, 185–187

    Google Scholar 

  44. Reed D (2001) The law of the pack. Harv Bus Rev 79(2):23–24

    Google Scholar 

  45. Metcalfe B (1995) Metcalfe’s law: a network becomes more valuable as it reaches more users. Infoworld 17(40):53–54

    Google Scholar 

  46. Madan A, Moturu ST, Lazer D, Pentland AS (2010) Social sensing: obesity, unhealthy eating and exercise in face-to-face networks. In: Proceedings of the wireless health 2010 (WH ‘10). ACM, New York, pp 104–110. DOI http://doi.acm.org/10.1145/1921081.1921094, URL http://doi.acm.org/10.1145/1921081.1921094

  47. Aharony N, Pan W, Ip C, Khayal I, Pentland A (2011) The social fMRI: measuring, understanding and designing social mechanisms in the real world. In: Proceedings of the 13th ACM international conference on ubiquitous computing (Ubicomp ‘11). ACM, New York

    Google Scholar 

  48. Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE, Security Privacy 1(4):33–39. doi:10.1109/MSECP.2003.1219056

    Article  Google Scholar 

  49. Apap F, Honig A, Hershkop S, Eskin E, Stolfo S (2002) Detecting malicious software by monitoring anomalous Windows registry accesses. In: Recent advances in intrusion detection. Springer, Berlin/Heidelberg, pp 36–53

    Chapter  Google Scholar 

  50. Moskovitch R, Pluderman S, Gus I, Stopel D, Feher C, Parmet Y, Shahar Y, Elovici Y (2007) Host based intrusion detection using machine learning. In: Proceedings of the IEEE intelligence and security informatics, New Jersey, pp 107–114

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MIT Media Lab, Massachusetts Institute of Technology, Cambridge, MA, 02139, USA

    Yaniv Altshuler, Nadav Aharony & Alex Pentland

  2. Telekom Innovation Lab, Information Systems Engineering, Ben Gurion University, 653, Beer Sheva, 84105, Israel

    Yuval Elovici

  3. Department of Computer Science and Engineering, University of California San Diego, La Jolla, CA, 92093, USA

    Manuel Cebrian

Authors
  1. Yaniv Altshuler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nadav Aharony
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alex Pentland
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manuel Cebrian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yaniv Altshuler .

Editor information

Editors and Affiliations

  1. , Human Dynamic Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Yaniv Altshuler

  2. , Information Systems Engineering, Ben-Gurion University, n/a, Beer-Sheva, n/a, Israel

    Yuval Elovici

  3. Inst. f. Informatik III, Univ. Bonn, Römerstr. 164, Bonn, 53117, Germany

    Armin B. Cremers

  4. , Human Dynamics Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Nadav Aharony

  5. , Human Dynamics Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Alex Pentland

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this chapter

Cite this chapter

Altshuler, Y., Aharony, N., Elovici, Y., Pentland, A., Cebrian, M. (2013). Stealing Reality: When Criminals Become Data Scientists (or Vice Versa). In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds) Security and Privacy in Social Networks. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-4139-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-4139-7_7

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-4138-0

  • Online ISBN: 978-1-4614-4139-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation