Computer scientists predict that a new generation of malware will mine social networks for people's private patterns of behavior.
It's not hard to find frightening examples of malware which steals personal information, sometimes for the purpose of making it public and at other times for profit. Details such as names, addresses and emails are hugely valuable for companies wanting to market their wares.
But there is another class of information associated with networks that is potentially much more valuable: the pattern of links between individuals and their behavior in the network--how often they email or call each other, how information spreads between them and so on.
Why is this more valuable? An email address associated with an individual who is at the hub of a vibrant social network is clearly more valuable to a marketing company than an email address at the edge of the network. Patterns of contact can also reveal how people are linked, whether they are in a relationship for example, whether they are students or executives, or whether they prefer celebrity gossip to tech news.
This information would allow a determined attacker to build a remarkably detailed picture of the lifestyle of any individual, a picture that would be far more useful than the basic demographic information that marketeers use today that consists of little more than sex, age and social grouping.
Today, Yaniv Altshuler at Ben Gurion University and a few pals argue that the value of this data makes it almost inevitable that malicious attackers will attempt to steal it. They point out that many companies already mine the pattern of links in their data for things like recommender systems.
"There is no reason to think that developers of malicious applications will not implement the same method and algorithms into future malware, or that they have not already started doing so," they say.
The idea would be to release some kind of malware that records the patterns of links in a network. This kind of malware will be very hard to detect, say Altshuler and co. They've studied the strategies that best mine behavioral pattern data from a real mobile phone network consisting of 800,000 links between 200,000 phones. (They call this type of attack "Stealing Reality".)
In conventional attacks, malware spreads most efficiently when the infection rate is high, and this maximises the amount of information it can steal. But it also makes the malware relatively easy to spot.
In a behavioral pattern attack, their surprising conclusion is that the most effective way of mining data is to have a low infection rate, so the malware spreads slowly. That's because it takes time to collect good information about an individual's behavior patterns. Also, a slow spread is less likely to be picked up by network administrators and antivirus software.
Perhaps the most worrying aspect of this new kind of theft is its potential impact. If malware steals your credit card details or online banking passwords, you can easily change them and this limits the damage.
But if a malicious attacker steals your behavioral patterns, there's almost nothing you can do. You can't change your network of friends or family, for example.
What's more, once this information is released, it is more or less impossible to contain--how would you ensure that every copy had been deleted?
The prospects for avoiding this new threat look bleak. As Altshuler and co point out: "History has shown that whenever something has a tangible value associated with it, there will always be those who try to malevolently 'game' the system for profit."
We'll almost certainly have to deal with this one sooner or later.
Tuesday, October 12, 2010
Ultimate Social Persuasion Device
In the near future, all citizens will wear a centrally-controlled, super iPhone that tracks your movements and can scan everyone around you to divulge their net worth, their shopping history and their dating potential.
The so-called äppärät is an invention of Gary Shteyngart, author of the satiric novel "Super Sad True Love Story." The main character works in the post-human services industry and he falls in love with a younger woman who constantly "teens," or text chats, with her friends. Is there an äppärät in your future? Will a fictional mobile device have a cautionary impact on today's designs?
How does the apparat rank people?
So you walk into a bar, let's say I'm walking into a bar. Everyone automatically ranks me and so I'll be the seventh ugliest man in the bar, but I'll have the fourth-best credit rating so it's very exciting you know. So everyone tells me that, you know -- who I am.
It also ranks your "personality" and your attractiveness. Your personality is how extroverted you are, how much of your own personal stuff you have out there. So it's constantly -- that's what a "good personality" is -- just somebody who just constantly spews things about her or himself. That's one focus.
Then there's something, there's a kind of emote pad so if you see somebody you're attracted to, it measures your heartbeat as it goes up when you're looking at them. And that woman or man immediately knows how much you want them, and then he or she can reject you or not.
Scary!!!!!
The so-called äppärät is an invention of Gary Shteyngart, author of the satiric novel "Super Sad True Love Story." The main character works in the post-human services industry and he falls in love with a younger woman who constantly "teens," or text chats, with her friends. Is there an äppärät in your future? Will a fictional mobile device have a cautionary impact on today's designs?
How does the apparat rank people?
So you walk into a bar, let's say I'm walking into a bar. Everyone automatically ranks me and so I'll be the seventh ugliest man in the bar, but I'll have the fourth-best credit rating so it's very exciting you know. So everyone tells me that, you know -- who I am.
It also ranks your "personality" and your attractiveness. Your personality is how extroverted you are, how much of your own personal stuff you have out there. So it's constantly -- that's what a "good personality" is -- just somebody who just constantly spews things about her or himself. That's one focus.
Then there's something, there's a kind of emote pad so if you see somebody you're attracted to, it measures your heartbeat as it goes up when you're looking at them. And that woman or man immediately knows how much you want them, and then he or she can reject you or not.
Scary!!!!!
Monday, October 4, 2010
Subscribe to:
Posts (Atom)