Social Media use in the Military Sector

Reblogged from source with thanks via @ http://resources.infosecinstitute.com/social-media-use-in-the-military-sector/

Social Media use in the Military Sector

Malware authors are very interested on the use of social media platforms mainly because they could spread malicious code to a wide audience who have low awareness on principal cyber threats.

In a military context, the use of social media could allow attackers to recruit a large number of bots to conduct a successful offensive against critical targets (e.g. critical infrastructures).

Another advantage in exploiting social media platforms is the possibility to target groups of individuals of a selected community who share particular attitudes and habits, typically for cyber espionage purposes.

According to the IBM X-Force 2012 Mid-year Trend and Risk Report, social networks have been the dominant targets of email phishing for more than two years, and drive-by downloads are becoming the principal method of infection.

In the last couple of years, specially crafted malware have been spread through social media allowing large scale attacks as well as APT attacks. Social network platforms have been used for bot recruiting and also for hiding the command and control infrastructure and related traffic.

Malicious codes that hit social media could be grouped into the following categories:

Social network account-stealing malware propose fake authentication forms for cyber espionage purposes.

In many cases, so simple a schema is enough for gathering account credentials and other personal information such as e-mail info and phone numbers.

Binary/scripting malware on 3rd party web-sites for distribution of targeted malware are like backdoors through the vulnerabilities in internet browser plugins.

Both categories are very common and largely used by cyber criminals, but they could also be implemented by groups of state-sponsored hackers to infect large number of machines, to build up a botnet to involve in a cyber-attack such as a DDoS or to conduct an APT attack.

The most popular example of social malware that could be analyzed to understand the schema of attack on a social network is Koobface, a multi-platform malware that targeted users of the social networking websites Facebook, MySpace and Twitter.

Koobface propagates through popular social networking sites by spamming the platforms with a lot of infected URLs that point to compromised sites.

When users click on those links, proposed for example through a platform message, he is redirected to a compromised site used to exploit a vulnerability in his browser and allow malware downloading on the victim’s PC.

Figure 6 – Koobface schema

Social media to host C&C server

What about hiding malware control structure inside social networks?

Despite IRC networks having been surely the most common malware command-and-control model, recently many bootmasters are beginning to use social networks such as Facebook and Twitter as C&C.

The choice is a winner and makes it hard to detect botnet activities. The interactions with social networking sites can be easily automated and “malicious” traffic directed to social media platforms is hard to identify due to large volumes.

Attackers can set up a network of fake profiles on a social network and use them to post a specific set of encrypted commands to malware.

The infected machine queries the “bootmaster” profile for new commands, but botnet having C&C in social media is extremely resilient and allows malware to run for long periods of time.

The attackers have improved their control techniques over time.

Some malicious agents in fact don’t limit their activity to just interpreting messages from social networking but also receive commands hidden inside a picture posted by a profile related to the bootmaster.

Figure 7 – Example Botnet based on Social Networks

Cyber espionage

One of the principal military use of social media is cyber espionage.

Most popular techniques include:

Replacement of identity: the ability to impersonate another user to acquire information.

Identity spoofing: the creation of a fake profile that does not match any existing person.

Malware-based attacks: use of malicious code to compromise a victim’s machine and steal sensitive information.

Sharing a link on a compromised website could allow an attacker to exploit vulnerability in a user’s browser to gain control of its PC.

Cyber espionage through social media (facts, statistics, and technologies) is essentially based on data mining through the linked networks of contacts.

The use of social media can be useful for cyber espionage and cyber intelligence in the preparation stage for PSYOPS/CYBEROPS, for reconnaissance (intelligence), and for targeted regions (like a group of persons, or political party, journalists and etc., or the employees of a targeted company and etc.).

Services such as Twitter are already commonly used for geopolitical analysis of so called “protest activities” in different countries, a very useful military segment.

Adopting data mining techniques for contacts and connections analysis makes it possible to establish the relationship between different persons as a part of cyber intelligence operation.

It also helps to gather private contacts of different persons who publish it only to a very close group of people.

The following are two of the most interesting cases of cyber espionage conducted using social media platforms:

NATO’S most senior commander was at the center of a major security alert when a series of his colleagues fell for a fake Facebook account opened in his name – apparently by Chinese spies. (The Telegraph)

In May 2012, a few days before the second round of the presidential election won by Hollande, the President’s office was infected by Flame malware.

The attack against the President’s office was of a spear phishing type that used the popular social network Facebook to spread the malware.

The attackers shared a link to an infected website that was a replica of the Elysee’s intranet, and used it to infect the machines and also to gather user credentials.

All the machines that were part of the presidential network, including a number of Sarkozy’s closest collaborators, were infected by the Flame agent.

Figure 8 – Attack to President’s office occurred in May 2012

Conclusions

Social media platforms have assumed a fundamental role in our society.

Every day, billions of people share information, documents and any kind of content through these platforms.

It is natural that they have become an object of interest for cyber criminals and intelligence agencies.

Undoubtedly, social media is of strategic importance for military sectors, as they offer a mine of information that could be analyzed using different axes of analysis providing efficient and reliable instruments for the study of realities of interest.

Both defense and offense could take advantage of social media introduction.

Social media could be, in fact, used as powerful tool for information gathering, cyber espionage and also as an active component in a botnet infrastructure.

Though social media is also a resource to preserve from attacks, its military use inevitably leads to a widening of the attack surface.

Quite differently from other domains, the military has to deal with an area without perimeter that is difficult to protect.

Rapid technological evolution makes surveillance systems obsolete in a short time.

It is necessary to spend a greater effort for the establishment of early warning and security intelligence systems to identify cyber threats, but other improvements must take place first.

The military needs an opening to social media, but it has to be consciously made.

Military personnel and their families must be instructed on how to manage their exposure to social platforms.

Social media platforms are powerful resources that can carry with them an incredible number of threats, so it’s best to never let your guard down.

References

https://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/ENISA_Threat_Landscape/at_download/fullReport

http://www.flintstudio.com/blog/social-media-stats-2012/#.UP21YCd2SSo

http://www.defense.gov/home/features/2009/0709_socialmedia/

http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA519576

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-real-face-of-koobface.pdf

https://www.google.it/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDYQFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.185.4032%26rep%3Drep1%26type%3Dpdf&ei=nmoCUcLmL6ak4ASL34A4&usg=AFQjCNFBVIsx7aDrfQqwjszBBitRUjTN0w&sig2=1vfvm0nGDcb9hL7WAiZ4hw

Advertisements

Published by societyissinister.com

societyissinister.com

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

noahide news

Prophesy unfolding, the beginning of sorrows

Musings from the Chiefio

Techno bits and mind pleasers

Prydain

Thoughts on Anglicanism, Scripture, and the Gospel

Non Possumus

societyissinister.com

The Truth Is From God

YS, by the Quran which decrees, truly, you are one of the Messengers, on a Straight Path, according to the order descended by the All-Mighty, the Most Merciful. In order that you may warn a people whose forefathers were not warned, so they are heedless. Indeed the Conjecture of punishment has proved true against most of them, so they will not believe. Verily! We have put on their necks iron collars reaching to the chins, in such a way that their heads are raised up, and We have put a barrier before them, and a barrier behind them, and then we covered them up so that they cannot see. It is the same to them whether you warn them or you warn them not, they will not believe. You can only warn him who follows the Reminder, and fears the Most Gracious without seeing Him. Bear you to such one the glad tidings of forgiveness, and a generous reward.

Hemp Edification

Hemp can save the planet!

INGVterremoti

l'informazione sui terremoti

Ahrcanum

Conspiracy, HAARP, Earthquakes, Volcano's, Weather Modification, H1N1, Swine Flu, NWO, Politics, and other hedonistic topical articles from The CEO & Czar of The Committee In My Head. Three may keep a secret, if two of them are dead.

Islam Reigns

Providing Information about Various aspects of Islam

Reflect | Deflect | Digest

A matter of faith ...

Giving Dawah to Shia

Defending Sunnah Against The Accusations of Shia

BISES Faith Foundation's Blog

Bangladesh International School (English Section, Riyadh, KSA)'s Islamic Blog

I Seek The Truth

My Lord, Increase me in Knowledge

Reflections of a Sexual Abuse Victim

"Remember Me When You Are In Hell!"

Fiona Barnett

An Australian Experience of Ritual Abuse & Mind Control

Artvoice

Art, Culture, News, and Opinion

Fighting Monarch

A Resistance Site For Victims of CIA, NSA, MI5 and Illuminati Mind Control

wineismylife

the random musings of a museless mind

Brotmanblog: A Family Journey

Adventures in Genealogy

CosmicMind

Dissolving Ordinary Unconsciousness

rapidcyclistwordpresscom

Cycling, breast cancer recovery, bipolar disorder

WEARS WAR on the Lies, Liars & WW2

Author John Wear reveals evidence contradicting the narrative we have been taught about Germany, Japan & the Allies in World War II. WEARS WAR is the battle to bring FAKE HISTORY into accord with the facts.

#SHAKEDOWN

True Crime Analysis, Breakthroughs, Insights & Discussions Hosted by Bestselling Author Nick van der Leek

eladiofernandez

Luz sobre sombras. Café cultural.

Exercise and Health

Exercise, health, nutrition, diet and lifestyle.

Deep Concerns

global politics

justiniandeception

Principles of TRUST-LAW Governance being: Master SERVANT (SLAVERY) arrangement.

On The Minds

Between The Lines

The Real Fresh Start Foundation

Support4CSA/CSE Victims/Survivors exposing frauds/liars/sadistictrolls

The Country Goth Girl

Just a badass country girl living life on my own terms.

IN PLAIN SIGHT NEWS

Keeping Tabs On The Not So Hidden News And The Hidden

Reptilian Dimension

Your source for: reptilian, Jesuit, conspiracy and Illuminati information

Political Vel Craft

Veil Of Politics

bluebrightly

Wanderings & observations

Peuples Observateurs Avant Garde Togolaise et Africaine

Résistance Togolaise, Africaine et Française, En lutte contre les dictatures et les mafias en Afrique

New and Used Car Reviews, Comparisons and News | Driving

The leading online destination for the latest automotive news, reviews, photos and video for Canadians. Driving's team of award-winning journalists publishes original, fresh content in print, online, on smartphone and tablet.

olgacomscandal

Please read these important informations!! Stop Olgacom geo-engineering now >> see the page on the right!!

Zoe Ambler

...I go Bump in the Night

societyissinister.com

societyissinister.com

Soheli Tasnim

my life my time..

The God of Rage

Know the Truth.

HOAXTEAD RESEARCH

Fact-finding to refute the scurrilous allegations, support the Hampstead community and expose the hoaxers

Radio Spada

Radio Spada - Tagliente ma puntuale

HiDeHo CONTROVERSY of Madeleine McCann Wordpress

Not a typical blog - Not OUR opinions - A CRASH COURSE of the Madeleine McCann case based on FACTS from the files with random info, videos and links.

The McCann Case

This is an attempt to unravel the facts & the many varied & changing claims surrounding the death, abduction or dissapearance of Madeleine McCann aged 3, whilst on holiday with her parents and younger siblings in Portugal, on the night of 07-May-2007, to try to establish the truth.

Penarth Daily News

Penarth's on-line daily news service

%d bloggers like this: