is resided over World Wide Web. Since then various businessmen or entrepreneurs brought this huge possibility of business in the light of social exchange network. Now A days social network service are involved in our everyday life. Where in this kind of business people from all around the globe and from every level of the society are involved directly or indirectly, It is obvious that this industry invites huge number of online criminals too. Under these circumstances, I would like to write a report for an well-known social network service named as "Facebook" under the banner of Facebook. Inc. Facebook was founded on February 4, 2004. Since then Facbook is continuing its spreading with immense popularity and acceptance.
¹Facebook's mission is to give people the power to share and make the world more open and connected.
Millions of people use Facebook everyday to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meet. ¹
Facebook, Inc. has a significant amount of staffs who are dedicated to look after various sections of the company like software engineering, legal, finance, facilities and administration, communication and public policy, product management, IT and security, HR and recruiting, technical operations, sales and business development, online operations and so many. Various e-crimes are threatening our every day way of lives including our business, financial exchange and banking, shopping, entertainment, study etc. over online. Since Facebook is involved in our lives so tight that it is strongly assumable that this noble service is not above e-crimes. About E-crimes I would like talk about some important aspects of various e-crimes in next paragraph.
E-crimes and their various aspects
²According to the NHTCU in April 2005 computer crime is estimated to have cost more than £2.4 billion in 2005. In the same year the CSI/FBI Computer Crime and Security Survey 2005 showed 43% of respondents would not report an intrusion to an agency.²
According to CSI Computer Crime and Security Survey 2009, One-third of respondents reported that their organizations had been fraudulently represented as the sender of phishing messages. 11 Percent reported exploit of client web browsers, 7 percent reported exploit of user's social network profile. (source: 2009 CSI Computer Crime and Security Survey, http://event.on24.com/event/16/48/40/rt/1/documents/slidepdf/2009_survey_csi_final_11.30.09.pdf ).
source: http://event.on24.com/event/16/48/40/rt/1/documents/slidepdf/2009_survey_csi_final_11.30.09.pdf
There are several types of e-threats and risks that we might encounter in our daily life while we use computer. Among them DOS (Denial Of Service) attack, Exploits which is incurred with buffer overflows default installations IP spoofing etc. Trojans, viruses, social engineering which can be done by the help of stealing password, modems, impersonate help desk, packet sniffing etc., website defacement. Although these kind of threads can be fought by two kind of protections in general. 1. Firewalls and DMZs, IDS and 2. Honeypots, SSL, PKI/Trust, Biometrics. In this occurrence 5-10% of IT budget should be spent on security. The next session I would like to discuss about E-threats and its solution in /out or within Facebook and Facebook, Inc.
Potential E-threats against Facebook:
According to Facebook security survey Facebook security section received reports of more phony Facebook emails. Watch out for emails that claim to be from Facebook, but include strange formatting, spelling, links, or attachments. If you're ever unsure, delete the message, and go directly to Facebook by entering the URL in user's address bar. (source: http://www.facebook.com/security?v=wall ).
There is another uprising e-threats that is increasing vulnerability of Facebook reputation is phishing. About phishing I would like to highlight about it is that "Phishing is an attempt, usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a bank or some other legitimate entity. The e-mails typically include a link to a Web site that appears to be legitimate and which prompts users to provide information. Sometimes, the phishing e-mail will include a form in an attachment to fill out. One common tactic phishers use is to pretend to be from the fraud department of a financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud. " (source: http://news.cnet.com/8301-27080_3-10396786-245.html ). Here is an example of phishing attempts against a Facebook user,
source: http://news.cnet.com/8301-27080_3-10396786-245.html
Virus attack, viruses are common threat to Facebook users. They can be easy victim of virus writers. Here is a report about recent notorious virus attack.
There's a new virus spreading around the web via email which targets Facebook users. According to mxlab, the email includes downloadable files which include the Trojan virus: Bredolab. While I'd imagine that Gmail and more aggressive spam blocking email services will filter this out, anybody who receives a "Facebook Password Reset Confirmation" email should delete it right away.
According to mxlab, the body of the email is as follows:
Hey vguysville ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
This virus only appears to work on Windows computers as it runs an executable file when downloaded. Spoofing official emails from large companies is a pretty standard method for spammers and you should always avoid any email which asks you to download a file. For those that are unaware, we thought it would be useful to keep you up to date about this latest virus. (Source: http://www.allfacebook.com/2009/10/bredolab-virus-facebook/ ).
Recently another surprise of attack which is called money scam has been reported and has been documented on MSNBC television. According to this video document I came to know that there are several victims who use Facebook for email exchange. On Facbook there are some crooks who use key-logger to trace down innocent user's e-mail address and password. Among the victims there was an innocent nun who was emotionally blackmailed by a crook who claimed that he was in very poor condition and asked for help. That crooked milked down more than 3000 dollar by scamming other people. This video can be found at http://today.msnbc.msn.com/id/26184891/vp/33189545#33189545 . This kind of criminal activities can be categorised in two kind of criminal act. 1. Scamming and 2. Identity theft.
Below is the transcript of a real Facebook Chat conversation between a savvy user, Derek, and a scammer who has gained access to Derek's friend's account and is trying to trick Derek out of money.
Pretending to be Derek's friend Jill, the scammer tells Derek that she was mugged at gunpoint in London, and that she needs him to wire her $890 immediately. Derek becomes more and more suspicious as the conversation progresses and ultimately realizes that the person he's talking to isn't his friend, and that the story he's being told is a lie.
Jill: hi
Derek: morning...u in NYC?
Jill: am in London and am stranded here
Derek: why? no flights home?
Jill: i was mugged at a gun point last night
Derek: whoah....are u ok?
Jill: am not fine
i just need some help
Derek: good....what do u need?
Jill: am coming back home tomorrow
i just need some money in paying off the hotel bills
Derek: oh sorry...u said not fine....thought u said fine....how can I help
Jill: i need you to loan me some money in paying off the hotel bills...will refund back to you as soon as am back home...
Derek: k. how do I do that
Jill: you can have it transfered to my name ..
[address redacted]
Derek: how do I do that?
Jill: do you know any western union outlet around you?
Derek: there are. a few blocks away
Jill: should i wait for you here ?? or you will email me the transferd info
Derek: don't they need your account number or something
how much cash do u need?
Jill: nope..
$890
Derek: can u call me?
Jill: ughhh,i really cant call for now but let me have your phone number ?
Derek: [phone number redacted]
Derek: how do you know me?
Jill: from work
Derek: huh?
Jill: Software company
Derek: nope
try again
Jill: are you helping me ?
Derek: where did we have lunch two weeks ago?
Jill: we had no lunch
i just need this from you
Derek: beat it
Now I will highlight some copyright infringement controversy which make Facebook liable for.
Divya Narendra, Cameron Winklevoss, and Tyler Winklevoss, owners of the social networking website HarvardConnection, changed its name to ConnectU in September 2004 and filed a lawsuit against Facebook, alleging that Zuckerberg had broken an oral contract for them to build the Facebook site, copied their idea, and illegally used source code intended for the website they asked him to build for them. The parties reached a confidential settlement agreement in February, 2008.
ConnectU filed another lawsuit on March 11, 2008, attempting to rescind the settlement, claiming that Facebook in settlement negotiations had overstated the value of stock it was granting the ConnectU founders as part of the settlement. ConnectU argued that Facebook represented itself as being worth $15 billion, the post-money valuation arising from Microsoft's purchase in 2007 of a 1.6% stake in Facebook for US $246 million. Facebook announced that valuation in a press release. However, Facebook subsequently performed an internal valuation that estimated a company value of $3.75 billion. Further, the website's 0.02%-0.04% ad click-through rate has led some analysts to believe that the site does not have a viable long-term business model. ConnectU fired the law firm that had represented it in settlement discussions, and the firm in turn filed a lien against the settlement proceeds. In June, 2008, an appeals court upheld the earlier settlement, rejecting ConnectU's new challenge. In February 2009, it was reported that a settlement was reached between Facebook and the ConnectU litigants. Facebook will pay USD $65 million to the plaintiffs, most of it in Facebook stock, and $20M in cash. ConnectU's law firm, Quinn, has asked for $13 million in legal fees.
(source: http://en.wikipedia.org/wiki/Criticism_of_Facebook#cite_note-globe-93) .
From the report of Daily Mail Facebook users often fall in victim of cyber bullying and cyber stalking. An journal can be found at http://www.dailymail.co.uk/femail/article-1204062/The-fake-world-Facebook-Bebo-How-suicide-cyber-bullying-lurk-facade-harmless-fun.html.
In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.
This is a screen shot of the message in the body of the fake Facebook e-mail.
Source: http://news.cnet.com/8301-27080_3-10385498-245.html . Later users find themselves as trojan victims.
Case study:
By GWYNETH REES
Friend or foe: People are giving up their privacy by joining social networking sites (file picture)
During my awkward youth, I had a stalker. He was the school geek, with terrible glasses, too-tight trousers and a serial-killer stare.
At first, his attention was strangely flattering - I copied his homework and he bought me chip butties. But then came the misspelt love letters, cringe-worthy poems, roses at home, songs he had written for me.
The final straw was when he turned up at my house with a cocker spaniel asking if I would like to stroke it.
So you can understand my reaction when - some 15 years later - I logged on to my Facebook account, scrolled through my friend requests and saw his face beaming back at me.
He had requested to be my 'friend' - meaning that he would be able to see my Facebook page on his computer and I would be able to see his - and had sent me a message: 'Just click yes, Gwyn.'
What could I do? I couldn't click yes, obviously. But could I really click 'no' - and tell him, once and for all, that I wasn't remotely interested in him?
In the end, after a week of cold sweats, I decided to ignore him.
So there he still is, his picture, with its manic grin, perpetually trapped in the no man's land of my undecided friend requests, like some kind of purgatory.
And that's why - in a nutshell - I hate Facebook. In my account - which I set up because journalists often need one for work - I have 63 ignored friend requests. And I don't even know half those people.
Last year, there was a girl who - clearly not impressed with my lack of communication - began 'poking' me. For those not familiar with Facebook, 'poke' is the word used to describe a short message one person sends to another to get their attention.
Then she 'super-poked' me, then she began sending virtual presents of cakes and flowers and hugs and kisses - all represented on my screen by gaudy little icons - in a bid to win me over.
This is a woman whom I briefly met at some adventure camp when I was 12. Why is being my friend so important to her now?
Ultimately, I don't see the point of being 'friends' on the net when we're not friends in real life.
I'm also deeply wary of the trend to share every aspect of your life - the belief that you must let the world know what you are doing right this instant. It started off with 'micro-blogging' site Twitter - which asks users 'What are you doing right now?' - but a recent redesign has seen Facebook jump on the bandwagon. The site now asks when you log on: 'What's on your mind?'
The outcome is that as I write, I know Jane is unpacking from her holiday, Emma is eating Jaffa Cakes and thinking about getting a perm and Roseanne is at the bus stop.
But why do I need to know this? The trend for Facebook and other networking sites means that people no longer value their privacy. They put their whole lives online - for anyone to see.
For example, a bachelor friend had a date the other week. He'd been single for a long time, so it was exciting. But when I asked a mutual acquaintance how it went, he said: 'Have a look for yourself, the pictures are on Facebook.'
Yes - two hours after the date at Kew Gardens, they were up there.
Surely first dates aren't suitable material for Facebook (mine certainly aren't). The same goes for stag and hen nights.
Perhaps the most toe-curlingly embarrassing aspect of Facebook is its option to 'update your relationship status'. I've lost count of the relationships whose failure I've seen played out on Facebook.
How do you have a conversation with someone, knowing that yesterday their relationship status went from 'engaged' to 'single'?
On my Facebook account, I apparently have 111 friends.
In reality, I've got about ten really good mates. And if we ever run out of conversation, we can always natter about the oddballs from our childhood days who are harassing us on Facebook, trying to get back in touch.
Read more: http://www.dailymail.co.uk/femail/article-1204062/The-fake-world-Facebook-Bebo-How-suicide-cyber-bullying-lurk-facade-harmless-fun.html#ixzz0bvkoC9HN
Discussion: Facebook, Inc . Should take necessary action to stop these kind of bullying and stalking. In present and future Facbook should raise enough awareness among the users so that they can report if they are bullied or stalked.
In next session I will highlight on Facebook security actions which are taken from Facebook, Inc.
Facebook security:
Though Facebook is one of the potentially most virulent platforms on the Internet, its security team is very talented, which makes life for cybercriminals all the more difficult.Facebook has control of its systems, which are all owned by the social networking firm. On the surface, its security team should have the tools to combat cybercrime that the rest of us could only dream of. They can, in theory, have a complete view of what's going on, as well as the power to act on it.When it comes to email, DNS, and other Internet services, incident response requires forensic investigation with access to many resources, and then an uphill battle to mitigate the threat. While Facebook has concerns about protecting legitimate users, commercial interests, and privacy concerns, all it needs to do (at least in theory) is have the right tools and the mandate to act.
Unlike most security departments for large corporations, the Facebook security team is one of the first in the industry outside of service providers to bring the field of security operations to fruition. While many organizations have IDS experts and incident response personnel, their departments' main goal is usually risk analysis and policy. At Facebook, while these issues interest them, they are also much more technical.They combine the security research team often found at security vendors, trying to research vulnerabilities and malware, with the security operations team often found at large network providers, performing incident response, correlating data, mitigating attacks, and communicating with others around the world. (Source :http://www.darkreading.com/blog/archives/2010/01/are_facebook_vi.html?queryText=facebook )
In the Conclusion I would like to say that Facebook is very useful for social gathering, exchanging views, publishing literary work, journals and so on. So, It is mandatory for Facbook, Inc. to provide with necessary awareness among vulnerable users who do not think before taking any step. In the long run, we will may find that Facebook has emerged as the most secured social network website.
