Book Title: Seven Deadliest Social Network Attacks
ISBN-10: 159749545X; ISBN-13: 978-1597495455
Reviewer: Mario Camilien, CISSP
Authors: Carl Tim and Richard Perez
Just like the Peloponnesian battles which reshaped the Ancient Greek world, as narrated by Greek historian Thucydides -- social network attacks are on the verge of doing the same thing in a greater proportion that transcends borders, and nationalities. In the Seven Social Network Attacks, Authors Carl Tim and Richard Perez illustrate an evolution aided by technological advancement that is far greater than the Athenian and the Spartans could have imagined in their enduring treacherous Peloponnesian wars. Carl and Richard have successfully established chapter by chapter how the tools of deception are made easier with the emergence of Social Media. Malware and Infrastructure attacks such as denial of service (DOS), cross-site scripting, cross-site request forgery, phishing, evil twin are today's weapons of choice to those who use social networks to conduct unauthorized activities.
The motives vary, and no system is fully protected from these persistent attacks. As stated by Carl and Richard, all level of professional management must see the benefits of a better understanding of threats and attacks that can be performed within social networks, " whether within the workplace , usage of smart phone, cybercafé, or from within the home" .
The attacks initiated by technological know-how and the cross-pollination of ideas are making it easier for those whose intentions are to cause havoc. Malware applications can easily be downloaded and for a price --anyone bent on conducting unauthorized transactions can get powerful payloads. The continuing objective is to dupe the online users to activities which they did not plan.
Carl and Richard also reiterated that: "Since the beginning of time, people have been conned cleverly into relinquishing something of themselves in ways that appear, at the surface, to be harmless. Unfortunately for many it's not until afterwards they are painfully aware of the harm that they caused themselves by being duped into relinquishing something about themselves that may seemed harmless at the time." As illustrated by the authors, those "people" have fallen prey to a phishing attack or other social engineering schemes.
Again - what is at stake --are attacks that seek economic gains, identity thefts and the continuous desire by some to collect data for unscrupulous purposes. The floodgates are now open and what can we do as organizations to address and stem the flow of attacks that are continuous, and which originate from anywhere. There are options such as rate limit and black hole filtering that will relieve any environment temporarily from attacks such as denial of service. Again -- these solutions are temporary - more robust mitigating techniques will need to be applied. However, as stated by the authors, true mitigating solutions of DOS must be with the implementation of Distributed denial of service (DDOS) tools such as CISCO Guard, Intruguard, and Netscreen. Many Internet Service Providers (ISPs) also offer these types of services. The book is a good reference for various security mitigation strategies, it covers areas that address security issues related to Twitter, MySpace, Facebook , cyber bullying, workplace bullying, and provides a future outlook to physical threats on social networks.
Upon completion of the book, one can continue to use it as guidance for establishing policies such as acceptable use of social network. One will also gain a better understanding of the various network deception tools and the adverse impact that they can have in our daily lives. Defending against technological or human based deception is not easy. It is not one solution that will fix the problem; it is a myriad of best security practices that need to be in place. The authors concluded the book with the following statement: "Our fascination with technology is a double edge sword. As we push the pedal for individualism, it has often unexpected negative recourse to our personal privacy." With this book, the authors have contributed to a sound understanding of some of the underlying issues that we face in exposing ourselves and organizations to the opportunities offered by social networks.
Mario Camilien, CISSP, CHSS, SCNP
Information Security Analyst
