Social networking picked as cybercrime threat

Cybercrime is likely to move into the social networking world, taking advantage of sites such as Facebook and MySpace, says cyber-security guru Peter Gutmann.

"I would assume internet crime will migrate to social networking sites in the future," says Gutmann, who also develops encryption toolkits and researches the usability of security software.

Social networking sites are incredibly powerful virus platforms in that they allow developers to write specific applications for them, which spread in a viral manner.

If these applications were not on a site such as Facebook, they would be considered incredibly fast-spreading viruses, he says.

To date, developers have written social networking applications only experimentally, but Gutmann thinks these platforms will be targeted more heavily in the future. "For some unfathomable reason the bad guys haven't exploited [social networking sites] yet, and I don't know why -- it is so easy," he says.

Finding stolen credit card numbers, phone numbers and other personal information is a matter of 10 seconds of searching Google, he says. "It is frighteningly easy to find information -- it is not rocket science," he says.

Another thing about these sites is that personal information, posted by users, will be there for ever.

"People put out heaps of personal information, not thinking about how it can be used against them," says Gutmann.

To some extent, cyber crooks are already using social networking sites to launch so called spear-fishing attacks, says Gutmann. By getting names, addresses and other information from, for example, job placement agencies, cyber criminals can send targeted phishing letters from your bank, and basically "leapfrog and attack from one site to another", he says.

Gutmann, an honorary research fellow of University of Auckland's Department of Computer Science, is passionately involved in making encryption more useable for everyday people. Anybody can get strong encryption off the internet these days, but the availability of strong encryption does not have a huge effect on stopping cybercrime, he says. It's so hard to use, nobody wants to use it, he says.

In his spare time, he researches the usability of security software, which is typically written by geeks, for geeks, he says. "Unless you are a hardcore geek, you've got no hope of understanding it," he says.

Gutmann looks at how people interact with security software and how it can be made easier to understand, but he also investigates if "the masses" really need to, or want to, understand encryption.

He has built the OS-independent, open-source Cryptlib security toolkit, which allows crypto-programmers to easily add encryption and authentication services to their software. Even to programmers, encryption is difficult to understand, he says.

The toolkit makes it easy for programmers to build secure applications. The next step is to educate programmers to build security applications "that human beings can actually use, and that is the really hard bit", he says.

Gutmann was involved in writing the PGP encryption package, a program that provides cryptographic privacy and authentication, often used for signing, encrypting and decrypting emails.

Join the newsletter!

Error: Please check your email address.
Show Comments