Welcome to the world that is put on public display. No privacy anymore. Please come to our kitchen, bedroom, and even toilet! Welcome to the omnipresent world of social media where we have smart-phones in our hands and let us take a few ‘clicks’ wherever we are; it would put the picture at once in the social media and wait, your friend, sitting in the loo, gives a ‘thumbs up’ immediately. The cycle of strange-contentment is complete now.
Wait. There is something still to come and the real saga of sorrow is about to start from here.
Where have you taken the picture? Suppose, you have just come out from your ATM withdrawing money and the Bank’s name is visible in your background. Suppose, I am a hacker with a bad intention and I have been following you through all your social media accounts for a long time. I have collected loads of data about you but I could not get the bank’s name until now. My cycle of reconnaissance is complete now!
From one of your social media accounts, I have already collected a few data that include — your dog’s name is Lucky; you had attended Stephen’s College, etc. Now, think about the bank-form you had filled up once upon a time. It is customary that while you were opening a new account in a bank through the internet, it usually asked you a few security questions. In such scenarios, if you forgot your password the automated form asks you a security question that you had chosen earlier. It could have been your dog’s name, or the name of your college you had attended.
Now, I, a hacker with bad intention (actually this type of hackers are called crackers), have just come to know about it. Your challenge responses for an online bank account are now open and it really serves no useful purpose in your
social media account. On the contrary, during a hacker swoop on your social media account a large amount of private data is exposed.
When we post in the social media, we usually do not think the way a cracker thinks or chalks out the plans before in one fell swoop he wipes out all your money. It is a part of his strategic planning. With more data you post on social media, exposing yourself, you place yourself at the crackers’ mercy.
In social media, there are a few rules we have already set and we usually do not break them. One of such rules says, when a friend-request comes from one of your friends’ friends, it is rude to reject that appeal. The irony is, you do not know that person. It seems more ironical, because your friend also does not know that person properly. Actually, your friend could not reject the request just like you because it had come from one of the friends of his or her friends. The trail is endless and the vulnerability starts increasing with the tag of anonymity it is carrying with it.
What could be the next moves associated with that anonymous friend? You did not expect any bad intention while you were accepting the request. The ability to create pictures in your mind did not warn you that how he would try to penetrate into your system. You are not supposed to know what kind of tools he is going to use. You are about to ask yourself these questions only when you plan your defense accordingly.
A cracker collects information about the ‘would-be’ victim first. You may compare this to a war strategy. Before any attack, army generals sit down and listen to every minute detail about the enemy; the location, the strength, the possible back up strength and other staff. The process of collecting such information is called reconnaissance or information gathering. Before any attack, the more information a cracker gathers, greater is the chance of success.
Unfortunately, social media platforms become, inadvertently, a hotbed of cyber-crime by exposing big data about the billions of users.
Usually, a user carefully sets the privacy settings and feels safe; it is beyond perception what could happen when a friend posts a photo on his or her wall and at the same time invites mutual friends to view that photo. This type of privacy violation commonly occurs. Downloading various interesting applications is quite common in social media. It is not our fault. Sometimes some applications seem irresistible and we are easy prey for dishonest intentions.
Before the launch, the application asks to access the user’s profile, in most cases this is mandatory, and once we give the nod our carefully crafted privacy settings are violated. In a research paper, experts Aaron Beach, Mike Gartrell, and Richard Han have studied the role of applications in violating user-privacy and exposed how vulnerable we were.
Imagine a real-life scenario where a cracker watches the activities of the target; he has been doing it clandestinely for some months. It appears that every day, the milkman rings the doorbell at around six-thirty in the morning and the target opens the door and collects the packet of milk. After that appears the newspaperman sharp at seven and after half an hour, the target takes his kid out to the school and from there he goes to his office. This information is public. Anyone can gather it by watching the typical lifestyle of a disciplined family man. Besides gathering the information, the cracker has a clear mapping of the mental traits of his target.
The same rule applies to the social media platforms. So, think twice before accepting invitations from friends just because another friend has referred it. Please do not feel obligated to navigate through a web link given by a friend. Often your true friend does not know how he or she helps intruders to swoop on your machine. There are many good websites where you could check the veracity of any URL. Copy and paste the URL and first take it there to test it and better watch it separately. Good practices include a few more things. Avoid opening up any attachment; your best friend could have sent it, but he or she had sent it without knowing the proper source. Never disclose private information such as your nickname, names of your pets and other such trivial but significant information.
It is a pleasure to be present on any social media platform with thousands of friends but never relax the grip that allows you to question its true purpose.