Is there such a thing as Social Media Warfare? We have had cyber warfare going on for years now. So it should be an obvious “YES” that Social Media warfare exists. But is that true? To get to a full blown war opposing sides go through an escalation process. Where are we in this process? From a pure cyber warfare perspective, we are in world war three, many opposing sides, lots of new and improved weapons, completely escalating attacks and no end in sight. Companies are used to conducting vulnerability management and risk assessment. This new war will require new tactics and defense strategies.
I think we have seen the first skirmishes of the war. It started with all the spammers morphing their tools into Facebook and Twitter hacking. Then moving into phishing. Then into negative attacks on your reputation by disgruntled customers and competitors. So what is the progression of this coming war? Is there a similarity to how “normal” cyber warfare started? But why is this war inevitable?
The attack vectors in the Social Media War are probably categorized into personal use and corporate use. If these are the assets that needs to be protected, we can then figure out how the assets will be attacked, how will the enemies do reconnaissance, what alliances will be formed and what should be the defense strategies and weapons for defense.
The progression of of this war will follow different patterns and there is probably no end in sight.
|Skirmish||Home users receiving spam and phishing attacks and scams||Corporate users seeing more phishing attacks, attackers going through Linkedin profiles|
|Protest Actions||Users might complain to attorney generals, or write nasty messages about Microsoft Adobe or Apple security weaknesses||The IT department is inundated with help desk calls. Companies have the ability to complain to ISPs or event countries about originating attacks.|
|Negotiations||There really isn’t anyone to negotiate with. Writing on your Facebook wall will not do a darn thing.||Companies definitely do not want to negotiate. But will see blackmail more and more.|
|Failed Negotiations||The home user is bascially screwed anyway.||Succumbing to blackmail will only lead down a bad path.|
|Declaration of War||This is a defacto state with the home user. They are at war whether they know it or not.||Companies have to take a proactive approach to security versus reactive. Anticipate the next types of attacks and have a budget to address it.|
|Launch Attacks and Defend||More defend, get your anti-spyware, antivirus, personal firewalls and encryption up to speed. But after that, understand how attackers use Social Media.||Spend massive amounts of money on understanding how so fight in the Social media landscape, security hardware and software are not enough.|
|Allies Join the War||The home user can only rely on the Social media companies for basic security.||Their will be more collaboration between companies and governments. Perhaps together they have a fighting chance. Regulations are also going to force changes.|
|Years of Conflict – Never Ending||Whats the next thing after Facebook and Twitter? Whatever it is will have its own security challenges. But by that time the home user will probably have given out every bit of personal information on all the Social Media venues anyway.||A company can only rely on the right process to secure their social media usage. As technologies change and new sites go live, a good process and social media security policy is all you can rely on.|
|Winner||The ISP, they get to sell bandwidth.||The VCs who fund companies like Facebook and Twitter.|
I will get into more tactics in the coming war in future posts.
CEO KRAA Security, firstname.lastname@example.org