Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
jobs or friends can be monitored and compiled to a report. One not necessarily has<br />
to actively monitor accounts to receive information about the users’ past - this,<br />
at least in the case of Facebook, is already done for other users by the platform<br />
itself. Another source of information are users’ pictures. Taking a look at the<br />
pictures available often provides enough information if users have been registered<br />
for a certain amount of time or pictures about users have been uploaded. Potential<br />
employers could, for example, check out applicants by taking a look at their<br />
pictures, reading posts of friends and so on.<br />
• Spear phishing: [Jag07] highlights the issue of spear phishing or context aware<br />
phishing. In such phishing attacks, personal information is used to adapt the<br />
attack specifically to the phishing victim for example by using data available on<br />
social networks. The study shows that when exploiting social network data, the<br />
success rate of phishing attacks is four times higher than normal [Jag07]: social<br />
networks such as Facebook or MySpace can easily be automatically crawled and<br />
reliable data about social networks can be extracted and stored in a database.<br />
This information can then be used to “personalize” phishing attacks for example<br />
by spoofing e-mails to make them appear to be of a friend. As the phishing<br />
victims recognize the (fake) sender (it looks like the e-mail has been sent of one<br />
of his friends e.g. from Facebook), the user is more likely to click on the link and<br />
provide sensitive information [Jag07]. The study also supports the statement that<br />
there is a lack of understanding that data posted on social network sites is public<br />
information - and how easily this information can be abused.<br />
Just recently, Facebook tried to implement “changes to its contract with [its] users<br />
that had appeared to give it perpetual ownership of their contributions to the service”<br />
[NYT], including all personal data and status messages entered. After a huge outcry of<br />
the Facebook community, these changes were reverted. However, it is a clear example<br />
how data collected by such social network are potentially dangerous.<br />
However, most of these very real threats to privacy are only made possible because<br />
users are not aware about the above discussed consequences if they do not protect their<br />
data by using existing privacy settings [Jon05]. This leads to an alarming discrepancy<br />
between the perception of users (“nobody will ever find this information or is interested<br />
in it”) and the reality: not do only other people actively search for information, also automatic<br />
data collection about specific persons is taking place. By crawling the Internet,<br />
search engines provide a basis for services such as 123people.at which displays publicly<br />
existing data of specific users on the Internet. However, this issue is not only restricted<br />
to social networks. Also other popular services like blogs can pose a huge threat to<br />
privacy [Kha06].<br />
All the above mentioned threats and application use certain technologies and methodologies<br />
to fulfill their purpose. Especially the issues of cookies, Internet Service Providers,<br />
profiling and logging is of interest and will be discussed in the next section.<br />
13