The Notions of Cyber-warriors in Social Media

Internet social networks such as Facebook, LinkedIn, and Twitter have fundamentally changed the way we conduct business and interact with one another but has also created a new type of criminal enterprise. With well over 2 billion users on Facebook alone, Social media networks have provided Cyberwarriors a cornucopia of personal information to tap into. Cyber-warrior is defined as a computer expert engaged in the infiltration or sabotage of information systems, or in the defense of information systems against outside attack, typically for strategic or military purposes.

Given this definition, the term cyber-warrior can take on different meanings depending on the context in which it is used. This term may refer to someone with malicious intent such as a hacker or could be a professional who is working to defend against such attackers. With so many social media networks available in today's digital age, a cyber-warrior has a good amount of options to choose from. As of 2017, there are 2 billion monthly active users on Facebook and over 1 billion daily active users allowing for the use of information from accounts such as names, birthdates, places of work, and addresses and even current locations. LinkedIn is a professional based network that as of 2016 128 million Americans registered on the site while India came in the second highest membership with 35 million. In third place, Brazil came in with 25 million registered members while other smaller countries came in around 1 million users. The networking site allows members to create profiles and make connections with others as a way of establishing professional relationships.

Instagram and Twitter are also notorious networks cyberwarriors turn to for information gathering. Cybercrime on social networks can be categorized in three ways. The first traditional broad-sweep scams, try to lure you to click on something or visit pages that will push malware on to your computer. The next and least obvious would be for the criminal to search for careless public exposure of personal data and finally using social media to exchange ideas, connect, and trade stolen information. In the context of cybercriminals, the interconnectivity of social media allows for ideal conditions for cyber-warriors looking for a specific target to gather information on either an individual or a company. Most users now have several devices such as computers, iPads, iPods, and smartphones, that all communicate and share information within our own personal networks and one of those can easily be neglected from a security standpoint.

The human trust trait that leads many individuals or employees to fall prey to scams or malvertising campaigns is what most cybercriminals are betting on. Most social media users simply do not realize how much information they share through their accounts or the implications of the information that they do share. Password questions such as "what was the model of your first car, " or "what was your first pets name" could be found out with a little digging through old posts of a social media account or simply tapping the "About" tab on your Facebook page. Geotags are another feature most users are unfamiliar with and unaware it even exists. Geotags are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras and may be left on through there smartphones, that today are constantly streaming Facebook as well as real-time locations. Even companies are connected to Facebook and Twitter via the networks they are using to initiate these accounts, not to mention the public Wi-Fi these companies may offer.

Cybercriminals can use the information they gather from these targets' social media accounts to fake familiarity. Individuals with particular job functions can be located and identified with a few clicks. Once identified "stalked" their social connections can be mapped out to develop alarmingly detailed charts showing shared posts, individual interests, recent trips to conferences or any other pertinent information to the end game. Once this information has been collected, cybercriminals have everything they need to craft emails with enough detail to be convincing. Criminals wanting to spread targeted malware or ransomware are launching more detailed attacks with carefully-worded emails routinely tricking staff into initiating dodgy wire transfers or opening malicious attachments where the results can be a ransomware lockout, local malware infection or complete disabling of there network.

One tactic employed that utilizes the data they collected on the social networks is called a 'whaling' attack where the criminal spoofs the sender's name and email as well as mentions a recent shared experience, possibly from a social media post to lessen skepticism, and fabricates a story about needing a wire transfer to be executed urgently. The same can be used on trusting individuals' personal emails rather than just business networks. In terms of cybersecurity professional Ethical hackers with FireEye's Mandiant Red Team Operations tested this theory and peppered a client organization with a carefully-worded email. Results found that 400 of 600 employees clicked on the attachment. If a cyberwarrior wants to investigate a given individuals work habits or in which company and in which position they are in, or who they are connected with professionally and privately, this information can often time be easily tracked on social media.

Attacks on a specific individual become much easier if the target has made a lot of private information publicly readily available on their profiles. Recent figures from the US FBI suggest that fraudulent emails, sent by cybercriminals impersonating CEOs and other key executives, cost US businesses $US2. 3 billion between October 2013 and February 2016, during which time the FBI received some 17, 642 reports of such scams. They found that seventy-two percent of attackers pretended to be the CEO and thirty-five percent of respondents had impersonated the CFO to target key finance and other executives While in many cases the initial scam could be just attempting to have the target click on an email to open it, initial malware could be clicked on and the next phase of the scam could ensue.

Another scam and one of the most profitable is installing ransomware. The malicious software encrypts the data on a target's computer and then asks for payment before restoring the system to its original state. Once opened or clicked on the initial malware is used to create a backdoor into the victim's system. This may not appear to do anything but the cyberwarrior could use this backdoor in a number of advantages ways. Now that the backdoor is available the Cyberwarrior can either install software which, for example, or reads usernames and passwords or hijacks the victim's online banking or they can attempt to sell off this backdoor they were able to create to another cybercriminal. Once one machine is infected and or has a backdoor the rest of the network is now at grave risk. While social media can be an ideal source to steal information, it can also pose as a platform for cyberwarriors to trade and sell compromised data.

Therefore, using a work computer attached to a network full of sensitive information or classified data to surf on an individual's social media account opens up an entire company to a multilayered problem. While companies do spend millions keeping up on software to prevent such attacks the solution is also multilayered on. Antivirus software and firewalls are just not enough and should be met with weekly if not daily port scans, upgrades, and training for IT security departments. Educating the masses as well as young social media users is a good way to start this mitigation process. While I believe any company that uses a large network or even small network should have annual data and network security training, classes should be taught in primary and secondary schools as well. Considering schools use networks and have almost fully integrated into the digital age, just as my generation had a typing class as well as computer class, newer generations should be taught not just the advancements and advantages of technology but the dangers they pose as well.