Title

Information Leakage through Online Social Networking Opening the Doorway for Advanced Persistence Threats

Document Type

Journal Article

Editor(s)

Patrick F Walsh

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Security Science / Security Research Centre (secAU)

RAS ID

12283

Comments

This article was originally published as: Molok, N., & Chang, S., Ahmad, A. (2011). Information Leakage through Online Social Networking Opening the Doorway for Advanced Persistence Threats. The Journal of the Australian Institute of Professional Intelligence Officers, 19(2), 38-55. Original article available here

Abstract

The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of employees leaking information via this channel through a theoretical lens from information systems. It also describes how OSN becomes an attack vector of APT owing to employees’ social networking behaviour, and finally, recommends security education, training and awareness (SETA) for organisations to combat these threats.

DOI

10.4225/75/57b673cf34781

Access Rights

free_to_read

 

Link to publisher version (DOI)

10.4225/75/57b673cf34781