If you are having trouble viewing this email, click here to view this online



   ISSUE 31

24 February 2014

Article of the Month  Around the World

Social Media: To be or not to be�


Social media has become a much discussed topic in Sri Lanka and some consider it to be a culprit to the death of two young girls from Pitigala and Kurunegala. Facebook and other social media tools have spread from Colombo to rural areas and it has started to make an impact to our culture and society especially with regards to younger generation. There are plenty more Facebook stories which ended with deaths not only among young generation but also among more mature couples as well. This is not unique to Sri Lanka and incidents such as this have been happening around the globe. A notable high profile incident which happened recently was when the wife of Shashi Tharoor, India's human resources minister - known as 'Minister Twitter', was found dead after exposing her husband�s affair with a Pakistani journalist.



With that kind of a background, it is high time that we, as Sri Lankans, take a look at Facebook and other social media tools more seriously. Facebook is not the only social media tool that exists and there are many more such as Twitter, Linkedin, Google+, YouTube, Wikipedia and Second Life which falls under social media. The objective of this article is not to elaborate on social media but to discuss about the impact and implications of Social Media.
Does Facebook or social media in general pose a security threat? Since the death count of Facebook victims is rising, we seriously need to take time to study this situation. In order to answer this question, I obtained an incident report from Sri Lanka CERT|CC and analyzed it. The report contained cyber crime incidents reported to Sri Lanka CERT|CC for the years 2009, 2010 and 2011. The data is shown in the table below.

The incidents are mainly categorized in to 10 areas as listed in table above and the number of incidents reported from each area of cyber crimes is also mentioned in table. Cyber crimes can be divided in to mainly two categories as below;

(1) Crimes that target computers directly
Malware, Defacements and DoS attacks mentioned in table 2 fall under this category.
(2) Crimes facilitated by computer networks or devices, the primary target of which is independent of the network or device

Crimes such as Phishing, Abuse/Privacy, Scams, Hate/Threat Mail, Unauthorized Access, Intellectual property Violation and Fake Accounts fall under this category.
According to the table above, when we take the total of reported cyber crime incidents throughout the three years, we can see a significantly large increase in cyber crimes. This is elaborated very clearly through the graph below.
According to graph below, cyber crime incidents escaladed from 69 to 1469 within 3 years which is a 2030% increase.

Total Cyber Crime Incidents Reported from 2009 � 2011

In order to understand the trend of the cyber crime incidents reported from 2009 to 2011 and to find whether there is an association between social media and cyber crimes in Sri Lanka, the incidents reported for the years 2009, 2010 and 2011 are categorized in to 2 main areas using the table above.

1. Cyber crimes which directly involve social media
2. Cyber crimes which indirectly involve social media

In the table above among the 10 areas of cyber crimes reported, except for Fake Accounts which directly involves social media such as social networking sites, blogs or content communities, etc, all the other cyber crime areas in table above can be used indirectly to cyber crimes. Thus Fake Accounts are categorized under cyber crimes which directly involve social media and all the other areas in table above such as Phishing, Abuse/Privacy, Scams, Hate/Threat Mail, Unauthorized Access, Intellectual property Violation, Malware, Defacements and DoS attacks are categorized under cyber crimes which indirectly involves social media.

According to Sri Lanka CERT|CC, Fake Accounts are about user profiles created in social networking websites such as Facebook, on a person without that person�s knowledge to impersonate that person either to insult or to gain benefits.

An observation to be made by table above is that the cyber crimes area called �Fake Accounts� which was not there in 2009 has been introduced in years 2010 and 2011. This was mainly due to the popularization of social networking sites such as Facebook. According to Sri Lanka CERT|CC, social media started popularizing in Sri Lanka from year 2009 onwards and after a sufficient number of user base was established only, the cyber criminals started capitalizing social media. Social media has created a nexus between social media platforms functioning as launch pads for cyber criminals.

Impact of Social Media for the Cyber Crime Incidents from 2009 - 2011

According to this table, we can see that the cyber crimes that does not associate directly with social media has reduced over the years and cyber crimes directly involving social media (Fake Accounts) has increased from 0 to 1425 within the 3 years. This is very clearly elaborated by the graph below.

Impact of Social Media for the Cyber Crime Incidents from 2009 � 2011

Graph above demonstrates an incremental trend for Fake Accounts while other cyber crimes have been reduced by 2011. After analysing the data on the above graph, we can clearly see that the cyber crimes overall has increased in a large scale from 2009 to 2011 and the main contributor to that is �Fake Accounts� which directly involves social media.
From the data gathered through Sri Lanka CERT|CC on the last 3 years (2009, 2010 and 2011) cyber crime incidents, we can see that there is an association between cyber crimes and social media. Further we can say that cybercrimes in Sri Lanka has increased due to social media. Social media has created an environment for cyber criminals to function and commit crimes leaving social media users vulnerable.
In that kind of a scenario, as Sri Lankans, our responsibility is to be extra vigilant when using social media and create awareness among the younger generation. We cannot ban younger generation from technological advances like social media or internet. We need to understand young minds and educate them on possible repercussions; threats and risks the social media pose in order to safeguard them.
Facebook or social media cannot be considered a monster. It is merely a tool. But how people use it and for what people use it defines its nature. For an example; a man can cook with fire and a man can also be cooked with fire.


 - Rangamini Werawatta

Rangamini is an ICT Specialist who has been a consultant to many public and private organizations on various programs, projects and initiatives. He is a freelance journalist who contributes to national newspapers. He is also the author of the book �Cyber Security: 01 Byte from the Cyberspace�; ISBN: 978-955-658-253-6.







  The Role Social Networking Plays in Suicide

�.....We�re all familiar with tales of social networking sites(SNSs) casting dark shadows over events leading up to a victim�s suicide. Frequently the issues revolve around private encounters, moments and words that spread like wildfire once they�ve been introduced to the digital stage - often without the target�s consent.

With the 21st century ingenue Cyberbullying playing the lead role in each one of those dramas, we rarely hear examples of how social networking promotes a healthy mental state and even prevents suicide in some instances. Although the media continually make the connection, there is no conclusive evidence that cyberbullying causes suicide.....�

  McAfee Unveils New Threat Intelligence Exchange

'.... McAfee has shared details on a soon to be released threat sharing platform designed to help security teams develop and customize a threat intelligence solution from global data sources.....'

Google�s �Project Tango� is a Smartphone with Kinect-style computer vision


'.... Google is launching yet another crazy moonshot project. This one is a prototype called "Project Tango," which squeezes 3D computer vision technology�similar to that used in the Xbox Kinect�into a smartphone. The device is being cooked up by Google�s Advanced Technology and Projects (ATAP) group, which just moved over from Motorola. Johnny Lee, the Technical Program Lead at ATAP, described the project:.......'

Microsoft issues Fix it for critical IE 0-day exploited in attacks


'....Microsoft has finally issued a security advisory addressing the IE zero-day that has been recently actively exploited in attacks in the wild, and has followed with a Fix it tool to temporarily mitigate the issue until a patch is released.

This zero-day is a remote code execution vulnerability, which may corrupt memory and allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer...�

Cloud-based security services poised for rapid growth

'....That comfort will be driving a rapid growth in the market for cloud-based security services in the next few years. The market, according to Gartner, will jump by a billion dollars in the next two years from $2.1 billion in 2013 to $3.1 billion in 2015.

Market research firm Infonetics Research also has a rosy forecast for cloud-based security services. It predicts revenues for them will climb by a compound annual growth rate of 10.8 percent, from 2012 to 2015, when it will reach $9.2 billion......�

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in January 2014
  Total Hacked Sites
 Statistics - Sri Lanka CERT|CC


Meet The Company That Tracks More Phones Than Google Or Facebook

'.... Picture this scenario. A bored woman sits waiting in an airline lounge. She scrolls through her iPhone and taps on a brightly colored square to launch a free mobile game. In the instant before the app loads something extraordinary happens behind the scenes: an auction for her eyeballs, run by a company you�ve probably never heard of, called Flurry..........'

Google's Grand Fiber Plan: Cue The Eye Roll

'....Search giant Google is expanding its US municipal broadband project in a bid to become a leading American carrier. Excuse me while I roll my eyes.

Whenever Google comes out with one of its grand pronouncements, particularly in this area, I feel compelled to chorus, "Here we go again." Perhaps this time I'm being too cynical. Perhaps not.........

Malicious Yahoo Ads � Preventable With Patching, Security Solutions

'"....Over the holidays, it was reported that malicious ads had appeared on various Yahoo sites and affected users in Europe. Two claims about this attack have been made: first, that it affected �millions� of users, and secondly, that it was used to plant Bitcoin miners on affected computers. Some of these claims may be a bit overstated, and the coverage may not have been able to give a more complete picture of the threat......'

Malware Targeting Point of Sale Systems



......When consumers purchase goods or services from a retailer, the transaction is processed through what are commonly referred to as Point of Sale (POS) systems. POS systems consist of the hardware (e.g. the equipment used to swipe a credit or debit card and the computer or mobile device attached to it) as well as the software that tells the hardware what to do with the information it captures......'


Labs Research: Using Anomalies in Crash Reports to Detect Unknown Threats



'....Today, we released a research white paper detailing the use of Windows Error Reporting (WER) to detect advanced targeted campaigns in the wild, including: a campaign against a government agency; a major cellular network provider; and a previously unreported campaign targeting point-of-sale (POS) systems at retailers with a new variety of malware. The white paper, entitled �Using Anomalies in Crash Reports to Detect Unknown Threats,� ....'

Notice Board
  Training and Awareness Programmes - January 2014
Date EventVenue
21st- 28th February Hardware maintenance Training Programme South Eastern University, Oluvil
-  10th -16th February Hardware maintenance Training Programme South Eastern University, Oluvil
- 25th January to 28th January Hardware maintenance Training Programme South Eastern University, Oluvil
 26th February -4th March  21st-27th February Hardware maintenance Training Programme South Eastern University, Oluvil
  3rd February Workshop on Education content development   Computer Laboratory ,ICT Branch , Ministry of Education
  15th-17th February Workshop on Education content development     Computer Laboratory ,ICT Branch , Ministry of Education
- 21st-27th February "Dayata Kirurula" Exhibitions Kuliyapitiya

Brought to you by: