Compromised Facebook accounts are being used in new ways to make sure that Spam reaches its intended audience.
As I was sitting working away at my computer, an event notification popped up on my screen that confused me.
This notification confused me for a number of reasons, firstly I was pretty sure I hadn’t accepted any invitation to knock-off designer goods events and secondly, on inspecting my calendar and inbox I could find no trace of the event in question.
While I was checking through my calendar, enabling and disabling feeds to try to track down the source, a second notification popped up, this time within Facebook, for the same event and all became clear.
The account of one of my old school friends had obviously been compromised and used to create a scam event, a new form of social media Spam. Of course I have notified my friend immediately and reported the scam event. Quite aside from the novel Spam delivery mechanism, evading traditional anti-spam and web filtering technologies, it got me to thinking about the future of information in the Internet of Everything.
IoE relies on a globally connected network of device and services, both consumers and businesses want to connect all of these information sources and we are already beginning to use the information generated to make automated decisions. For example apps such as IFTT (If This Then That) allow us to create smart rules combining discrete events and actions, “If someone tags me in a photo on Facebook, save a copy to my web storage” or “If the sun goes down, turn on the lights in my house”. This trend is set to continue and expand exponentially. With Gartner predicting 30 billion connected devices by 2020 and IDC predicting 212 billion the only thing we can really be sure of is that the growth of this interconnected ecosystem will be huge.
Attackers will continue to search for the weakest link. A compromise at any point in the chain of information will lead to amplified effects in unforeseen areas as devices, processes, people and services become increasingly both interconnected and autonomous. Complexity is the enemy of security, in the interconnected IoE, tracking down the source of misinformation and the point of compromise may become impossible for the average consumer of business.
Unless proper authentication of the integrity, provenance and validity of information can be designed into the processes, devices and decision-making of the future, we’re not just opening up a new attack vector, we’re opening up our lives, our enterprises and our homes.