It’s not hard to find frightening examples of malware which steals personal information, sometimes for the purpose of making it public and at other times for profit. Details such as names, addresses and emails are hugely valuable for companies wanting to market their wares.
But there is another class of information associated with networks that is potentially much more valuable: the pattern of links between individuals and their behavior in the network–how often they email or call each other, how information spreads between them and so on.
Why is this more valuable? An email address associated with an individual who is at the hub of a vibrant social network is clearly more valuable to a marketing company than an email address at the edge of the network. Patterns of contact can also reveal how people are linked, whether they are in a relationship for example, whether they are students or executives, or whether they prefer celebrity gossip to tech news.
This information would allow a determined attacker to build a remarkably detailed picture of the lifestyle of any individual, a picture that would be far more useful than the basic demographic information that marketeers use today that consists of little more than sex, age and social grouping.
Today, Yaniv Altshuler at Ben Gurion University and a few pals argue that the value of this data makes it almost inevitable that malicious attackers will attempt to steal it. They point out that many companies already mine the pattern of links in their data for things like recommender systems.
“There is no reason to think that developers of malicious applications will not implement the same method and algorithms into future malware, or that they have not already started doing so,” they say.
The idea would be to release some kind of malware that records the patterns of links in a network. This kind of malware will be very hard to detect, say Altshuler and co. They’ve studied the strategies that best mine behavioral pattern data from a real mobile phone network consisting of 800,000 links between 200,000 phones. (They call this type of attack “Stealing Reality”.)
In conventional attacks, malware spreads most efficiently when the infection rate is high, and this maximises the amount of information it can steal. But it also makes the malware relatively easy to spot.
In a behavioral pattern attack, their surprising conclusion is that the most effective way of mining data is to have a low infection rate, so the malware spreads slowly. That’s because it takes time to collect good information about an individual’s behavior patterns. Also, a slow spread is less likely to be picked up by network administrators and antivirus software.
Perhaps the most worrying aspect of this new kind of theft is its potential impact. If malware steals your credit card details or online banking passwords, you can easily change them and this limits the damage.
But if a malicious attacker steals your behavioral patterns, there’s almost nothing you can do. You can’t change your network of friends or family, for example.
What’s more, once this information is released, it is more or less impossible to contain–how would you ensure that every copy had been deleted?
The prospects for avoiding this new threat look bleak. As Altshuler and co point out: “History has shown that whenever something has a tangible value associated with it, there will always be those who try to malevolently ‘game’ the system for profit.”
We’ll almost certainly have to deal with this one sooner or later.
Ref: arxiv.org/abs/1010.1028: Stealing Reality
Forget dating apps: Here’s how the net’s newest matchmakers help you find love
Fed up with apps, people looking for romance are finding inspiration on Twitter, TikTok—and even email newsletters.
How AI is reinventing what computers are
Three key ways artificial intelligence is changing what it means to compute.
These weird virtual creatures evolve their bodies to solve problems
They show how intelligence and body plans are closely linked—and could unlock AI for robots.
We reviewed three at-home covid tests. The results were mixed.
Over-the-counter coronavirus tests are finally available in the US. Some are more accurate and easier to use than others.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.