Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Class of Malware Will Steal Behavior Patterns

Posted by Soulskill on from the your-mojo-is-next dept.

KentuckyFC writes "The information within huge, supposedly anonymized data sets can be used to build a detailed picture of an individual's lifestyle and relationships. This data is hugely valuable, which is why many companies already mine the pattern of links in their data to help them build things like recommender systems. Now a group of computer scientists say it is inevitable that a new class of malware will emerge for stealing this behavioral pattern data from social networks. They've analyzed the types of strategies this malware will use to collect information from a real mobile phone database of 800,000 links between 200,000 phones. They point out that the theft of behavioral data can be much more serious than the theft of other personal information. If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"

14 of 73 comments (clear)

  1. Joke's on them by Abstrackt · · Score: 4, Funny

    All they'll see is that I'm on Slashdot 14 hours a day.

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  2. fud by Anonymous Coward · · Score: 3, Interesting

    This is pseudo-science FUD and that kind of data would be useless to a criminal. Really, how can "behavioral patterns" be more useful than credit card or bank info to a criminal?

    1. Re:fud by netsavior · · Score: 3, Insightful

      behavior patterns + credit card = a way to use the card and not get flagged as suspicious activity.

    2. Re:fud by danbert8 · · Score: 2, Interesting

      Which is totally pointless if you are a reasonable and dilligent user of your credit card, and actually check your statements every month. Of course maybe they can read from your behavioral patterns if you are an idiot that just pays bills without looking them over first.

      --
      Yes it's an anecdote! Were you expecting original research in a Slashdot comment?
    3. Re:fud by AHuxley · · Score: 2, Interesting

      http://webcache.googleusercontent.com/search?q=cache:5jex52BhXYEJ:wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009+INDECT+Work+Package+4&cd=1&hl=en&ct=clnk
      Seems like the lite version of the above. Mb they track mentions of backs, holidays, wealth, private banks names ect?
      Then go searching for the more useful emails they never would have found in the wild?
      It would also help with any CC location block.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:fud by Anonymous Coward · · Score: 5, Interesting

      No.
      The point of stealing via fraudulent credit card purchases is not to steal from you, it's to steal from a credit card company.
      The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account. I've had times when I've tried to put an unusual item through on my card and received an immediate phonecall from my credit card provider, asking whether it's me doing the ordering.

      If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.

  3. Your giving the criminals by Stan92057 · · Score: 2, Insightful

    Your giving the criminals wayyyyy to much credit. Criminals are greedy and lazy looking for the EASY buck. What there talking about here is something a advertising company would do not a spammer

    --
    Jack of all trades,master of none
  4. Sophisticated credit card fraud by netsavior · · Score: 4, Interesting

    one of the best tools in fighting financial fraud is people's behavior patterns. I work for a big bank and have several applications which are used for pattern recognition both across a business unit, and across a single customer's account. If you buy something in Rome, than in Dallas Texas, then in Istambul, your account is going to be flagged... But what if someone had your card information plus your geographic habits? There are plenty of opportunities to make fraudulent credit card usage seem much more legitimate to an algorithm, all that is missing is social information... for now.

    1. Re:Sophisticated credit card fraud by rockNme2349 · · Score: 2, Insightful

      I recently ordered a netbook for my brother off an online website. The next day I got a call from my credit card company asking me if it was actually me making the purchase. I said yes it was, and THANK YOU for calling me. I feel the same way when I go to use my credit card and they ask for ID. Sure it inconveniences me, but I'd rather have false positives that only require me to say OK when I do something unusual, then someone making fraudulent purchases with my card. I know in the end my credit card company will be footing the bill, not me, but it still is a large waste of time.

      I can see how a local pizza hut being flagged as unusual would be an issue, but that is a flaw in the implementation, not the algorithm.

      --
      Sewage Treatment Facilities - "Our duty is clear."
    2. Re:Sophisticated credit card fraud by MachDelta · · Score: 2, Interesting

      Must be a new system, because when my CC was skimmed last year in Vegas it took them a week (and about $3000 in purchases) for them to figure out that it was stolen - despite the fact that charges were being made in two different countries on the exact same day. Visa must think I regularly take 8 hour flights to and from Vegas to buy gas, groceries and shop at Best Buy. :\

  5. what a retarded fearmongering pile of crap by circletimessquare · · Score: 2, Insightful

    If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties

    ooooh. you spent 15 minutes yesterday on google looking for pet carriers. now i know who you will marry!

    behavioral data is not mind reading or future predicting. its application is extremely narrow. this story is scaremongering stupid bs

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. New class of malware by Asic+Eng · · Score: 2

    What's this new class of malware called, facebook?

  7. Re:Mod parent up. by Yer+Mom · · Score: 2, Insightful

    Cash out a credit card, yes.

    Cash out your mom and dad's address and the fact that you go there for Thanksgiving after buying a Safeway pumpkin pie, no.

    Cash out your address at Thanksgiving while you're at your mom and dad's, eating pumpkin pie: quite possibly.

    --
    Never mind Spamassassin. When's Spammerassassin coming out?
  8. Re:O RLY? by The_Noid · · Score: 2, Funny

    I was about to ask...
    What happens when your behavioural patterns are stolen? Do you suddenly start to behave differently because you no longer have them?