My Post in Malware Blog: From RSA 2011: Security, Social Media and Spies


I am reposting my article in TrendLabs Malware Blog posted last February 24, 2011.

Like my colleagues, I also attended RSA 2011 Conference in San Francisco last week. As they have shared in their posts on the hackers and threats sessions, I would like to share some of my experiences and learnings on sessions involving social media, spies and security.

Mapping an Organization’s DNA Using Social Media

Abhilash Sonwane of Cyberoam discussed the findings of their research involving 20 random small and medium companies across the globe. His team tracked the social media activities of these companies’ employees via Facebook, Twitter and LinkedIn streams. This was done without employing any malicious tactics such as spear phishing or malware infection.
It is interesting to know that by simply correlating the employees’ social media presence, the researchers were able to map the DNA of the company. By DNA, we pertain to a collection of data like the morale of employees and the company as a whole. This includes sensitive information such as who makes the buying decisions. While such information per se may not be directly related to any kind of threat, it can be used by competitors (and potentially, the bad guys) to their advantage.

My key takeaway from this session is that it is very important for companies to strive to create a balance between the benefits and risks of social media. Companies should have solid social media policies to raise awareness among employees about its proper use and corresponding challenges. Furthermore, to cover both internal and external risks, social media policies should be aligned with technology solutions that security companies offer.

How to Recruit Spies on the Internet

In his presentation, Ira Winkler of Internet Security Advisors Group debunked the typical James Bond stereotype that the general population has with spies. He briefly discussed the usual motivation behind espionage—MICE (Money Ideology Coercion and Ego)—and how potential operatives can use these motivations in conjunction with social media information mining to get confidential information. Social media is a huge goldmine of information and he outlined a possible scenario wherein a foreign operative can easily get to a target and extract classified information without revealing his spy status.

My key takeaway from this session reiterates my learnings from the other session. That is, social media has its corresponding risks and rewards. As security professionals, we need to have a strong security mindset and integrate it well with our social media. Everybody can become a victim here and social media security awareness is a key contributor in mitigating this risk. It is also advisable to share this with our less-techie friends from our social circles so that they will be better informed.


The scenarios presented by Abhilash and Ira seem to be easy to do. And if we include malware and other malicious activities from the cybercriminals to the equation (take for example ZeusiLeaks), the information and intelligence gathering will take less effort. The security industry needs to adapt to the challenges in the threat landscape, which the Trend Micro™ Smart Protection Network™ aims to do with its multi-layer protection via its File, Email and Web Reputation Services. But more importantly, organizations need to protect themselves both from internally- and externally-driven threats through proper user awareness and strong security policies.

Original post on TrendLabs Malware Blog: From RSA 2011: Security, Social Media and Spies

I will post some personal insights here in soon. For now just the repost and some thank you notes 🙂

Special thanks to Macky, Ria and JM for their help in the article posting.