Forgot your password?
typodupeerror
Privacy Crime Security Social Networks Your Rights Online

New Class of Malware Will Steal Behavior Patterns 73

Posted by Soulskill
from the your-mojo-is-next dept.
KentuckyFC writes "The information within huge, supposedly anonymized data sets can be used to build a detailed picture of an individual's lifestyle and relationships. This data is hugely valuable, which is why many companies already mine the pattern of links in their data to help them build things like recommender systems. Now a group of computer scientists say it is inevitable that a new class of malware will emerge for stealing this behavioral pattern data from social networks. They've analyzed the types of strategies this malware will use to collect information from a real mobile phone database of 800,000 links between 200,000 phones. They point out that the theft of behavioral data can be much more serious than the theft of other personal information. If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"
This discussion has been archived. No new comments can be posted.

New Class of Malware Will Steal Behavior Patterns

Comments Filter:
  • by Abstrackt (609015) on Friday October 08, 2010 @09:36AM (#33835118)
    All they'll see is that I'm on Slashdot 14 hours a day.
  • Fine. Then I'll constantly misbehave in atrocious patterns so they get nothing. What better way to misbehave than to claim FRIST on a /. story.
    • What better way to misbehave than to claim FRIST on a /. story.

      Especially when you're not FRIST, but THRID...

  • Identity theft takes on a whole new spin when you add in computer schizophrenia!
  • fud (Score:3, Interesting)

    by Anonymous Coward on Friday October 08, 2010 @09:39AM (#33835150)

    This is pseudo-science FUD and that kind of data would be useless to a criminal. Really, how can "behavioral patterns" be more useful than credit card or bank info to a criminal?

    • Re:fud (Score:4, Insightful)

      by netsavior (627338) on Friday October 08, 2010 @09:44AM (#33835206)
      behavior patterns + credit card = a way to use the card and not get flagged as suspicious activity.
      • Re: (Score:2, Interesting)

        by danbert8 (1024253)

        Which is totally pointless if you are a reasonable and dilligent user of your credit card, and actually check your statements every month. Of course maybe they can read from your behavioral patterns if you are an idiot that just pays bills without looking them over first.

        • Re:fud (Score:5, Interesting)

          by Anonymous Coward on Friday October 08, 2010 @09:59AM (#33835348)

          No.
          The point of stealing via fraudulent credit card purchases is not to steal from you, it's to steal from a credit card company.
          The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account. I've had times when I've tried to put an unusual item through on my card and received an immediate phonecall from my credit card provider, asking whether it's me doing the ordering.

          If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.

          • by Geeky (90998)

            If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.

            Well, yes, but then you only get to use the card for that kind of purchase. Which is great if you want to use the stolen number of buying groceries in the same town as the cardholder, but doesn't necessarily let you make large purchases.

          • >The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account Unfortunately it doesn't always work out that way. My card was blocked the other day (2nd time this month) after spending £2.81 for breakfast in the self service supermarket till that i do a few times a week.
            • My card was blocked the other day (2nd time this month) after spending £2.81 for breakfast in the self service supermarket till that i do a few times a week.

              You're missing the point here. Your breakfast (of bacon, ham, eggs, marmalade and Rock Star) is very high in fats, calories and low in vitamins, minerals and green scratchy things. The credit card company has a vested interest in keeping you alive (dead men don't pay bills). So by hassling you about breakfast they are hoping you go home and ju

      • by whovian (107062)

        behavior patterns + credit card = a way to use the card and not get flagged as suspicious activity.

        Sounds like the kind of derivative information that credit card companies (c|sh)ould already be selling^H"sharing" with their partners and/or third parties.

    • Re: (Score:3, Interesting)

      by AHuxley (892839)
      http://webcache.googleusercontent.com/search?q=cache:5jex52BhXYEJ:wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009+INDECT+Work+Package+4&cd=1&hl=en&ct=clnk [googleusercontent.com]
      Seems like the lite version of the above. Mb they track mentions of backs, holidays, wealth, private banks names ect?
      Then go searching for the more useful emails they never would have found in the wild?
      It would also help with any CC location block.
    • They can tailor their attack to your behaviour. For example, most phishing mails are quite easy to spot, simply from the fact that you never have been at the bank this phishing mail sends you to. But imagine someone would know not only your bank, but even your account number. And moreover they know that you are buying a lot on ebay. And they find out that your account is usually not filled very well. Now they can send you a mail, seemingly coming from your bank, containing a message like "Dear Mr. Yourname.

      • Damn, I should have read that preview. The message should have read:
        "Dear Mr. Yourname. An attempt to get $<larger than to be expected on your bank account> from your bank account <your account number> [...] bought by member <your ebay ID> [...]"

    • One use that comes to mind is Jury Consultant. Go watch the 2003 movie 'Runaway Jury'. Then watch the special feature interview with a real jury consultant. Creepy and scary.
    • This just in: New class of malware will pre-fetch tech buzzwords so that you think the article is interesting.
  • Your giving the criminals wayyyyy to much credit. Criminals are greedy and lazy looking for the EASY buck. What there talking about here is something a advertising company would do not a spammer
    • If the ad agencies cannot improve their systems with all the information already available to them, why would the criminals be able to do anything more?

      Cash out a credit card, yes.

      Cash out your mom and dad's address and the fact that you go there for Thanksgiving after buying a Safeway pumpkin pie, no.

      • Re: (Score:3, Insightful)

        by Yer Mom (78107)

        Cash out a credit card, yes.

        Cash out your mom and dad's address and the fact that you go there for Thanksgiving after buying a Safeway pumpkin pie, no.

        Cash out your address at Thanksgiving while you're at your mom and dad's, eating pumpkin pie: quite possibly.

  • by netsavior (627338) on Friday October 08, 2010 @09:42AM (#33835176)
    one of the best tools in fighting financial fraud is people's behavior patterns. I work for a big bank and have several applications which are used for pattern recognition both across a business unit, and across a single customer's account. If you buy something in Rome, than in Dallas Texas, then in Istambul, your account is going to be flagged... But what if someone had your card information plus your geographic habits? There are plenty of opportunities to make fraudulent credit card usage seem much more legitimate to an algorithm, all that is missing is social information... for now.
    • by Compholio (770966)

      If you buy something in Rome, than in Dallas Texas, then in Istambul, your account is going to be flagged...

      That's great when it works. I love how my local pizza hut shows up as being in a different state, it's always fun to have that trigger a "did you lose your card?" robocall.

      • Better that than the algorithm doesn't pick up the crim buying a 52" plasma TV and surround sound system, brand new PC, and as many BluRay movies as he can carry with your card details because both he and it already knows you're a bit of a technophile.
      • Re: (Score:3, Insightful)

        by rockNme2349 (1414329)

        I recently ordered a netbook for my brother off an online website. The next day I got a call from my credit card company asking me if it was actually me making the purchase. I said yes it was, and THANK YOU for calling me. I feel the same way when I go to use my credit card and they ask for ID. Sure it inconveniences me, but I'd rather have false positives that only require me to say OK when I do something unusual, then someone making fraudulent purchases with my card. I know in the end my credit card compa

        • by neminem (561346)
          I'd be happy, too, if it asked me. My bank just automatically assumed, when I sent a company elsewhere a thousand bucks, that I didn't actually want to, and canceled the charge. Then they couldn't even uncancel it when I called them (and I had to call them - their website was broken). After uncanceling the charge, I had to personally apologize to the overworked KoL staff, and get them to run the charge through again. I wish my bank was like your bank.
      • by phorm (591458)

        Normally I don't mind, but I was a bit irritated I went down to another city (about 8-9h) to visit and pick up my GF. Along the way I stopped several times for gas. On the way back, I stopped again and my card was blocked.

        Apparently going outside of my city and buying GAS along the way is enough to trip the pattern recognition, which is somewhat silly as my car's best is about 700-800/tank (45L) and filling up during a 700km (each way) trip is somewhat of a necessity... not to mention the pre-requisite bath

    • Criminals do not go to that type of effort. It defeats the entire point of being a criminal. To be a criminal is to suffer poor impulse control and to not be a big fan of working.

      Most criminals aren't going to break into the Louvre and steal the Mona Lisa. Is it feasible to try? Sure. But, it isn't in the nature of crime to do so. Why? The who point of crime is that a lazy person or a person with poor impulse control can realize high marginal value by doing something illegal. The marginal value of p

      • by netsavior (627338)

        Criminals do not go to that type of effort.

        There are several known organizations that make much more than the paltry value of the Mona Lisa each year with systematic credit card theft and fraud.

        Industries such as the credit card fraud Industry, which take in hundreds of millions of dollars in revenue each year are generally not *lazy* and generally do not suffer from poor impulse control.

      • The who point of crime is that a lazy person or a person with poor impulse control can realize high marginal value by doing something illegal.

        There are parts of the world where there is little opportunity, especially if you're not from the right background. Some of those smart and enterprising people turn to crime. And the internet lets them reach victims across the globe. Disparity of income also contributes to it. Where I live, if a person could steal even just $100 a day he would live quite well. The c

    • From the resumé:

      If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage.

      This remains true. Behavioural data alone is worth nothing.
      Also, I'd argue that credit card fraud becomes a lot less interesting when the scammer is limited to buying things that the original card holder would be interested in.

      • by AHuxley (892839)
        Why risk some strange credit card number when you know a select few can work as real CC's in your area or in other parts of the world.
        Sell on in bulk, value added. Stand out in a world of lists as something better, build a brand name for quality at a price.
    • Re: (Score:3, Interesting)

      by MachDelta (704883)

      Must be a new system, because when my CC was skimmed last year in Vegas it took them a week (and about $3000 in purchases) for them to figure out that it was stolen - despite the fact that charges were being made in two different countries on the exact same day. Visa must think I regularly take 8 hour flights to and from Vegas to buy gas, groceries and shop at Best Buy. :\

    • You are forgetting another important piece that is missing. High value items that would be desirable for a thief to acquire using the stolen info. Most thieves that would go so far as to collect behavioral patterns would not be interested in using the stolen financial info at the local liquor store or CVS. If they want to try to use it at my local pub, I would be very interested in meeting them and asking why they went through so much trouble for such a minimal reward.

      Now, if you happen to steal a car
  • Will they also steal the designs of our Slashdot favicons?

  • . . . with humorous results, as always happens when malware tries to replicate human behavior. Seriously, guys? Does no one remember the golden age of spam, when half the emails in your spam folder were 50% clipped quotes from Jonathan Livingston Seagull?
  • FTA: "AOL removed the search data from its site over the weekend and apologized for its release, saying it was an unauthorized move by a team that had hoped it would benefit academic researchers."
    Why are they saving this search data to begin with other than the profit motive? I highly doubt it was solely to benefit academic researchers.
    What are our expectations of privacy when using search engines? Don't we have the right to assume that they do NOT save any personally identifiable information?
    Fo
  • If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties

    ooooh. you spent 15 minutes yesterday on google looking for pet carriers. now i know who you will marry!

    behavioral data is not mind reading or future predicting. its application is extremely narrow. this story is scaremongering stupid bs

    • by Anomalyst (742352)

      ooooh. you spent 15 minutes yesterday on google looking for pet carriers. now i know who you will marry

      Well it might be advantageous to know the S.O. is a dog, literally or figuratively.

  • This is why I change my porn viewing fetishes randomly every few weeks or so.

  • I read TFA and I still don't get it. What is the malicious coder's motivation? I mean, how does he make money knowing that you are friends with x number of other people? Does he sell it to marketers? Does he blackmail you because you have a mistress or something?

    What I'm saying is, identity theft, credit card theft, and the like are easy to understand, because there is money to be made by doing it. How does one make money by knowing that Bob is friends with Susan, Bill, and Tracy?

  • by Asic Eng (193332) on Friday October 08, 2010 @10:21AM (#33835506)
    What's this new class of malware called, facebook?
  • "Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"

    People in witness protection do it because they have to.

    People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.

    • People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.

      It is often seen when overcoming one's additions that it is a negative thing or even sometimes divisive. Ultimately however, it really serves to multiply the positives. Sorry for the tangent.

  • ...Steal Behavior Patterns

    Funny, I still have my behavioral patterns here, neatly organized in alphabetical order... *shot*

    • Re: (Score:3, Funny)

      by The_Noid (28819)

      I was about to ask...
      What happens when your behavioural patterns are stolen? Do you suddenly start to behave differently because you no longer have them?

  • If my behavior patterns can be replicated, then tracking me via my behavior pattern becomes a lot more difficult.

  • Sometimes even email gives far too much immediacy. By avoiding mindless social networking, I am left with more time to yell at the kids on my lawn to take their beer bottles and cigarette butts with them when they go.
    • by Abstrackt (609015)
      They can't steal what ain't there? So you're saying they can only infringe behavior patterns then?
  • How will I know if my behavioral patterns have been stolen?
    Given the amount of time I spend on the interwebs , will I suddenly have a life?

    "Holy shit! Where am I? Could this be the fabled Out of Doors? OH, GOD! Someone must have stolen my behavioral patterns!"

    On second thought, maybe this new stealing of behavioral patterns could turn out to be a good thing....

"Out of register space (ugh)" -- vi

Working...