New Class of Malware Will Steal Behavior Patterns 73
KentuckyFC writes "The information within huge, supposedly anonymized data sets can be used to build a detailed picture of an individual's lifestyle and relationships. This data is hugely valuable, which is why many companies already mine the pattern of links in their data to help them build things like recommender systems. Now a group of computer scientists say it is inevitable that a new class of malware will emerge for stealing this behavioral pattern data from social networks. They've analyzed the types of strategies this malware will use to collect information from a real mobile phone database of 800,000 links between 200,000 phones. They point out that the theft of behavioral data can be much more serious than the theft of other personal information. If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"
Re: (Score:2)
"For in spite of computers and advanced psychology
Behaviour patterns are still a mystery
I predict the future of this earthly human race
Is that having made a mess of Earth They'll move to outer space
Well there goes the neighbourhood
Totally, completely, absolutely, irrevocably, highly illogical!"
Re: (Score:1)
Wow, that was an extraordinary post, even from a three-digit-er.
Assuming, of course, that you pulled that geeky reference from your memory rather than just found it via a Google search.
That's the downside to the power of the net, when we do something without using it we don't get as much credit anymore as we would have, before.
Re: (Score:2)
Thanks. The reference came to me instantly. I could have worked out the exact verse, from memory, given a half-hour.
Who has that time? I googled "behaviour" "nimoy" "demento". :-)
Joke's on them (Score:5, Funny)
Re: (Score:2)
24 for me. I am on /. in my sleep too.
Then I'll misbehave! (Score:1)
Re: (Score:2)
What better way to misbehave than to claim FRIST on a /. story.
Especially when you're not FRIST, but THRID...
Single White Fembot (Score:2)
fud (Score:3, Interesting)
This is pseudo-science FUD and that kind of data would be useless to a criminal. Really, how can "behavioral patterns" be more useful than credit card or bank info to a criminal?
Re:fud (Score:4, Insightful)
Re: (Score:2, Interesting)
Which is totally pointless if you are a reasonable and dilligent user of your credit card, and actually check your statements every month. Of course maybe they can read from your behavioral patterns if you are an idiot that just pays bills without looking them over first.
Re:fud (Score:5, Interesting)
No.
The point of stealing via fraudulent credit card purchases is not to steal from you, it's to steal from a credit card company.
The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account. I've had times when I've tried to put an unusual item through on my card and received an immediate phonecall from my credit card provider, asking whether it's me doing the ordering.
If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.
Re: (Score:2)
If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.
Well, yes, but then you only get to use the card for that kind of purchase. Which is great if you want to use the stolen number of buying groceries in the same town as the cardholder, but doesn't necessarily let you make large purchases.
Re: (Score:1)
Re: (Score:2)
You're missing the point here. Your breakfast (of bacon, ham, eggs, marmalade and Rock Star) is very high in fats, calories and low in vitamins, minerals and green scratchy things. The credit card company has a vested interest in keeping you alive (dead men don't pay bills). So by hassling you about breakfast they are hoping you go home and ju
Re: (Score:1)
behavior patterns + credit card = a way to use the card and not get flagged as suspicious activity.
Sounds like the kind of derivative information that credit card companies (c|sh)ould already be selling^H"sharing" with their partners and/or third parties.
Re: (Score:3, Interesting)
Seems like the lite version of the above. Mb they track mentions of backs, holidays, wealth, private banks names ect?
Then go searching for the more useful emails they never would have found in the wild?
It would also help with any CC location block.
Re: (Score:1)
They can tailor their attack to your behaviour. For example, most phishing mails are quite easy to spot, simply from the fact that you never have been at the bank this phishing mail sends you to. But imagine someone would know not only your bank, but even your account number. And moreover they know that you are buying a lot on ebay. And they find out that your account is usually not filled very well. Now they can send you a mail, seemingly coming from your bank, containing a message like "Dear Mr. Yourname.
Re: (Score:1)
Damn, I should have read that preview. The message should have read:
"Dear Mr. Yourname. An attempt to get $<larger than to be expected on your bank account> from your bank account <your account number> [...] bought by member <your ebay ID> [...]"
Re: (Score:1)
Re: (Score:1)
Your giving the criminals (Score:2, Insightful)
Mod parent up. (Score:2)
If the ad agencies cannot improve their systems with all the information already available to them, why would the criminals be able to do anything more?
Cash out a credit card, yes.
Cash out your mom and dad's address and the fact that you go there for Thanksgiving after buying a Safeway pumpkin pie, no.
Re: (Score:3, Insightful)
Cash out your address at Thanksgiving while you're at your mom and dad's, eating pumpkin pie: quite possibly.
Sophisticated credit card fraud (Score:5, Interesting)
Re: (Score:2)
That's great when it works. I love how my local pizza hut shows up as being in a different state, it's always fun to have that trigger a "did you lose your card?" robocall.
Re: (Score:2)
Re: (Score:3, Insightful)
I recently ordered a netbook for my brother off an online website. The next day I got a call from my credit card company asking me if it was actually me making the purchase. I said yes it was, and THANK YOU for calling me. I feel the same way when I go to use my credit card and they ask for ID. Sure it inconveniences me, but I'd rather have false positives that only require me to say OK when I do something unusual, then someone making fraudulent purchases with my card. I know in the end my credit card compa
Re: (Score:1)
Driving (Score:1)
Normally I don't mind, but I was a bit irritated I went down to another city (about 8-9h) to visit and pick up my GF. Along the way I stopped several times for gas. On the way back, I stopped again and my card was blocked.
Apparently going outside of my city and buying GAS along the way is enough to trip the pattern recognition, which is somewhat silly as my car's best is about 700-800/tank (45L) and filling up during a 700km (each way) trip is somewhat of a necessity... not to mention the pre-requisite bath
OMFG! (Score:2)
Criminals do not go to that type of effort. It defeats the entire point of being a criminal. To be a criminal is to suffer poor impulse control and to not be a big fan of working.
Most criminals aren't going to break into the Louvre and steal the Mona Lisa. Is it feasible to try? Sure. But, it isn't in the nature of crime to do so. Why? The who point of crime is that a lazy person or a person with poor impulse control can realize high marginal value by doing something illegal. The marginal value of p
Re: (Score:2)
Criminals do not go to that type of effort.
There are several known organizations that make much more than the paltry value of the Mona Lisa each year with systematic credit card theft and fraud.
Industries such as the credit card fraud Industry, which take in hundreds of millions of dollars in revenue each year are generally not *lazy* and generally do not suffer from poor impulse control.
Re: (Score:1)
There are parts of the world where there is little opportunity, especially if you're not from the right background. Some of those smart and enterprising people turn to crime. And the internet lets them reach victims across the globe. Disparity of income also contributes to it. Where I live, if a person could steal even just $100 a day he would live quite well. The c
Re: (Score:1)
If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage.
This remains true. Behavioural data alone is worth nothing.
Also, I'd argue that credit card fraud becomes a lot less interesting when the scammer is limited to buying things that the original card holder would be interested in.
Re: (Score:1)
Re: (Score:2)
Sell on in bulk, value added. Stand out in a world of lists as something better, build a brand name for quality at a price.
Re: (Score:3, Interesting)
Must be a new system, because when my CC was skimmed last year in Vegas it took them a week (and about $3000 in purchases) for them to figure out that it was stolen - despite the fact that charges were being made in two different countries on the exact same day. Visa must think I regularly take 8 hour flights to and from Vegas to buy gas, groceries and shop at Best Buy. :\
Re: (Score:1)
Now, if you happen to steal a car
Favicon (Score:2)
Will they also steal the designs of our Slashdot favicons?
Malware Will Steal Behavior Patterns . . . (Score:2)
America Off-Line (Score:2)
Why are they saving this search data to begin with other than the profit motive? I highly doubt it was solely to benefit academic researchers.
What are our expectations of privacy when using search engines? Don't we have the right to assume that they do NOT save any personally identifiable information?
Fo
what a retarded fearmongering pile of crap (Score:3, Insightful)
If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties
ooooh. you spent 15 minutes yesterday on google looking for pet carriers. now i know who you will marry!
behavioral data is not mind reading or future predicting. its application is extremely narrow. this story is scaremongering stupid bs
Re: (Score:2)
Well it might be advantageous to know the S.O. is a dog, literally or figuratively.
Fetishes (Score:2)
This is why I change my porn viewing fetishes randomly every few weeks or so.
I don't get it (Score:2)
I read TFA and I still don't get it. What is the malicious coder's motivation? I mean, how does he make money knowing that you are friends with x number of other people? Does he sell it to marketers? Does he blackmail you because you have a mistress or something?
What I'm saying is, identity theft, credit card theft, and the like are easy to understand, because there is money to be made by doing it. How does one make money by knowing that Bob is friends with Susan, Bill, and Tracy?
New class of malware (Score:3)
Re: (Score:2)
Facebook knows what other sites I visit, and what I'm buying on Amazon? Who knew.
Re: (Score:1)
Who will change? I can think of 2 groups (Score:1)
"Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"
People in witness protection do it because they have to.
People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.
Re: (Score:2)
People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.
It is often seen when overcoming one's additions that it is a negative thing or even sometimes divisive. Ultimately however, it really serves to multiply the positives. Sorry for the tangent.
O RLY? (Score:1)
...Steal Behavior Patterns
Funny, I still have my behavioral patterns here, neatly organized in alphabetical order... *shot*
Re: (Score:3, Funny)
I was about to ask...
What happens when your behavioural patterns are stolen? Do you suddenly start to behave differently because you no longer have them?
Useful for privacy (Score:2)
If my behavior patterns can be replicated, then tracking me via my behavior pattern becomes a lot more difficult.
They cant steal what aint there (Score:2)
Re: (Score:2)
Thieves! (Score:1)
Given the amount of time I spend on the interwebs , will I suddenly have a life?
"Holy shit! Where am I? Could this be the fabled Out of Doors? OH, GOD! Someone must have stolen my behavioral patterns!"
On second thought, maybe this new stealing of behavioral patterns could turn out to be a good thing....