Biometrics /cybersecurityMalware will soon steal behavioral patterns

Published 11 October 2010

Examples of malware which steals personal information are all around us, sometimes for the purpose of making it public and at other times for profit; computer scientists predict that a new generation of malware will mine social networks for people’s private patterns of behavior

Examples of malware which steals personal information are all around us, sometimes for the purpose of making it public and at other times for profit. Details such as names, addresses, and e-mails are hugely valuable for companies wanting to market their wares.

Technology Review reports that there is another class of information associated with networks that is potentially much more valuable: the pattern of links between individuals and their behavior in the network — how often they e-mail or call each other, how information spreads between them, and so on.

Why is this more valuable? An e-mail address associated with an individual who is at the hub of a vibrant social network is clearly more valuable to a marketing company than an e-mail address at the edge of the network. Patterns of contact can also reveal how people are linked, whether they are in a relationship for example, whether they are students or executives, or whether they prefer celebrity gossip to tech news.

This information would allow a determined attacker to build a remarkably detailed picture of the lifestyle of any individual, a picture that would be far more useful than the basic demographic information that marketeers use today that consists of little more than sex, age, and social grouping.

Now Yaniv Altshuler at Ben Gurion University in Israel and colleagues argue that the value of this data makes it almost inevitable that malicious attackers will attempt to steal it. They point out that many companies already mine the pattern of links in their data for things like recommender systems.

There is no reason to think that developers of malicious applications will not implement the same method and algorithms into future malware, or that they have not already started doing so,” they say.

The idea would be to release some kind of malware that records the patterns of links in a network. This kind of malware will be very hard to detect, say Altshuler and colleagues. They have studied the strategies that best mine behavioral pattern data from a real mobile phone network consisting of 800,000 links between 200,000 phones (they call this type of attack “Stealing Reality”).

In conventional attacks, malware spreads most efficiently when the infection rate is high, and this maximises the amount of information it can steal. It also makes the malware relatively easy to spot, however.

In a behavioral pattern attack, their surprising conclusion is that the most effective way of mining data is to have a low infection rate, so the malware spreads slowly. This is because it takes time to collect good information about an individual’s behavior patterns. Also, a slow spread is less likely to be picked up by network administrators and antivirus software.

Perhaps the most worrying aspect of this new kind of theft is its potential impact. If malware steals your credit card details or online banking passwords, you can easily change them and this limits the damage.

If a malicious attacker steals your behavioral patterns, there is almost nothing you can do. You can not change your network of friends or family, for example.

Technology Review notes that what is more, once this information is released, it is more or less impossible to contain — how would you ensure that every copy had been deleted?

The prospects for avoiding this new threat look bleak. As Altshuler and collegues point out: “History has shown that whenever something has a tangible value associated with it, there will always be those who try to malevolently ‘game’ the system for profit.”

—Read more in Yaniv Altshuler et al., “Stealing Reality,” arXiv:1010.1028v1 [cs.SI] (5 October 2010)