Stealing reality: When criminals become data scientists (or vice versa)

Abstract

In this paper, we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, a type of attack which we dub Stealing Reality. We explain how Stealing Reality attacks differ from traditional types of attacks against individuals' privacy and discuss why their impact is significantly more dangerous than that of other attacks such as identity theft. We then analyze this new form of attack and show what an optimal attack strategy would look like. Surprisingly, it differs significantly from many conventional network attacks in that it involves extremely slow spreading patterns. We point out that besides yielding the best outcome for the attackers, such an attack may also deceive existing monitoring tools because of its low traffic volumes and the fact that it imitates natural end-user communication patterns.