
According to research conducted early last year by the Pew Research Center, 74 percent of adults engage in social networking. This percentage is projected to grow, and the evidence of that is visible, seeing as more and more people continue to join sites such as Facebook, Twitter and Instagram every day.
As the population makes itself more public, researchers specializing in computer science are more closely monitoring online user interactions. Pete Burnap, director of the Social Data Science Lab at Cardiff University, and Omer Rana, a computer science professor at Cardiff, have discovered that malware is likely to be present in shortened links often clicked on and used by a majority of the Internet population through services such as Google, Bitly and Ow.ly.
Link shortening is generally employed to reduce the number of characters contained in a message. The issue, however, is that users don’t always know what’s behind the short links, Rana said.
“Basically, these short links could redirect you to a script on somebody’s server or it can be some sort of executable file that starts sending you data back,” Rana said. “So there is a kind of attack that is very common in web-based interactions called a ‘drive-by download’ attack. When you visit a website, you’re actually getting the content you should be looking at, but behind the scenes there’s another process that is generated … that is trying to channel malware back to your machine.”
Given Twitter’s 140-character limit on posts, users frequently rely on link shortening, making Twitter the main platform for Burnap and Rana’s research. The team originally focused on trending topics such as sporting events and selections, seeing as the related tweets are seen more often and are therefore taken advantage of by malware spreaders.
“People could just retweet them [tweets related to trending topics] without actually looking at what’s behind the links that people are sending out,” Rana said. “You could potentially have malware that sits behind these links and people could leverage on the popularity of a particular music artist or social event in order to propagate malware.”
The team’s main goal was to identify the percentage of content that could potentially refer users to malware. In order to identify such links, Burnap said he and his team secured a sandbox environment — somewhat of a virtual machine — and visited a random sample of URLs collected around the Super Bowl and the Cricket World Cup.
“If the URL server conducted malicious activity [such as] process execution or registry file modification, we marked it as malicious,” Burnap said.
According to ScienceDaily, the team at Cardiff was able to identify cyber-attacks on Twitter within five seconds with up to 83 percent accuracy and within 30 seconds with up to 98 percent accuracy.
“The main challenge when building the system was to identify signals of malicious activity in the large amount of noise generated by benign machine activity,” Burnap said.
Adam Lerner, a current doctoral student in computer science at the University of Washington, said issues regarding network security, such as link shortening and user privacy in general, are an important area of research.
“Our daily lives are becoming connected to the Internet, which is the biggest network we’ve got,” Lerner said. “Phones, cars, thermostats, you name it. Whenever something’s connected to a network, that network becomes a potential avenue of attack. In the same vein, more and more important aspects of our lives, both private and public, are taking place on the Internet, via these networked technologies. The goal of network security research … is to protect people and the things we care about from malicious behavior.
On sites like Twitter, Burnap said users do not necessarily have a choice in regards to choosing whether or not shorten a link since the site encourages the practice.
“Users don’t have a choice as [link shortening] is enforced by Twitter,” Burnap said. “This is why we need such a real-time malware detection system.”