Researchers: Criminals could launch 'social reality' attack

Dark Facebook of the near future

Malware could soon become sophisticated enough to launch social engineering attacks based on analysis of a victim's behavioural patterns and social interactions, researchers have suggested.

According to the MIT and Israel-based authors of Stealing Reality, such malware would represent a major step change from today's crude threats, capable of inflicting serious damage to targeted individuals.

Some malware might exist solely to build databases of behavioural data on individuals culled over a long period of time, which would then be used as the fuel for highly-targeted social engineering attacks able to penetrate even the best-defended organisations or social groups.

After analysis using mathematical models of optimum spread, the researchers dub this the 'social reality' attack, the dark twin of today's consensual social networks where complex data would be collected and exploited for a variety of criminal rather than social or legal ends.

The danger of such an attack would be that a victim could not easily escape from its hold as might be the case with a technical attack.

"It is much harder to change one's network of real world, person-to-person relationships, friendships, or family ties. The victim of a "behavioural pattern" theft cannot easily change her behaviour and life patterns. Plus this type of information, once out, would be very hard to contain," say the authors.

So is this 'dark Facebook' thesis (our phrase) plausible?

As the authors point out, Marshal McLuhan's famous dictum of the 1960s 'the medium is the message' can now be re-formulated to say 'the network is the message. People reveal huge amounts of data social information about themselves when they interact online, often without realising it.

Despite this, today's social engineering attacks are primitive. They reach out to victims using technical workarounds and crude communication concepts, which limits their scope.

The value of information is that spammers and other malware criminals could use behavioural patterns to build up a more complex picture of individuals the better to work who to attack, using which method, and when. Such information-based attacks would also persist.

It follows form this that people with large numbers of connections might be at greater risk simply because they are likely to be generating more data that could be analysed for weakness, particularly in a professional context. Today's security systems pay little or no attention to the collection of such information, so people are pretty much unprotected.

"The difference between SR [social reality] attacks vs. more traditional forms of attacks should be treated with the same graveness as non-conventional weapons compared to conventional ones," say the authors.

Join the PC World newsletter!

Error: Please check your email address.

Tags Personal Techsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E Dunn

Show Comments

Cool Tech

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >


Learn more >

Family Friendly

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?