An Investigation into the Contribution of Social Networks to Cybercrime

A case study of Facebook

By Wilberforce Opanga A Research Proposal Submitted to the School of Science, Engineering and Technology in Partial Fulfillment of the Requirements for the Award of the Degree of Bachelor of Science in Computer Science

Kabarak University

July, 2011

willopash@gmail.com

Declaration This is my original work and as far as I am concerned, has not been presented for the award of any degree in any other institution of higher learning. Name Wilberforce Opanga Signature Date

Approval This research proposal has been submitted for examination with my approval as a university supervisor:

Signature: .

Name: ...

Date: ....

willopash@gmail.com

Abstract
Facebook has become a force to reckon with in the field of social networking. It has been ranked as the number one social networking site with a membership of over five hundred million. It has earned trust from many people who have in turn exposed their information without thinking twice into which hands it might fall. Despite the positive contribution and impact that Facebook has provided, it still has a weak point that is easy to manipulate and misuse - this is the anonymity of the internet. It is hard to tell that the person you are interacting with on Facebook is whom he or she claims to be. It is also easy to hack someones account on Facebook and use it for personal gain and in most cases criminal activities. This has redefined cybercrime making it grow and graduate to a new level where it is difficult to differentiate between crime and genuine activities on the internet. Many crimes such as drug peddling have advanced to the level where it is hard to tell what is going on unless one understands the language that is being used by the involved parties. This study intends to establish how much cybercrime has grown as a result of social networks in general and Facebook in particular. The study also intends to enlighten the users of social networks on the existence of such crimes. Moreover, the study will strive to ascertain the number of people who fallen victim to such crimes, the consequences and how they got out of the situation. The study will be conducted using a questionnaire survey. Pertinent issues from the questionnaire survey will be pursued and clarified through probing questions posed to the interviewees. The resultant data will be analyzed using t-test, chi-square, correlation descriptive statistics and regression analysis.

willopash@gmail.com

Table of contents
Declaration and approval..ii Abstract....iii Chapter One: Introduction 1.1 Background to the study..6 1.1.0 Facebook...6 1.1.2 Cybercrime....7 1.2 Statement of the problem.7 1.3 Objective of the study..8 1.4 Hypothesis....8 1.5 Significance of the study..8 1.6 Scope and limitations of the study...8 1.7 Definition of terms...9 1.8 Limitations and delimitations of the study...9 Chapter Two: Literature review11 Chapter Three: Research methodology 3.1 Research design...................................14 3.2 Target population....14 3.3 Sample procedures..14 3.4 Data collection....14 3.5 Data analysis and interpretation.14

willopash@gmail.com

Chapter Four: Work Plan and Budget.16 4.1 Work plan..16 4.2 Budget...16 References...17 Appendices..................................19

willopash@gmail.com

Chapter One: Introduction

1.1 Background to the Study
The field of social networking and communication has undergone major reforms since the inception of Facebook. When Facebook was put into place, it became easy for people to network. It also provided an efficient venue for companies to advertise their products and services. Facebook indeed redefined communication. With the excitement that came up with the Facebook communication power, people begun to freely and carelessly expose their information without bearing in mind that the information could fall in wrong hands. This gave cybercrime an opportunity to evolve and manipulate this new technology that was hitherto intended to give people control in communication. This explains why Facebook is frequently targeted by cybercriminals who want to gain greater control in this new innovation of the twenty first century. Facebook is a social networking site that was founded in 2004 by Mark Zuckerberg, a former student of Harvard University. Zuckerbergs intention was to create a networking site that would enable people from different parts of the world to interact and share their experiences freely and at no cost hence contributing majorly in making the world a global village. Facebook is the most popular online social networking tool in use at the moment. This has made it susceptible to scammers and phishers. Users are at risk of falling victims of cybercrime, particularly Facebook phishing scams. The popularity of Facebook is very high; currently it ranked the number two website and number one social site. It commands a membership of over five hundred million users worldwide. Many people have taken advantage of this technology to communicate by writing on each others virtual wall, sending email and chatting. Facebook has strengthened communication by providing its users a centralized online social hub. It has also been used by companies and organizations to advertise their products and services. This captive audience has allowed malicious people to conduct their evil deeds on innocent unsuspecting people. References?

Cybercrime is a computer crime, because it is mainly conducted on computer network platforms. In the recent past, however, this crime has moved to mobile devices network platforms. Everyone who owns a computer risks becoming a victim of cybercrime. Cybercrime has become an appealing large-

willopash@gmail.com

scale crime targeting modern technology. It has invaded all sectors of life that involve computer and networking technology. It is a crime that cannot be easily combated because of the anonymity of the internet. It has proven to be hard to track down the cyber criminals. It is now difficult to deposit money in the bank and be a hundred percent sure that it is safe because of the influx of cyber criminals. It is also difficult to put information online and be assured that it is safe because there are people who are waiting to acquire and misuse it. References? The United Nations has categorized cybercrime into: i) Unauthorized access ii) Damage to computer data or programmes iii) Sabotage to hinder the functioning of a computer system or network iv) Unauthorized interception of data to, from and within a system or network v) Computer espionage

1.2 Statement of the Problem

Mass Media and the internet reveal that social networks are growing at an alarming rate with related dangers. These dangers are likely to become catastrophic and difficult to solve if not well managed. Facebook has gained a lot of popularity and trust from people; it is now ranked the second largest website and the largest social networking site. Cyber criminals have targeted Facebook in order to maliciously acquire and use the large quantity of information it has about people and organizations. The fact that people easily trust each other on Facebook also raises alarm because criminals can easily entice innocent to entrust personal information to them (criminals) for malicious intentions.

1.2 Objectives of the study

The study will be governed by three main objectives as exemplified below: a) To educate people on the major dangers that they are exposing themselves to while carelessly avail personal information on social sites. b) To provide a better understanding on how cybercrimes can be effectively regulated in the borderless medium of the cyberspace.

willopash@gmail.com

c) To enlighten people on the major crimes occurring on social networks. 1.4 Hypothesis The study aims to ascertain whether: a) The emergence and growth of social networks has heavily impacted on the growth of cybercrime. b) Criminals have turned their focus on the social networks bearing in mind that the networks have captured peoples attention and interaction more than on any other site. c) Social networks have provided a breeding and playing ground for many major types of crime granted the anonymity of the internet. d) Many innocent people have been affected by the various kinds of cybercrimes unknowingly.

1.5 Significance of the study

It is expected that the study will establish the extent to which the social networks generally and Facebook particularly have contributed to the growth of cybercrimes. It is also expected that the study will come up with findings that with make people think twice before entrusting their personal information to strangers they meet for the first time via the internet.

1.6 Scope and Limitations of the study

There are many areas that have provided a fertile environment for the growth of computer crime, but this study will mainly focus on social networks because they have gained the attention of criminals who are working all round the clock to ensure that they utilize them fully in their criminal activities. There are many social sites but the study will be restricted to Facebook because it is the biggest social site with the largest membership which has also attracted the largest attention of cyber criminals. Facebook has millions of users in the world, but the study will be limited to Nakuru and Nairobi towns of Kenya because due to finance and time constraints. Moreover, the two towns are cosmopolitan with high educated populations. The study assumes that the experience (including threats) that users in the two towns have is similar to what is experienced by internet users from other parts in the world have.

willopash@gmail.com

It is, therefore, expected that the data collected from the two towns will be reflective of the experiences of Facebook users (including cybercrime) in other major urban centres throughout the world and hence will facilitate the generalization of the study findings to other similar situations in not only Kenya but the entire world as well.

1.7 Definition of terms

a) Coding: it is a systematic way to condense extensive data-sets into smaller analyzable units through the creation of categories and concepts derived from the data. b) Cyber-crime: is a crime committed using a computer and the internet to steal a person's identity or sell contraband or stalk victims or disrupt operations with malevolent programmes. c) Cybercrime: is any illegal behaviour directed by means of electronic operations targeting the security of computer systems and the data processed by them. d) Cyber-criminal: is an individual who performs certain keyboard and mouse actions that security companies portray as being the most serious crime imaginable and results in jail sentences longer than serial killers and fines greater than billionaires' fortunes. e) Cyberspace: is the electronic medium of computer networks, in which online communication takes place. f) Facebook: is a social networking service and website launched in February 2004, operated and privately owned by Facebook, Inc. g) Social network site: is a website where individuals can set up an online profile, describing their interests, and add links to other profiles. In this study, it will be referred to as social networks. h) Sophos: is a privately-owned company which is involved in developing security software and hardware which includes anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways. i) Twitter: is a website, owned and operated by Twitter Inc., which offers a social networking and broadcasting medium in the form of blogging. j) UNLV: is the University of Nevada, Las Vegas

willopash@gmail.com

1.8 Limitations and Delimitations of the Study

The study will be handicapped by a limited budget, the large scope of problem area and the largeness of Facebook which will be tackled in the following ways: a) Thee budget constraints will not lead to a shallow study; rather, sponsorship will be sought from academic institutions and businesses so as to realize sufficient funding. b) Facebook affects many people who have different experiences, but the study will concentrate on the general experiences encountered by most users, especially those that contribute to cybercrime worldwide. c) The foregoing limitations not withstanding, it is expected that the study will to draw some useful general conclusions on the problem area.

willopash@gmail.com

Chapter Two: Literature Review

Social Networking sites have become the new go-to attack point for malware, phishing and spam, and security vendor Sophos found in its Security Threat Report, 2011. The report, which examines and analyzes cybercrime during 2010 and highlights the trends to watch out, reveals that scammers and cyber-criminals have their sights trained on users of social networks like Facebook and Twitter. The report contents that the number of social network attacks grew significantly in 2010.

According to Sophos, about forty percent (40%) of the one hundred and two hundred (1,200) social networking users polled have been sent malware, such as worms, via the social networking sites they frequent. That is an increase of about ninety percent (90%) as compared to the second the summer of 2009. Additionally, two thirds of the users queried, said they had been spammed via social networking sites. This is more than double the proportion of social networking users affected two years earlier. Sophos also found out that forty three percent (43%) of the respondents had experienced phishing attacks, which is more than double the number of 2009.

The scams that are plaguing social networks were unheard of a few years ago (Richard Wang, Manager of Sophos Labs U.S. (Year?). According to Wang, social networking platforms like Facebook and Twitter are struggling to keep up with the swell of threats as cybercriminals and scammers seek to leverage these new mediums.

According to the study, a good deal of social networking happens in the workplace and fifty nine percent (59%) of the survey takers believe social networking behaviour could endanger corporate security while fifty seven percent (57%) worry that colleagues are sharing too much information on social networks. On the other hand, eighty two percent (82%) feel that Facebook poses the biggest risk to security. Sophos has identified "onMouseOver," the Twitter-based worm, as the "biggest single social networking security incident of 2010. Overall, the majority of the types of security threats from 2009 to 2010 stayed the same, despite their high impact on social networks.

willopash@gmail.com

Recent researches have only managed to show how cybercriminals have shifted their attention from other social networking sites especially My Space which two years ago was their favorite playing ground to Facebook which at the moment is the biggest with over five hundred million registered members. These researches show how much costs companies and individuals have to bear due to this crime. The researches have shown how much has been done by Facebook to curb this crime, but they have not shown how much contribution Facebook has made as far as cybercrime is concerned.

This study seeks to bring up the contribution of social networks to the growing field of cybercrime which has now become the biggest online threat after viruses. Apart from showing how much contribution has been made by the social sites, the study will also aspire to come up with data that will show how individuals have indirectly contributed to social sites by carelessly exposing their personal information in the social networking sites especially Facebook. It is obvious that cybercrime is a major online threat; it is evident that many people have fallen victims to this crime. It is clear that social networks make a great contribution to cybercrime, but there is no actual information on how much they have contributed. This study intends to establish the correct and factual information.

A study conducted by Trever Smith, graduate student in the Department of Criminal Justice at UNLV (2010) examines cybercrime that is committed through the utilization of Social Networking Sites. The study explains the criminal activity that is occurring on Social Networking Sites and what Social Networking Sites are doing to help users keep their information private and prevent them from being victimized. Trever argues that with the advancement of technology for the benefit of mankind, comes the advancement of new technology to commit crimes. From 2000-2004 cybercrime complaints doubled, and from 2004-2007 they remained the same. However, the latest FBI statistics, produced by the Internet Crime Complaint Center, show that in 2008 cybercrime increased by thirty percent (30%) (IC3, 2008). According to the 2009 Unsecured Economies Report produce by McAfee, one of the worlds leading antivirus software and computer security companies, cybercrime costs $1 trillion or more annually, but that is also limited to what cybercrime was reported (McAfee 2009). This figure does not take into consideration the cost of physical damages to victims, or the cost of police investigations. The latest research by the Pew Internet & American Life Project (2010) as captured in the study conducted by Trever indicates that seventy three percent (73%) of teen internet users and forty seven percent (47%) of online adults currently use social networking sites. Facebook is currently

willopash@gmail.com

the most popular social networking site among adults; among adult profile owners alone seventy three (73%) have a Facebook profile, forty eight percent (48%) maintain a MySpace profile, and fourteen percent (14%) a LinkedIn profile (Pew 2010). It should be noted that most users generally have multiple profiles on different sites, for professional and personal reasons.

Understanding that seventy three percent (73%) of online teens and seventy five percent (75%) of online young adults aged 18-24 years old maintain profiles, the amount of information accessible is phenomenal. According to research completed by the Pew Institute eight two percent (82%) of profile authors include their first name in their profiles, seventy nine percent (79%) include their photos while sixty six percent (66%) include photos of their friends and/or family members. Sixty one percent (61%) of the users include the name of their city or town; forty nine percent (49%) include the name of their school (Pew 2007 & 2009).

A similar study conducted at Carnegie Mellon University (CMU), Year? found similar results when analyzing the information available on CMU students Facebook profiles. The CMU findings content that the majority of students list their real names (89%) and contain a profile image (90.8%). In addition, forty percent (40%) of the users list a phone number to view. While these studies indicate the main components of an individuals profile, they fail to mention the up-to-the minute information that is readily accessible as well.

willopash@gmail.com

Chapter three: Research methodology

3.1 Research design
The study will be conducted using a questionnaire survey implemented by the study team. Pertinent issues arising from the questionnaire survey will be pursued and clarified through probing questions posed to the interviewees by the study team.

3.2 Target population

The target population will be composed of Facebook users from Nakuru and Nairobi which are some of the major cities in Kenya; they will include high school students, students in institutions of higher learning and the working class.

3.3 Sampling procedures

Probability sampling, precisely simple random sampling will be used to draw the study sample.

3.4 Data collection

Data will be collected directly from the respondents by the study team using the questionnaires.

3.5 Data analysis and interpretation

The study team will edit the resultant data to ensure that the figures and words are accurate. This will be done manually after which it will be typed prior to analysis. Questionnaires with twenty five percent (25%) blank spaces will discarded. the data will then be alphanumerically coded for computer analysis. Where necessary data will be transferred to coding sheets and responses to negatively worded questions will be revised to confirm to the same direction.

willopash@gmail.com

Data will be put into classes which are mutually exclusive such as gender, age or religion. The data will be analyzed using t-test, chi-square, correlation descriptive statistics and regression analysis. Three measures of tendencies will be used namely: mode, medium, and mean. The data characteristics will be described and explored by drawing graphs and charts, performing cross tabulation and calculating means and standard deviations. Patterns and relationships in the data will be sought by comparing means, exploring correlations, performing multiple regressions, or analyses of variance. Advanced modeling techniques will be used to build sophisticated explanations of how the data collected addresses the original question. Qualitative data analysis will be used to describe and summarize the mass of words generated from the interviews. This will establish the relationship between various themes identified from the study. A report of the findings will then be documented proving or disapproving the hypothesis besides drawing up conclusions and recommendations on the way forward.

willopash@gmail.com

Chapter four: Work plan

4.1 Work plan and Budget
The study will be conducted in twelve months commencing January, 2012 as detailed in table 4.1. The study budget will be as detailed in table 4.2. Table: 4.1 Work plan Period September-October 2011 January-February 2012 April-May 2012 June, 2012 July, 2012 July, 2012 August, 2012 September, 2012 Table 4.2 Budget Item Hire a van for one month Fuel for the van for one month Accommodation for four people for one month Catering for four people for one month Typing and printing questionnaires Typing and Printing the and binding report Upkeep allowance for four members Total Unit Cost (KES) 10,000 40,000 15,000 30,000 1,500 3,500 4500 Total (KES) 10,000 40,000 15,000 30,000 1,500 3,500 18,000 118, 000 Activity Preparing, presenting and defending the proposal Collecting Data Analyzing the Data Compiling the report Typing and printing the report Presenting the report Defending the report Publishing the report

willopash@gmail.com

References
Analyze the data and interpret findings http://www.rdinfo.org.uk/flowchart/Section8.htm accessed on July 10 2011 Computer application for business; Effects of cybercrimes on business http://www.scribd.com/doc/54756700/CAB-566-Assignment-2 accessed on June 15, 2011 Cybercrime Awareness http://www.cybercellmumbai.com/files/Types%20of%20cyber%20crime.pdf accessed on June 15, 2011 Cybercrime http://www.thefreedictionary.com/Cybercriminal accessed on 18th June 2010 Cybercrime: The Transformation of Crime in the Information Age, By David S. Wall. Cambridge, UK: Polity Press, 2007: http://www.bsos.umd.edu/gvpt/lpbr/subpages/reviews/wall0608.htm accessed on June 15, 2011 Cybercriminal http://www.urbandictionary.com/define.php?term=cyber%20criminal accessed on 18th June 2010 Data Analysis & Interpretation http://hubpages.com/hub/Data-Analysis-Interpretation accessed on July 10, 2011 Data Interpretation Methods http://people.uwec.edu/piercech/researchmethods/data interpretation methods/data interpretation methods index.htm accessed on July 10, 2011 Data Preparation, Interpretation and Analysis http://www.esurveyspro.com/article-data-preparationinterpretation-and-analysis.aspx accessed on July 10, 2011 Definition: cyberspace. http://www.thefreedictionary.com/cyberspace accessed on 30th June 2011 at 18:35 Different Types of Cyber Crime http://www.ehow.com/facts_4970264_different-types-cybercrime.html accessed on June 15, 2011 Grabosky, Peter. 2007. Electronic Crime. Upper Saddle River, NJ: Pearson. Social Networking a Major Security Threat, Cybercriminals Eye Facebook http://www.crn.com/news/security/229000883/social-networking-a-major-security-threatcybercriminals-eye-Facebook.htm;jsessionid=6BL4zqIzGfZT4iOHJAYPBA**.ecappj03 accessed on June 15, 2011 Social Networking Sites: Helps You Connect and Share with the People Not in Your Life http://www.sheldensays.com/socialnetworking.htm accessed on 30th June 2011

willopash@gmail.com

Sophos http://en.wikipedia.org/wiki/Sophos accessed on 18th June 2010 Stay Safe on Facebook http://www.brighthub.com/internet/security-privacy/articles/66918.aspx accessed on June 15, 2011 The Golden Age of Cyber Crime http://www.tech-faq.com/the-golden-age-of-cyber-crime.html accessed on June 15, 2011 Todays Cyber threats: Facebook Scam fest, Cybercrime Does Pay http://www.technewsdaily.com/todays-cyberthreats-Facebook-scamfest-cybercrime-does-pay-2126/ accessed on June 15, 2011 Twitter http://en.wikipedia.org/wiki/Twitter accessed on 18th June 2010 Types of Cybercrime http://www.b4usurf.org/index.php?page=types-of-cybercrime-2 accessed on June 15, 2011 Types of cybercrime http://www.crime.hku.hk/cybercrime.htm accessed on June 15, 2011 Wall, David S. 2001. Crime and the Internet, London: Routledge. What is a Social Networking Site? http://www.wisegeek.com/what-is-a-social-networking-site.htm accessed on 18th June 2010

willopash@gmail.com

Appendix Questionnaire

willopash@gmail.com