Newton’s Third Law of Motion, stating that, “For every action, there is an equal and opposite reaction” can be used to describe today’s focus on metadata. Social network operators, telecom carriers, and others are increasingly turning to metadata as they search for new and lucrative monetization opportunities in data analytics. However, at the same time, bad actors are innovating new ways to exploit and weaponize metadata. Analytics and Big Data are just beginning to bring into reach the potential to extract value from metadata - yet the struggle for competitive advantage and commercial gain is already at a fevered pitch.
Metadata, or “data about data,” is used to describe data, identify trends, administer algorithms and for scenario-modelling. Traditionally used in library card catalogs, today, it can be categorized as:
Examples of metadata include users’ IP addresses, Internet search history, when a user is online, for how long, the time between clicks and visit duration, among other things. These definitions may seem bland, but metadata has real-world ramifications. The National Security Agency’s General Counsel, Stewart Baker, described metadata by saying, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” General Michael Hayden, former director of the NSA and CIA, put it even more bluntly when he said, “We kill people based on metadata.”
Generally speaking, when networks sell data, what they are actually selling is targeting of a specific sub-segment of users on their platform. Social media and online networking services create psycho-graphic profiles of users by linking profile information with activities, behaviors and other expressions that can then be used to psychologically influence them to absorb and trust sponsored content and/or to behave in certain ways. This is usually thought of in terms of influencing buying behaviors, but there is no reason why it can’t also be applied to inciting extremism, recruiting terrorists, or even influencing elections, in addition to run-of-the-mill online fraud and digital theft. The rising popularity of cryptocurrencies and digital wallets present a prime opportunity for bad actors to deploy these methods for illicit financial gain.
However, ISPs cannot adopt the same business model because, by and large, they don’t have a platform to deliver tailored ads to targeted consumers and must sell and convey data sets to leverage potential commercial opportunities.
Recent legislative activity in many countries, including the United States, has resulted in mass-surveillance and data sale bills that increase the risk that metadata poses to Internet users by permitted or requiring private entities, such as ISPs, to exchange consumer-centric information with unknown and unregulated third parties. This - along with data leakage, insecure ISP servers and increasing commercial viability and interest in consumer data sets - almost certainly means that it’s only a matter of time before Internet users are harmed by exploitation tailored to their online activities. This can happen in unexpected ways. For example, potential employers or health insurance providers, when determining hiring or insurability, might rely on metadata generated by a user who is searching for health-related information for themselves or a family member.
Today, the rate of cyber-attacks continues to grow along with the sophistication of bad actors. Rather than focus on rare zero-day exploits, the focus has shifted to metadata and for an alarming reason: no matter how much is invested in personnel and training, it is impossible to avoid relying on people, and people’s characteristics are difficult or impossible to change.
The risks associated with metadata are difficult to overstate. Metadata enables the success of direct and indirect exploits in all critical infrastructure segments in every nation because it exposes systemic vulnerabilities and simplifies the avoidance of embedded behaviors for cyber defense. For a bad actor who understands seemingly random metadata and how to combine it with other data sources that further weaponize the psychographic and demographic outputs of Big Data analytics, the possibilities for social engineering and cyber exploitation are – to put it mildly – endless.
9th May 2022
“Thriving with Resilience & Integration in the New Opportunity Realm”
Innovation and Resources for the 5G Era
Leaders' Summit 2022
The SAMENA Council Leaders’ Summit 2022 addresses critical issues of the ICT industry and emphasizes on collective leadership approaches
SAMENA Telecommunications Council at MWC22 highlights importance of key recommendations and outcomes of the UN Broadband Commission’s WG on 21st Century Financing Models to close the connectivity gap
TRA Bahrain - Public Consultation for the Purpose of Amending the Regulation on Permitting, Installation, Upgrading and Maintenance of Public Radiocommunications Stations
CITC - Public Consultation On Amateur Radio Service Regulations
CITC - Public Consultation On The Spectrum Use Regulations of Space Science, Radio Astronomy and Meteorological Services
CITC - Public Consultation On Information Memorandum for Spectrum Auction in 2100 MHz for Non-Terrestrial Networks
Accelerating Fiber & IPv6+ Deployment to Catalyze New Business and GDP Growth
October 20 | Dubai UAE
Measuring digital development:
Facts and figures 2021
Digital Economy Report 2021
Cross-Border Data Flows And Development: For Whom The Data Flow
The State of Broadband 2021:
People-Centred Approaches for Universal Broadband
21st Century Financing Models for Bridging Broadband Connectivity Gaps
stc academy offers educational programs for gamers and game developers this gamers season
stc boosts the 5G network capacity by over 60%