Gartner recently released its hype report about social media. It is interesting to see that some of the tools we are advocating for Learning actvities are slipping into the “trough of disillusionment“. This is the time in a technology lifecycle when a product fails to meet the hype, and people stop talking about it as the “next big thing”.
Some friends and I have been discussing this lately – what will be social media’s downfall in the Enterprise? Some people think it will be the lack of measurements, some people think it will be a company disaster because of a slip-up attributed to a social networking site.
I don’t think it will be either of those things. I think it will be viruses planted by hackers and phishers that turn corporate laptops and desktops into zombies. Just this week came report that hackers are using twitter as a way to control botnets, so I don’t think my theory is too far-fetched.
Here’s my attempt at a relatively non-technical description of how I think the zombie infestation could play out:
-
You get fooled into clicking on a link that installs a virus onto your machine.
Most of the time, this is the result of a phishing scheme. The most recongnized example is you get an email from your bank saying they need you confirm some personal details. The email has all of the images and wording an email from your bank would normally have. But when you click on the link, it does not take you to the bank website. Instead, you have clicked a link that will download a little program to your machine. The program may do something really nasty like gather passwords to all the sites you use (banking, credit card, etc). Or, it may turn your machine into one of the virus creator’s zombie minions.
zomg!!!
-
Your computer is now a node in a botnet
A botnet is simply a collection of processes running on lots of computers. The compromised computers (or zombies) can be controlled by one master computer. Many times the zombies are used to send spam and cheat the pay for click sites. Maybe the worst use of zombie botnets is executing distributed denial of service (DDoS) attacks. DDoS attacks flood web servers with so much traffic that they are not able to operate. Twitter was brought down a couple of weeks ago by a DDoS attack. If you are able to trick enough people into downloading the virus that will turn their computer into a zombie, you can control your minions to do all sorts of very nasty things.
This is actually how Twitter is being used by the zombie overlords. They set up twitter accounts for the sole purpose of sending updates that are used to direct the zombies. -
The zombie-making viruses can be very tricky
Lots of times, you won’t even notice you have turned into a zombie. The virus hides itself. It may prevent you from getting to anti-virus sites or the Microsoft Updates site. So even if there is a fix, you won’t be able to apply it. You may notice that your computer is running very, very slowly. This could be a sign that you have been turned into a zombie.
Or maybe your Instant Message, email, Twitter or Facebook starts posting lots of messages to everyone in your friends list. A message with a link that says “hey I wanted to share this with you!!” (or something like that). Your friend thinks, oh cool wonder what this link is all about? They click the link and BAM now they are a zombie too!
-
You need more than a boomstick to clean up a zombie infestation
Cleaning up zombie machines is very labor intensive. If the IT folks can’t clean the machine completely, they may need to just reinstall the Operating System, which could mean a loss of data. And it takes a good bit of time. The entire time the IT person is working on your machine, you can’t work. And the IT person isn’t working on anything else either. If there is a zombie outbreak, and you have a project that has dependecies on IT, forget about making your dates.And we’re not just talking about the desktop IT support folks. If multiple machines on a corporate network have become zombies, they could also clog up the internal network with spam or DDoS traffic. Your network team goes into overdrive to shut this traffic down. Depending on how the virus that created the zombies is written, servers can also become infected.
So zombies cost time and money, two things that are scarce right now in most Enterprises. If a company gets infested with zombies caused or controlled by a social media site, you can be sure they will shut down access to these sites.
-
What you can do to ward off the zombie infiltration
First of all, make sure your anti-virus software is up to date. You may also want to run something like SpyBot Search and Destroy. I like this program because it will immunize your browsers against evil zombie-making programs.
Secondly, stop trusting everything you see in social media sites! Yes, I know this is contrary to the “everything is open” mantra of social media. But come on, even in real life you aren’t supposed to trust everyone the first time you see them. Stop clicking on links without checking them out first! Hover over an embedded hyperlink and look in the bottom of your browser for where the link will send you. Use a Twitter client like Mixero that will preview the real URL behind a tiny URL. Consider blocking spammers who try to follow your stream (this is a controversial subject, so use your own judgement).
Remember, sometimes you can’t tell someone else has been turned into a zombie until its too late. So always protect yourself!
To wrap this up, if we don’t want IT blocking access to these tools, people have to start thinking more about how we are using these tools. We can’t blame IT, the only way to prevent a zombie outbreak is to quarantine those who aren’t infected. If we don’t want it to get to that point, we have to be a little smarter as we use the tools. Because zombies are out there – waiting to turn you too.
Delayed gratification and common sense can combine to be a strong anti-phish technique.
Common sense tells you that if your mom or boss sends you a link that promises “check out this hot vid” maybe you should double-check if it’s real.
Delayed gratification tells you that you don’t have to be the first person to click something. Let some other guinea pig get compromised; save that link for 24 hours and see if your friends actually think it’s worth clicking.
It doesn’t hurt to make yourself as bulletproof as possible either. Browse with javascript and flash disabled, and enable them when needed, etc. There are addons out there for Firefox that make this much less of a chore than it used to be.
From experience, I know people don’t think twice about clicking links, esp from people they know. I was friends with a QA guy during the Sasser virus. I was at his cube, explaining how the work worked. I told him – you may get an IM from one of your friends, so be careful about the links you click. As I am in his cube, telling him what a nightmare this worm had caused us (the sysadmins), he got an email from a friend about pictures the friend had taken at a party and clicked it. I remember it in slow motion: “nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo”
ah QA guys……. 😉
Pingback: Slow computer? Maybe you have a zombie infestation!
I think you’ve highlighted a serious concern here, and a real need for education. I have a friend in IT security at an airline that has banned all social media, and her rationale, although a little more exaggerated (I’d call some of it irrantionale) has some parallels with what you are talking about here.
I agree, this kind of thing could mess up a company more than a lack of agreed measurement.
Pingback: PLNs in an Organisational Context « Mollybob Goes To School
Pingback: The Zombie stories are real, and their masters are getting smarter | Adventures in Corporate Education
The downfall of social media in most enterprises will be because most enterprises aren’t particularly “social.” Most enterprises are organized as hierarchical command and control structures, and social media, by its nature, threatens those who profit the most by this type of organization (think “incompetent managers” here.)
The second reason for the failure of social media in the enterprise is will be the lack of critical mass.
And the the third reason will be the self-censorship by individuals in the face of what is perceived as draconian and arbitrary punishment for not “going along” with the corporate message.
Finally, failure within the enterprise will actually be relative. Social media will still be used by small, self-selecting groups, but it won’t have major corporate sponsorship. No way to measure “ROI” in a way that a bean-counter can see the value.