POISED: Spotting Twitter Spam Off the Beaten Paths

Cybercriminals have found in online social networks a propitious medium to spread spam and malicious content. Existing techniques for detecting spam include predicting the trustworthiness of accounts and analyzing the content of these messages. However, advanced attackers can still successfully evade these defenses. Online social networks bring people who have personal connections or share common interests to form communities. In this paper, we first show that users within a networked community share some topics of interest. Moreover, content shared on these social network tend to propagate according to the interests of people. Dissemination paths may emerge where some communities post similar messages, based on the interests of those communities. Spam and other malicious content, on the other hand, follow different spreading patterns. In this paper, we follow this insight and present POISED, a system that leverages the differences in propagation between benign and malicious messages on social networks to identify spam and other unwanted content. We test our system on a dataset of 1.3M tweets collected from 64K users, and we show that our approach is effective in detecting malicious messages, reaching 91% precision and 93% recall. We also show that POISED's detection is more comprehensive than previous systems, by comparing it to three state-of-the-art spam detection systems that have been proposed by the research community in the past. POISED significantly outperforms each of these systems. Moreover, through simulations, we show how POISED is effective in the early detection of spam messages and how it is resilient against two well-known adversarial machine learning attacks

Electronic Commerce: A Half-Empty Glass?

This article introduces an electronic commerce paradox by observing that while electronic commerce grows rapidly it is, at the same time, based on unsettled foundations. It describes how 22 constraints for global electronic commerce were identified, and analyzes them in depth. The constraints fall into four themes: 1. Building trust for users and consumers 2. Establishing ground rules for the digital marketplace 3. Enhancing information infrastructure 4. Maximizing benefits. Each of these themes contains a number of critical issues. The first theme--building trust for users and consumers--involves privacy protection, security, consumer protection, authentication and confidentiality, and access blocking. The second theme includes legal framework, acceptance of electronic transactions, taxation, tariffs, intellectual property protection, commercial policy, and payment systems. Enhancing information infrastructure covers the needed infrastructure enhancements and includes Internet infrastructure and governance, interconnectivity and technical convergence, technical standards, bandwidth and accessibility, and the question of how to further the competition. The last theme is about maximizing the benefits of electronic commerce and includes the understanding of digital economy, its measurement, seamless globalization, and involvement of small businesses. At the time that this paper was written (February 2000) none of these 22 issues had been resolved. Yet, they need to be worked out if electronic commerce is to be successful in both the developed and the underdeveloped world

Evaluating the perception of SaaS adoption criteria with email permission-based marketing

This study aims to identify the main Software as a Service (SaaS) adoption criteria and apply them in permission-based email marketing campaign. Cloud computing and SaaS in precise is becoming a temping business sector for companies. While most of the attention is focus on the technological aspect, the business and marketing sides were less studied. The thesis present an empirical case study to investigate how respondents of small and medium enterprises' (SME), respond to different kind of stimulus from potential service providers, focusing on four distinctive adoption categories. The thesis is empirical and exploratory in nature. In the beginning, cloud computing and SaaS are reviewed to form the background of the study. Afterwards, special attention is dedicated to identifying and grouping the crucial SaaS adoption factors. The Technological-Organization-Environmental (TOE) and Diffusion of Innovations (DOI) frameworks had been used in the process of grouping the adoption factors into four categories. The second part of the literature review is dedicated to permission-based email marketing, examining the positive and negative sides and following how marketing has evolved and let to the adoption of permission-based email marketing. Quantitative data was gathered from a case company which is about to release new SaaS product and which wanted to study the perception of its potential clients towards the four SaaS adoption categories. The findings of the empirical part of this study are separated in four parts. Each part is dedicated to one of the four distinct adoption categories: Usability, Complexity, Security and Price. Usability and Complexity were the best perceived adoption categories while Security and Price didn't attract as much attention as initially anticipated. As a conclusion the study managed to shed some insight about how the SaaS adoption categories are perceived from SME's. The results can't be classified as expected or as absolutely innovative, since two of the categories behaved as it was expected while the other two - Complexity and Security showed some surprising results

A protection motivation theory approach to improving compliance with password guidelines

Usernames and passwords form the most widely used method of user authentication on the Internet. Yet, users still find compliance with password guidelines difficult. The primary objective of this research was to investigate how compliance with password guidelines and password quality can be improved. This study investigated how user perceptions of passwords and security threats affect compliance with password guidelines and explored if altering these perceptions would improve compliance. This research also examined if compliance with password guidelines can be sustained over time. This study focuses on personal security, particularly factors that influence compliance when using personal online accounts. The proposed research model is based on the Protection Motivation Theory (PMT) (Rogers, 1975, 1983), a model widely used in information systems security research. As studies have failed to consistently confirm the association between perceived vulnerability and information security practices, the model was extended to include exposure to hacking as a predictor of perceived vulnerability. Experimental research was used to test the model from two groups of Internet users, one of which received PMT based fear appeals in the form of a password security information and training exercise. To examine if password strength was improved by the fear appeals, passwords were collected. A password strength analysis tool was developed using Shannon’s (2001) formula for calculating entropy and coded in Visual Basic. Structural equation modeling was used to test the model. The proposed model explains compliance intentions moderately well, with 54% of the variance explained by the treatment model and 43% explained by the control group model. Overall, the results indicate that efficacy perceptions are a stronger predictor of compliance intentions than threat perceptions. This study identifies three variables that predict user intentions to comply with password guidelines as particularly important. These are perceived threat, perceived password effectiveness and password self-efficacy. The results show no association between perceived vulnerability to a security attack and a user’s decision to comply. The results also showed that those who are provided with password information and training are significantly more likely to comply, and create significantly stronger passwords. However, the fear appeals used in this study had no long-term effects on compliance intentions. The results on the long-term effects of password training on the participants’ ability to remember passwords were however promising. The group that received password training with a mnemonic training component was twice as likely to remember their passwords over time. The results of this research have practical implications for organizations. They highlight the need to raise the levels of concern for information systems security threats through training in order to improve compliance with security guidelines. Communicating to users what security responses are available is important; however, whether they implement them is dependent on how effective they feel the security responses are in preventing an attack. Regarding passwords, the single most important consideration by a user is whether they have the ability to create strong, memorable passwords. At the very least, users should be trained on how to create strong passwords, with emphasis on memorization strategies. This research found mnemonic password training to have some long-term effects on users’ ability to remember passwords, which is arguably one of the most vexing challenges associated with passwords. Future research should explore the extent to which the effects of PMT based information systems security communication can be maintained over time

Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment

A nossa investigação coloca a importância dos valores individuais como o centro de qualquer discussão sobre questões de privacidade. Os valores têm um papel essencial no discurso científico. Notamos que o conceito de valores é um dos poucos discutidos e utilizados em várias disciplinas das ciências sociais. Para isso, nesta investigação, apresentamos objetivos baseados em valores para a privacidade na Internet da GenZ. Os objetivos são classificados em duas categorias - os objetivos fundamentais e os meios para os atingir. Em síntese, os nossos seis objetivos fundamentais orientam a gestão das questões de privacidade da Internet da GenZ. Os objetivos são: Aumentar a confiança nas interações online; Maximizar a responsabilidade dos detentores de dados; Maximizar o direito à privacidade; Maximizar a capacidade individual de gerir o controlo da privacidade; Maximizar a percepção da funcionalidade da plataforma; Garantir que os dados pessoais não são alterados. Coletivamente, os objetivos fundamentais e de meios são uma base valiosa para a GenZ avaliar a sua postura de privacidade. Os objetivos também são úteis para que as empresas de media social e outras plataformas relacionadas elaborem as suas políticas de privacidade de acordo com o que a GenZ deseja. Finalmente, os objetivos são uma ajuda útil para o desenvolvimento de leis e regulamentos; Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment Abstract: Online privacy is a growing concern. As individuals and businesses connect, the problem of privacy continues to remain significant. In this thesis, we address three primary questions - What are the individual values of GenZ concerning online privacy? What are the fundamental objectives of GenZ in terms of protecting their online privacy? What are the means objectives GenZ consider for protecting their online privacy? We argue that online privacy for GenZ is vital to protect. We also argue that protection can be ensured if we understand and know what privacy-related values behold GenZ and define their objectives accordingly. Our research brings the importance of individual values to be central to any discussion of privacy concerns. Values have an essential place in scientific discourse. We note that the concept of values is one of the very few discussed and employed across several social science disciplines. To that effect, in this research, we present value-based objectives for GenZ internet privacy. The objectives are classified into two categories – the fundamental objectives and the means to achieve them. In a final synthesis, our six fundamental objectives guide the management of GenZ Internet Privacy Concerns. The objectives are: Increase trust in online interactions; Maximize responsibility of data custodians; Maximize right to be left alone; Maximize individual ability to manage privacy controls; Maximize awareness of platform functionality; Ensure that personal data does not change. Collectively our fundamental and means objectives are a valuable basis for GenZ to evaluate their privacy posture. The objectives are also helpful for the social media companies and other related platforms to design their privacy policies according to the way GenZ wants. Finally, the objectives are a helpful policy aid for developing laws and regulations

Cybersecurity Legislation and Ransomware Attacks in the United States, 2015-2019

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This dissertation investigates the effects of state cybersecurity legislation on the number of ransomware attacks on state and local institutions from 2015-2019. I review various arguments linking cybersecurity legislation to cybersecurity vulnerability and develop a set of hypotheses about the features of legislation that should deter and prevent ransomware attacks. The cybersecurity literature suggests increased training is a key mechanism to prevent ransomware attacks. However, I find no relationship between direct state legislation on cybersecurity training and ransomware. Instead, the statistical evidence suggests that there are fewer ransomware attacks in states with legislation that indirectly encourages training by shifting the responsibility for a cyber failure back onto vulnerable institutions. This legislation typically focuses on data breaches and often requires the institution to disclose failures, which increases reputational costs. The threat of increased costs for a cybersecurity failure changes these institutions’ cost benefit analysis and encourages these institutions to proactively improve their cybersecurity, such as through increased training. I further examine data breach laws in California and find evidence that these types of laws can promote increased cybersecurity measures. Thus, future legislation should focus on holding institutions responsible for cybersecurity failures, which should in turn lead to increased cybersecurity

Network Propaganda

"Is social media destroying democracy? Are Russian propaganda or ""Fake news"" entrepreneurs on Facebook undermining our sense of a shared reality? A conventional wisdom has emerged since the election of Donald Trump in 2016 that new technologies and their manipulation by foreign actors played a decisive role in his victory and are responsible for the sense of a ""post-truth"" moment in which disinformation and propaganda thrives. Network Propaganda challenges that received wisdom through the most comprehensive study yet published on media coverage of American presidential politics from the start of the election cycle in April 2015 to the one year anniversary of the Trump presidency. Analysing millions of news stories together with Twitter and Facebook shares, broadcast television and YouTube, the book provides a comprehensive overview of the architecture of contemporary American political communications. Through data analysis and detailed qualitative case studies of coverage of immigration, Clinton scandals, and the Trump Russia investigation, the book finds that the right-wing media ecosystem operates fundamentally differently than the rest of the media environment. The authors argue that longstanding institutional, political, and cultural patterns in American politics interacted with technological change since the 1970s to create a propaganda feedback loop in American conservative media. This dynamic has marginalized centre-right media and politicians, radicalized the right wing ecosystem, and rendered it susceptible to propaganda efforts, foreign and domestic. For readers outside the United States, the book offers a new perspective and methods for diagnosing the sources of, and potential solutions for, the perceived global crisis of democratic politics.

Network Propaganda

"Is social media destroying democracy? Are Russian propaganda or ""Fake news"" entrepreneurs on Facebook undermining our sense of a shared reality? A conventional wisdom has emerged since the election of Donald Trump in 2016 that new technologies and their manipulation by foreign actors played a decisive role in his victory and are responsible for the sense of a ""post-truth"" moment in which disinformation and propaganda thrives. Network Propaganda challenges that received wisdom through the most comprehensive study yet published on media coverage of American presidential politics from the start of the election cycle in April 2015 to the one year anniversary of the Trump presidency. Analysing millions of news stories together with Twitter and Facebook shares, broadcast television and YouTube, the book provides a comprehensive overview of the architecture of contemporary American political communications. Through data analysis and detailed qualitative case studies of coverage of immigration, Clinton scandals, and the Trump Russia investigation, the book finds that the right-wing media ecosystem operates fundamentally differently than the rest of the media environment. The authors argue that longstanding institutional, political, and cultural patterns in American politics interacted with technological change since the 1970s to create a propaganda feedback loop in American conservative media. This dynamic has marginalized centre-right media and politicians, radicalized the right wing ecosystem, and rendered it susceptible to propaganda efforts, foreign and domestic. For readers outside the United States, the book offers a new perspective and methods for diagnosing the sources of, and potential solutions for, the perceived global crisis of democratic politics.