David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud



Cruising the Misinformation Superhighway


Long before there was a World Wide Web, when the internet was largely a playground for academics and the military, and most people still thought spam was a canned meat, there were already hoaxes and scams (pyramid schemes, Ponzi schemes, lures into premium rate phone services, fake friends and stalkers...). Early internet worms evolved into the mass-mailers of the last decade and then into Facebook clickjacking apps. Old-school viruses evolved into a range of threats from botnets to specialized banking trojans to the highly specialized attacks that some call APTs. And just as the pre-WWW world of Usenet and email morphed into social networks and Twitter, so too did malicious social engineering – focused on psychological manipulation rather than malicious code – adapt effortlessly to the new environment.
Hoaxes and scams both incorporate deception, and may even look very similar, but scams are largely motivated by profit. The hoaxer is more likely to be bolstering his/her own self-esteem by proving how stupid others are than anticipating any financial gain. 
There’s an interesting parallel here. Before the malware scene became all about profit, virus writing was mostly about glorifying the virus writer and giving them 'bragging rights' among peers, though in some cases there was a clear intent to do damage to data. Similarly, while the contemporary scammer or malware writer is happy to exploit gullibility for profit, the hoaxer usually contents themselves with proving that other people are more ‘stupid’ than they are. However, it’s likely that profit-driven scammers sometimes justify their activities to themselves by stressing the victim’s undesirable stupidity: de-personalization of the victim is a significant factor in preserving the criminal’s favorable self image.
The ESET paper Origin of the Specious: the Evolution of Misinformation – my first non-conference paper for a while – looks at some old-time hoaxes and some of the ways in which they've adapted to new, shinier social messaging media.


Posted 28/02/2013 by David Harley

Tagged under: David Harley , hoax , social media , web 2.0 , ESET , Facebook , social engineering

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×