Within the context of corporate and organizational networks, a greynet is an elusive networked computer application that is downloaded and installed on end user systems without express permission from network administrators and often without awareness or cognition that it is deeply embedded in the organization’s network fabric. These applications may be of some marginal use to the user, but inevitably consume system and network resources. In addition, greynet applications often open the door for end use systems to become compromised by additional applications, security risks and malware.
Public instant messaging (AIM, MSN, Yahoo!)
Web conferencing (webcam, Voice Over IP (VoIP) Telephony
Peer-to-Peer (P2P) file sharing clients
Data Processing SETI@Home
As computer workstations have become connected to the Internet, a variety of programs have proliferated that offer the ability to extend communications, gather and deliver information, and to serve the needs of marketing concerns. Among the first to emerge were instant messaging clients such as ICQ, AOL Instant Messenger and MSN Messenger. Developments in technology have added video capability through webcam units, all of which have worked together to take advantage of available bandwidth in single, small network, and corporate environments.
The growth of greynets takes advantage of software and hardware developments. Informal networks are now appearing that provide a variety of streaming media and content that is supplied or modified by end users. An emerging category is "podcasting", in which users generate content for widespread download on portable MP3 players.
Problems with Greynet Programs
The problem with greynet programs is fourfold. First, greynet programs create network security risks by causing broad vectors for malware dissemination. For example, hackers' attacks that use IM and P2P networks have grown consistently since 2004, with The IM Security Center charting a 15% increase in attacks from 2005 to 2006, and a cumulative 710% growth in the number of viruses, worms, trojans, and spyware programs from April 2005 to April 2007. Second, they create privacy issues for the network by opening large holes for information leakage. Third, greynet programs create compliance issues for a computer network by creating an invisible parallel communications network. Fourth, they create issues on local machines through the consumption of local system resources and possible operating system or program stability concerns. All of these things increase network and IT administration time and costs.
Added to this in the corporate work environment is the loss of meaningful production time due to non-work related distractions through these greynet applications. Individual network environment policies may vary from non-existent to a full lockdown of end user system privileges. See the "Risks and Liabilities" section of Instant Messaging for a more detailed overview of threats, risks, and solutions to those problems for the most prevalent of the greynet programs, public IM.
Dealing with the security aspects of greynets has led to the emergence of specific administrative software packages that monitor and control traffic, as well as the enhancement of security suites and adware clients.
Security and Monitoring
Among the first and most prevalent of the specific administrative software packages were products that secure networks against threats borne by IM and P2P networks. These products were first introduced in 2002, and now protect 10% to 15% of U.S. corporations. Protection against these types of risks to corporate networks is still in early stages of adoption however, as evidenced by the fact that 73% of companies have security or "hygiene" in place for their email networks, while only 11% have hygiene in place for instant messaging and P2P. Products are available for security, content filtering, and archiving the use of these networks from companies such as Akonix, CSC, FaceTime, Global Relay, and Scansafe.
According to Facetime:
MySpace and other social networking sites will continue to be the most popular target for hackers, phishers and spammers in 2008 as long as they continue to offer the same level of profile customization to their users.
The danger to corporate networks lies within the growing tendency for workers to blur their work and professional lives, often surfing these social networking sites on their work PCs and so exposing the organization to information loss, inbound malware threats and compliance risks.
Hackers often use social engineering – manipulation with contextual language to trick victims into clicking on links that launch infected files - to propagate malware over IM networks as well as within social networking sites. The files may take the form of multimedia (jpegs or movie files) or traditional executable files. This ranges from an IM appearing to be from a trusted buddy to fake MySpace comments, messages or friend requests.
For example, in September 2007 a virus propagated through MSN Messenger delivering a .zip file full of malicious code. Victims received messages appearing to be from those on their buddy lists saying "Do you remember this girl? I can't believe she took this pic… do you know her?"
In November 2007, a Skype Worm propagated via a message stating "help me find this girl," accompanied by an executable file named "photo," which deposited a large number of infected files on the victim's computer.
Social Networking Security Concerns
According to FaceTime Security Labs, the increasing threat over this past year has been the boldness of a growing underclass of glory hackers on social networking sites such as MySpace. The danger to corporate networks lies within the growing tendency for workers to blur their work and personal lives, often surfing these social networking sites on their work PCs and so exposing the organization to information loss, inbound malware threats and compliance risks.
In November 2007, The Bandjammer Trojan ran rampant through MySpace music profiles. Once a band's MySpace page had been hacked, an invisible background image was created that linked to a dangerous site. Visitors to the hacked profile had their browsers hijacked, with the Trojan installing fake toolbars warning of a possible spyware infection, which included a handy link to click for a free scan which in turn took victims directly to various porn sites.
In the height of the holiday season, many MySpace users received a friend request from a "fake Tom," with the promise of free ring tones. The messages appeared to be from Tom Anderson, president and co-founder of MySpace, who users meet as their first friend when signing up for a MySpace profile. MySpace quickly deleted the fake profiles, but hackers quickly regrouped with new fake profiles sporting Tom's famous profile photo associated with random first names.
For knowledge workers, it is as common to do work at home as it is to conduct personal tasks while at work. According to the recent survey Greynets in the Enterprise: Third Annual Survey of Greynet Trends, Attitudes and Impact, commissioned by FaceTime and conducted by NewDiligence, 85 percent of end users use their work PCs for personal purposes. Users describe looking at interesting sites on the Web (74 percent), banking (60 percent) and shopping (60 percent) as their top online personal activities at work, outside of sending email.
"Many hacks and scams are creeping into the mainstream areas of MySpace and other social networking sites, as the perpetrators become bolder and more aggressive," reports FaceTime's Director of Malware Research Chris Boyd. "The most horrendous content imaginable is now easily stumbled upon via simple redirects and blog hijacks. The myth that you have to ‘go looking for it' has never seemed further from the truth."
Boyd saw an aggressive shift in the hacker behavior over the past year, with a growing underclass of young hackers who don't care about revealing their real identity. "Children as young as 12 years old are sharing professional phishing kits and trading stolen credit card details," said Boyd.
"MySpace and other social networking sites will continue to be the most popular target for hackers, phishers and spammers in 2008 as long as they continue to offer the same level of profile customization to their users," continued Boyd. "It's never a good idea to promote functionality over security, but there's no way MySpace can suddenly change how their site works, causing their users to lose interest in the very things that brought them there in the first place."
2007 research findings and hacker busts from Boyd and other researchers are detailed on the FaceTime Security Labs blog at http://www.blog.spywareguide.com.
Growing Concern over Greynets
According to the GreynetsGuide.com Web site managed by FaceTime Security Labs, there are more than 600 greynets currently in use worldwide. The list includes commonly downloaded applications such as IM and Web conferencing, along with newer plug in-type applications like search engine tool bars and online social networking sites, multimedia distribution portals, IPTV, and Web 2.0 applications. FaceTime expects this number to grow to more than 1,000 by the end of 2008.
The concern over greynets in the enterprise stems from their inherent characteristics: these real-time applications are evasive and always on, and many are structured with a liberal allowance for user customization. These attractive aspects of greynets are the same characteristics that classify them as high security and compliance risks. The nature of these greynets compounds the risks of inbound malware, outbound information leakage and require continual revisiting of network usage and compliance policies.
The uncontrolled use of greynets on enterprise networks has grown significantly over the past year. Most organizations cite between eight and ten greynets operating in their networks, according to the Greynets in the Enterprise survey. This high level of employee usage has increased from 20 percent in 2005 to 41 percent in 2006 to 56 percent in 2007. Employees continue to believe they have the right to download any application they need onto their work PCs (36 percent).
"While many greynet applications have legitimate business uses, there are also many that do not," said Cabri. "Most organizations are not willing to accept the security and compliance exposure resulting from the uncontrolled use of these applications. IT managers need to ensure the safe use of approved applications and effectively detect and block the rogue use of unapproved applications."
BELMONT, CALIF. - January 8, 2008 - FaceTime Communications, the leading provider of solutions that control greynets and manage unified communications in the enterprise, today announced its initial findings of 2007 malware trends affecting today's enterprise networks through instant messaging (IM), P2P file sharing and chat applications. During 2007 there were 1,088 incidents reported over all IM, P2P, and chat vectors.
Text messaging, or texting is the common term for the sending of "short" (160 characters or fewer) text messages from mobile phones using the Short Message Service (SMS). It is available on most digital mobile phones and some personal digital assistants with on-board wireless telecommunications. The individual messages which are sent are called text messages, or in the more colloquial text speak texts.
SMS gateways exist to connect mobile SMS services with instant message (IM) services, the world wide web, desktop computers, and even landline telephones (through speech synthesis). Devices which can connect to mobile phones and PDAs through protocols such as Bluetooth can also sometimes use that link to send SMS messages over the wireless network. SMS arose as part of the widely deployed GSM protocol, but is now also available with non-GSM systems.
The most common application of the service is person-to-person messaging, but text messages are also often used to interact with automated systems, such as ordering products and services for mobile phones, or participating in contests. There are some services available on the Internet that allow users to send text messages free of direct charge to the sender, although users of all North American networks have to pay to receive any SMS text message(T-Mobile, AT&T, Sprint, Verizon).