Malware - malicious software written for purposes like identity theft - could get a lot more dangerous.

With so much information stored, and advancements in programming, malware programs could soon not only engage in traditional data theft or taking over a computer, but also 'steal' data on behavior patterns, a higher level of danger than easily detectable attacks.

A new generation of malware threats could extract personal information about relationships in a real-world social network, as well as characteristic information about individuals in the network. Using mathematical models, based on actual mobile network data, researchers at Ben-Gurion University demonstrated that malware attacks could be adapted to follow human behavior on social networks and exploit the 'rich data' contained in those behavior patterns. 

The research showed that in many cases a "stealth attack" (one that is hard to detect and steals private information at a slow pace) can result in the maximal amount of overall knowledge captured by the operator of this attack. This attack strategy also makes sense when compared to the natural human social interaction and communication patterns. The rate of human communication and evolution of a relationship is very slow compared to traditional malware attack message rates.

A "Stealing Reality" type of attack, which is targeted at learning the social communication patterns, could "piggyback" on the user-generated messages, or imitate their natural patterns, thus not drawing attention to itself, while still achieving its target goals.

One of the biggest risks of real world social media network information being stolen is that this type is very static, especially when compared to traditional targets of malicious attacks. For example, passwords, usernames and credit cards can be changed. An infected computer could be wiped and re-installed. An online e-mail, instant messenger or social networking account could be easily replaced with a similar one, and the users' contacts can be quickly warned of the original account's breach.

However, it is much harder to change one's network of real world, person-to-person relationships, friendships or family ties. The victim of a "behavioral pattern" theft cannot easily change his or her behavior and life patterns. Plus this type of information, once out, would be very hard to contain. In addition, once the information has been extracted in digital form, it would be quite hard, if not impossible, to make sure that all copies have been deleted.

The researchers explain in the study that "Many commercial entities have realized the value of information derived from communication and other behavioral data for a great deal of applications, like marketing campaigns, customer retention and security screenings. There is no reason to think that developers of malicious applications will not implement the same methods and algorithms into future malware, or that they have not already started doing so. There already exist secondary markets for resale of this type of information."

Preprint: Yaniv Altshuler, Nadav Aharony, Yuval Elovici, Alex Pentland, Manuel Cebrian, 'Stealing Reality', arXiv:1010.1028v1