Invasion Of The Facebook Snatchers
If you think that Facebook’s 600,000 compromised logins per day are not enough, you’d better read an interesting paper issued by a group of researchers from University of British Columbia, concerning the capability to use socialbots, that is software driven fake identities controlled by a bootmaster, to lure real Facebook users with the purpose of stealing sensitive data, and more in general, every kind of information with a potential monetary value.
Social Networks are gaining more and more importance for everyday life, both on a microscopic and on a macroscopic scale. On a microscopic scale they influence the life of a growing number of individuals who concentrate there their personal and professional interests; on a macroscopic scale Social Networks played (and are playing) a crucial role for the Arab Spring, both on a social and military perspective, not only they were the virtual weapons for protesters to witness the events in Tunisia, Egypt, Libya and Syria (but also for the loyalists with actions of propaganda and misinformation), but they were also used by NATO as real weapons in Libya to identify potentially targets to strike after “strong authentication” with conventional technologies (such as satellites).
Of course this constantly growing influence is attracting attentions from governments (which are evaluating technologies to monitor and eventually counteract the streams of information) but also from individuals who look at the weaknesses of social networks (and more in general at the scarce attention towards privacy by many users) as a mean for stealing money and information, a new form of richness of the Web 2.0 era.
The idea behind this research is not completely new, and takes into consideration two well known risk factors for Social Networks: reputation and privacy. The (fake) social reputation of a malicious individual can lure legitimate users to connect with untrusted contacts, after the connection, the poor attention for privacy settings together with a superficial behavior can bring to users to reveal, through the social channel, personal and classified information. This is the reason why resounding examples of fake profiles (with human beings behind) are not new for social networks, for scientific or amusement purposes: the names of Robin Sage and Primoris Era should sound familiar to many.
On the other hand not even the possibility to develop software-based fake social personas is a completely new, at least in theory and, most of all with military purposes, if it is true that the U.S. Department of Defense is developing software personas for propaganda actions inside the Social Network Battlefield.
What is completely new is the fact that no one so far had been able to show the results of a research done with software based socialbots since, so far, only human fake profiles were used to steal informations.
So what happens when bots, a concept proper of Information Security, meet social networks?
The results, at least for Facebook are frustrating: the above mentioned paper shows that, starting with a socialbotnet of 102 socialbots (49 male profiles and 53 female profiles) controlled by a single botmaster, the researchers were able to infiltrate Facebook, fully automating the operation of the Socialbotnet (including fake accounts creation).
The average success rate was 59.1%, with peaks close to 80%, which in several cases, depending on users’ privacy settings, resulted in privacy breaches (harvested data included email addresses, phone numbers, and other profile information with potential monetary value). Even worst, collected data included also private data of users who had not been infiltrated, but were only “guilty” to be somehow connected to infiltrated users, with an average collection day of 175 new chunks of publicly-unaccessible users’ data per socialbot per day.
The infiltration turned into 8,570 connection requests in a timeframe of 8 weeks with 250 Gb of data collected. Moreover the Social Network Defenses, such as the Facebook Immune System, resulted not effective enough in detecting or stopping the infiltration as it occurs: they were effective only when users were able to recognize the fake profiles and mark them as spam. Curiously this happened only in 20 cases (nearly the 20% of the total), all related to female profiles.
From the users’ side, (an easily predictable statement) the research confirms that most users are not careful enough when accepting connection requests sent by strangers, especially when they have mutual connections (the so called triadic closure principle, one of the foundations of the Social Networks).
Personal and Professional Social Networkers (and organizations that are approaching Social Networks) are advised!
- 756,302 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 1-15 April 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics
- August 2013 Cyber Attacks Statistics
- A (Graphical) World of Botnets and Cyber Attacks
- 1-15 March 2014 Cyber Attacks Timeline
- 16-31 March 2014 Cyber Attacks Timeline
- 2013 Cyber Attacks Statistics (Summary)
- @forensikblog Thanks for the feedback! Much appreciated! Will amend it asap! - 3 hours ago
- In case you missed, here's the 1-15 April 2014 Cyber Attacks Timeline! hackmageddon.com/2014/04/24/1-1… #infosec - 11 hours ago
- 1-15 April 2014 Cyber Attacks Timeline wp.me/p14J6X-2y7 - 18 hours ago
- Analyzing a banking Trojan info.lastline.com/blog/analyzing… - 1 week ago
- Pipeline for a scalable malware analysis process: an interesting take from our very own @marco_cova. Worths reading! info.lastline.com/blog/a-pipelin… - 1 week ago
- 16-31 March 2014 Cyber Attacks Timeline wp.me/p14J6X-2y0 - 1 week ago
- RT @lastlineinc: Lastline co-founder Engin Kirda presents "Evasive Malware Attacks" at NY Information Security Meetup http://t.co/pcoZnspu1l - 2 weeks ago
- WatchGuard Uses Lastline's Cloud Based Sandbox to Combat APTs info.lastline.com/blog/watchguar… - 3 weeks ago
- @kf916 For the moment only the timelines. I am very busy. Hope to republish the charts quite soon - 3 weeks ago
- @lastlineinc is present at #ROOMn2014, visit our booth and discover how you can protect your organization from mobile advanced threats - 3 weeks ago