Authors:

Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu

University of British Columbia

Annual Computer Security Applications Conference (ACSAC) 2011

Presented By:

Gavin Grant

http://en.wikipedia.org/wiki/CAPTCHA

http://developers.facebook.com/docs/reference/api/

Abstract

OSN Vulnerabilities

Socialbot Network

The Attack

Findings

FIS effectiveness

Social Networks have millions of users

Illustrate that Online Social Networks (OSN) are vulnerable to infiltrations by socialbots In particular Facebook

80% success rate

Socialbots – computer programs that control OSN accounts and mimic real users

Ineffective CAPTCHAs Hiring cheap labor ($1 per 1,000 broken)

Reusing session IDs of known CAPTCHAs

Fake User Accounts and Profiles Email and profile

Crawlable Social Graphs Traversing linked profiles

Exploitable Platforms and APIs Use APIs to automate the execution of activities

Set of socialbots owned and maintained by human controller called the botherder

Made up of socialbots, botmaster, and command and control channel

Socialbot controls a profile Data collected called botcargo

Capable of executing commands

Botmaster is software botherder uses to send commands through C & C channel

C & C facilitates transfer of botcargo and commands

Read, write, connect, disconnect

Set of commands used to mimic a real user Native commands

Master commands

Botworker builds and maintains profiles

Botupdater pushes new software updates

C & C engine maintains a repository of master commands Master commands needed

Cluster

Rand_connect(k)

Decluster

Crawl_extneighborhood

Mutual_connect

Harvest-data

Communication model

Works with socialbot-OSN Channel Only OSN-specific API calls and HTTP traffic

Helps in non detection

Socialbot has to hide its real identity

Botmaster should be able to perform large-scale infiltration

C & C channel traffic has to look benign

Facebook Immune System (FIS)

8 week process

Exploited Facebook’s Graph API to carry out social-interaction operations

Used HTTP request to send friendship request

Iheartquotes.com, decaptcher.com, hotornot.com, mail.ru

102 socialbots created and 1 botmaster

Users were created manually

49 males

53 females

5053 valid profile IDs

25 request per day per socialbot

Harvested data

First 2 weeks 2 days t send 5043 request (2,391 male , 2.662 female)

976 accepted (381 M, 595 F)

Next 6 weeks 3,517 more users added

2,079 infiltrated successfully

Generated 250 GB inbound and 3 GB outbound traffic

Acceptance rate increase to 80% as mutual friends increased

News feeds

Profile info

Wall messages

3,055 direct neighborhoods

1,085,785 extended neighborhoods

Real time learning system used to protect its users

Only 20 bots were flagged by system

Doesn’t consider fake accounts a real threat

OSN vulnerability to a large-scale socialbot network infiltration

Defense social networks have against social bots that mimic human behavior

Prayed on common user behavior

Only Facebook was attacked

Didn’t provide any prevention techniques

Try on other social networking sites

Not create socialbots manually