Socialbots used by researchers to 'steal' Facebook data Skip to main content

Socialbots used by researchers to 'steal' Facebook data

BBC

Girl using Facebook  
Those with more Facebook friends were more likely to accept the fake friend
 
Researchers have demonstrated a new technique capable of stealing personal information from Facebook.

Using 'socialbots', computer programs that mimic real Facebook profiles, the researchers were able to harvest vast quantities of personal data.

Socialbots are increasingly being used by internet criminals and are being offered for sale on the internet for as little as $29 (£18).

Facebook said that the research was overstated and unethical.

A socialbot is a social networking adaptation of the wide-scale botnets used by criminals to send out spam.


Making friends
 
In a traditional botnet, a network of computers are infected by a virus to allow a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.

What makes a socialbot different is that it is able to pass itself off as a real Facebook user.
The software takes over control of a social networking profile and from there performs basic activities such as posting messages and sending requests.

The four researchers from the University of British Columbia in Vancouver, created 102 socialbots for use in their experiment and one 'botmaster' - software that sent commands to the other bots.

The researchers employed their socialbots over a period of eight weeks. In total the bots attempted to make friends with 8,570 Facebook users. 3,055 accepted the friendships.
The researchers found that the more friendships people had on Facebook, the more likely they were to accept the 'fake' friend.

To prevent triggering Facebook's fraud detection software, the fake accounts only sent 25 requests per day.

Phishing
 
From the profiles of those they befriended and the extended networks of those friends, the researchers claimed to have 'stolen' 46,500 email addresses and 14,500 home addresses.
In their paper, due to be presented at next month's Annual Computer Security Applications Conference in Florida, the researchers wrote: "As socialbots infiltrate a targeted online social network, they can further harvest private users' data such as email addresses, phone numbers, and other personal data that have monetary value."

"To an adversary, such data is valuable and can be used for online profiling and large-scale email spam and phishing campaigns."

Facebook said that the experiment was unrealistic because the IP addresses used came from a trusted university source, whereas the IP addresses used by real-life criminals would raise alarm bells.

It also said that it had disabled more of the fake accounts than the researchers claimed.
"We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks," said a spokesperson.

"We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them.

"In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site."

Ethical?
 
The researchers estimated that a real-life malicious attack could have a success rate of 80%.
"Online social network's security defences, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs," they concluded.

"We believe that large-scale infiltration in online social networks is only one of many future cyber threats, and defending against such threats is the first step towards maintaining a safer social web for millions of active web users."

Consultant from security firm Sophos Graham Cluley said the research was "interesting"
"Clearly there's a lesson for Facebook users to learn there about the need to carefully vet who you allow to become your Facebook friend, and what information you choose to share online," he said in his blog.

But he questioned how ethical such research was.

"Facebook's security team is unlikely to look kindly on people who conduct experiments such as that done by the university researchers, and users are reminded that under Facebook's terms of service you are not allowed to create fake profiles, should use your real name, and should only collect information from other users with their consent," he said.

Comments

Popular posts from this blog

Chronology of the Press in Burma

1836 – 1846 * During this period the first English-language newspaper was launched under British-ruled Tenasserim, southern  Burma . The first ethnic Karen-language and Burmese-language newspapers also appear in this period.     March 3, 1836 —The first English-language newspaper,  The Maulmain Chronicle , appears in the city of Moulmein in British-ruled Tenasserim. The paper, first published by a British official named E.A. Blundell, continued up until the 1950s. September 1842 —Tavoy’s  Hsa-tu-gaw  (the  Morning Star ), a monthly publication in the Karen-language of  Sgaw ,  is established by the Baptist mission. It is the first ethnic language newspaper. Circulation reached about three hundred until its publication ceased in 1849. January 1843 —The Baptist mission publishes a monthly newspaper, the Christian  Dhamma  Thadinsa  (the  Religious Herald ), in ...

Thai penis whitening trend raises eyebrows

Image copyright LELUXHOSPITAL Image caption Authorities warn the procedure could be quite painful A supposed trend of penis whitening has captivated Thailand in recent days and left it asking if the country's beauty industry is taking things too far. Skin whitening is nothing new in many Asian countries, where darker skin is often associated with outdoor labour, therefore, being poorer. But even so, when a clip of a clinic's latest intriguing procedure was posted online, it quickly went viral. Thailand's health ministry has since issued a warning over the procedure. The BBC Thai service spoke to one patient who had undergone the treatment, who told them: "I wanted to feel more confident in my swimming briefs". The 30-year-old said his first session of several was two months ago, and he had since seen a definite change in the shade. 'What for?' The original Facebook post from the clinic offering the treatment, which uses lasers to break do...

Sri Bhaddanta Chandramani Mahathera

The Life Story of A Distinguished And Outstanding Bhikkhu The Most Venerable Saradawpharagree Sri Bhaddanta Chandramani Mahathera The Buddhist missionary Saradaw Ashin U Chandramani was endowed with great gifts and led a famous and long life. He was a very well known, distinguished and outstanding Bhikkhu Mahathera. While living in the Kushinagar Monastery, a place close to where the Lord Buddha had passed away to Nirvana, the Government of India had offered, and he had accepted, the highest, most honourable and respected title "Guru Guru MahaGuru". He became the first ever President of all Buddhists in India.A World Buddhist Conference took place in Kathmandu during the reign of King Mahindra of Nepal. The Conference was very well attended by over one hundred thousand Buddhists from various parts of the world and it was opened by King Mahindra himself. As requested by the King, Saradawpharagree blessed all the participants with the power of Triple Gems...