Authors:Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu

University of British ColumbiaAnnual Computer Security Applications Conference (ACSAC) 2011

Presented By:Gavin Grant

http://en.wikipedia.org/wiki/CAPTCHA

http://developers.facebook.com/docs/reference/api/

AbstractOSN VulnerabilitiesSocialbot NetworkThe AttackFindingsFIS effectiveness

Social Networks have millions of users

Illustrate that Online Social Networks (OSN) are vulnerable to infiltrations by socialbotsIn particular Facebook80% success rate

Socialbots – computer programs that control OSN accounts and mimic real users

Ineffective CAPTCHAsHiring cheap labor ($1 per 1,000 broken)Reusing session IDs of known CAPTCHAs

Fake User Accounts and ProfilesEmail and profile

Crawlable Social GraphsTraversing linked profiles

Exploitable Platforms and APIsUse APIs to automate the execution of

activities

Set of socialbots owned and maintained by human controller called the botherder

Made up of socialbots, botmaster, and command and control channel

Socialbot controls a profileData collected called botcargoCapable of executing commands

Botmaster is software botherder uses to send commands through C & C channel

C & C facilitates transfer of botcargo and commands

Read, write, connect, disconnect

Set of commands used to mimic a real userNative commands

Master commands

Botworker builds and maintains profilesBotupdater pushes new software updatesC & C engine maintains a repository of

master commandsMaster commands needed

ClusterRand_connect(k)DeclusterCrawl_extneighborhoodMutual_connectHarvest-data

Communication model

Works with socialbot-OSN ChannelOnly OSN-specific API calls and HTTP traffic

Helps in non detection

Socialbot has to hide its real identity

Botmaster should be able to perform large-scale infiltration

C & C channel traffic has to look benign

Facebook Immune System (FIS)8 week processExploited Facebook’s Graph API to carry out social-interaction operationsUsed HTTP request to send friendship requestIheartquotes.com, decaptcher.com, hotornot.com, mail.ru

102 socialbots created and 1 botmasterUsers were created manually49 males53 females5053 valid profile IDs25 request per day per socialbotHarvested data

First 2 weeks2 days t send 5043 request (2,391 male , 2.662

female)976 accepted (381 M, 595 F)

Next 6 weeks3,517 more users added2,079 infiltrated successfully Generated 250 GB inbound and 3 GB outbound

trafficAcceptance rate increase to 80% as mutual

friends increased

News feedsProfile infoWall messages3,055 direct neighborhoods1,085,785 extended neighborhoods

Real time learning system used to protect its users

Only 20 bots were flagged by system

Doesn’t consider fake accounts a real threat

OSN vulnerability to a large-scale socialbot network infiltration

Defense social networks have against social bots that mimic human behavior

Prayed on common user behavior

Only Facebook was attacked

Didn’t provide any prevention techniques

Try on other social networking sites

Not create socialbots manually