1 / 47

Automated Social Engineering Attacks in OSNs

Automated Social Engineering Attacks in OSNs. Yazan Boshmaf Konstantin Beznosov Matei Ripeanu. The Not-So-Private Social Web. Or, Web 2.0. Facebook: Sharing. Social Attributes Demographics Preferences. Facebook Archives. http//www.facebook.com. Facebook: Sharing. Social Structure

bess
Download Presentation

Automated Social Engineering Attacks in OSNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Social Engineering Attacks in OSNs Yazan Boshmaf Konstantin Beznosov Matei Ripeanu

  2. The Not-So-Private Social Web.Or, Web 2.0

  3. Facebook: Sharing • Social Attributes • Demographics • Preferences Facebook Archives. http//www.facebook.com

  4. Facebook: Sharing • Social Structure • Friends • Mutual Friends Facebook Archives. http//www.facebook.com

  5. Facebook: Public Access Sample! Whoops!

  6. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  7. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  8. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  9. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  10. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  11. Facebook: Privacy Evolution MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

  12. That’s Natural! People Want to Be Visible. Or Not?

  13. Automated Cross-Site ID Theft Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

  14. Automated Cross-Site ID Theft Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

  15. Automated Cross-Site ID Theft From Facebook Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

  16. Automated Cross-Site ID Theft Sample! Why did it work? Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

  17. Context-Aware Spam Brown, G., Howe, T., Ihbe, M., Prakash, A., and Borders, K. Social networks and context-aware spam. In CSCW 2008

  18. Social Phishing Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. Social phishing. Communications ACM 2007

  19. Oh, Adversaries Like OSNs!

  20. Web Applications Attacks Evron, G. New Facebook worm warning: Wanna see somethong hot?http://darkreading.com/blog/archives/2009/11/new_facebook_wo.html

  21. Can be Turned into a Botnet! Anthanasopolous, E., Makridakias, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K. G., and Markatos, E. P. Antisocial networks: Turning a social network into a botnet. In ISC ’08

  22. Koobface Botnet TrendMicro. The real face of koobface. Technical report 2009

  23. Social Engineering Exploits Relationships and Trust

  24. Research Questions Mwahaha!

  25. How Many Attacker Did You Befriend Today?

  26. The Attack - Before

  27. The Attack - Crawling Target Adversary

  28. The Attack - Ranking Target 8 Adversary 3 1 2 4 7 5 6

  29. The Attack - Infiltrating Target 8 Adversary 3 1 2 4 7 5 6

  30. The Attack - Infiltrating Target 8 Adversary 3 1 2 4 7 5 6

  31. The Attack - Infiltrating Target 8 Adversary 3 1 2 4 7 5 6

  32. The Attack - Infiltrating Target 8 Adversary 3 1 2 4 7 5 6

  33. The Attack - After Target 8 Adversary 3 1 2 4 7 5 6

  34. The Attack - After Target Adversary

  35. What Does The Adversary Have?

  36. A Network of “Trust” Target Adversary

  37. Surveillance Target Adversary

  38. Global Surveillance

  39. Amplified Social Engineering Target Adversary Aha! Yeah, I posted the picture! Will send you a link soon. Sarah, the Pool event last week was awesome!

  40. Mitigation: The Wisdom of Crowd

  41. Towards Social Collaborative Security Hey Kosta, check out this link http://www.malicous.com Looks malicious!

  42. Towards Social Collaborative Security Hey Kosta, check out this link http://www.malicous.com Looks malicious! ? Hey all, this link is malicious http://www.malicous.com Collaboration Network Social Network

  43. The Big Picture • Vulnerability: • Authenticity of online relationships + public information • Things to evaluate: • The attack in real-settings (Now, simulation-only). • Usability and expressiveness of privacy controls vs. privacy implications realized by users. • Identified issues: • How can social networking sites, or OSNs, distinguish between fake and real online identities (Social Sybil Nodes)? • Future work: • Social Collaborative Security (threat identification, opinion mining, reasoning, alert diffusion, etc.)

  44. lersse.ece.ubc.ca

  45. Backup

  46. Evaluation (Simulation)

More Related