1 / 25

All Your Contacts belong to us: Automated Identity theft on Social Networks

All Your Contacts belong to us: Automated Identity theft on Social Networks. Authors: Leyla Bilge Thorsten Strufe Davide Balzarotti Enging Kirda Rilinda LAMLLARI IMSE - 729. Social networks - SNs. Social structure made up of nodes .

hang
Download Presentation

All Your Contacts belong to us: Automated Identity theft on Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. All Your Contacts belong to us: Automated Identity theft on Social Networks Authors: Leyla BilgeThorsten StrufeDavideBalzarottiEngingKirda Rilinda LAMLLARI IMSE - 729

  2. Social networks - SNs • Social structure made up of nodes. • Different nature of relationship between the nodes (friendship, ideas, visions, business relationships etc.) • Friendship-focused: Facebook, MySpace, StudiVZ, MeinVZ etc. • Business-focused: LinkedIn, XING etc. • Popularity -> capture attacker’s attention

  3. Attacks in Social Networks • Apply old ideas to the new technology (email attachments using address book). • Worms in SN replicate themselves through victim’s friends list. • Lack of scanning makes it easier for an attacker to send malicious apps and URLs to victims.

  4. Why are SN attractive target? • Sensitive information of registered users • Using attacks in SN: 1)have access to e-mails that belong to real people 2)have information about the people using these addresses • Spear phishing – targeted social engineering attacks • Lower chances to be caught by spam filters

  5. Authors investigate two types of attacks: • Automated crawling and identity theft of existing user profiles • Cross-site profiling attack

  6. Main focus • Show that it is feasible to lunch automated attacks against 5 SNs • Room for improvement for CAPTCHA • Show that it is feasible in practice • Suggestions on how SNs can improve security

  7. iCloner architecture

  8. iCloner (2) • Crawler – able to crawl StudiVZ, MeinVZ, Facebook and XING. Collect information on public users and users lists • Identity matcher Tries to identify profiles in different SNs that correspond to the same person

  9. iCloner (3) • Profile creator Uses the info produced by Identity Matcher • Message Sender login and send friend requests • CAPTCHA analyzer designed techniques to breaks CAPTHAs with a success rate

  10. Breaking CAPTCHAs • Completely Automated Public Turing test to tell Computers and Humans Apart • Recognize text in presence of a noise The techniques: Open source tools (ImageMagick) + Custom developed scripts

  11. FacebookvsMeinVZ and StudiVZ • Two-words vs fixed length single word • FacebookreCAPTCHA contains meaningful words

  12. 1st attack: Profile cloning • Clone an already existing profile • Send friend requests to the contacts of the victim • Access sensitive information of the contacts

  13. 2nd attack: Cross-site profile cloning • Automatically identify users who are registered in one SN, but are not in another social network • Forge the profile in the one where he/she is not registered • SNs of the same nature (XING and LinkedIn)

  14. How to identify users on two different SNs? • Based on name -> too many search results • Educational background : 2 points • Identical companies they are working for: 2 • City and country:1 point • Total points >=3

  15. How to determine if info entered is the same? e.g. TU Wien  Vienna University of Technology

  16. Evaluation • Large scale attacks on a large number of real users => legal consequences • Started with crawler on two SN • Profile cloning attacks (more than 700 users) • Launched cross-site profile cloning

  17. Crawling experiments StudiVZ and MeinVZ • Each crawler instance requested and parsed 6000 web pages/day • Collect information of 40.000 profiles/day • Stopped: 5 million of public user profiles 1.2 million profiles with complete information

  18. Crawling experiments - XING • No CAPTCHA protection, but more efficient in disabling suspicious accounts • Crawled 2000 profiles/ account created • Total of 118,000 profiles

  19. Profile Cloning • D1..D5 duplicated profiles • 705 users were contacted after sending them requests • For each forged profile -> one fictitious profile (random names and pics)

  20. Rate of acceptance of requests and messages

  21. Possible to launch large scale attacks 45% of the links clicked during first 20 hours

  22. Cross-site profile cloning • A profile P in source N1 is chosen to be cloned in P2, if: • He doesn’t have a profile in N2 • Reasonable number of P’s contacts have profiles in the target social network N2 N1 – XING N2 – LinkedIn They crawled 30,000 profiles, 12% were also in LinkedIn Out of 78 contact requests – 56% were accepted

  23. Suggestions for improvements in Social Network site security • User is the weakest link in SNs • Provide more information on the authenticity of the request (IP, profile creation date) • Make CAPTCHAs more difficult to break (symbols overlapping ) • Rate limit of number of CAPTCHA displayed to a user with a threshold of few images / minute

  24. Related Work • Previous cloning attacks – manually done. This is the first automated clone attack.

  25. Conclusion • Authors show how feasible it is in real world for potential attackers to launch automated cloning attacks. • The trust relationship is high in social networks. • Need to increase the awareness in order to preserve users’ privacy.

More Related