automated social engineering attacks in osns

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)

Networked Systems Laboratory (NetSysLab)

Department of Electrical & Computer Engineering

Automated Social Engineering Automated Social Engineering Attacks in OSNsAttacks in OSNs

Yazan BoshmafYazan BoshmafKonstantin BeznosovKonstantin Beznosov

Matei RipeanuMatei Ripeanu

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Not-So-Private Social Web.Or, Web 2.0

2

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Sharing

3

Facebook Archives. http//www.facebook.com

Social Attributes Demographics Preferences

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Sharing

4

Social Structure Friends Mutual Friends

Facebook Archives. http//www.facebook.com

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Public Access

5

Whoops!Whoops!

Sample!Sample!

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

6

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

7

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

8

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

9

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

10

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Facebook: Privacy Evolution

11

MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

That’s Natural! People Want to Be Visible.

Or Not?

12

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Automated Cross-Site ID Theft

13

Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Automated Cross-Site ID Theft

14

Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Automated Cross-Site ID Theft

15

Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

From Facebook

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Automated Cross-Site ID Theft

16

Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

Sample!Sample!

Why did it work?

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Context-Aware Spam

17

Brown, G., Howe, T., Ihbe, M., Prakash, A., and Borders, K. Social networks and context-aware spam. In CSCW 2008

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Social Phishing

18

Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. Social phishing. Communications ACM 2007

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Oh, Adversaries Like OSNs!

19

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Web Applications Attacks

20

Evron, G. New Facebook worm warning: Wanna see somethong hot? http://darkreading.com/blog/archives/2009/11/new_facebook_wo.html

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Can be Turned into a Botnet!

21

Anthanasopolous, E., Makridakias, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K. G., and Markatos, E. P. Antisocial networks: Turning a social network into a botnet. In ISC ’08

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Koobface Botnet

22

TrendMicro. The real face of koobface. Technical report 2009

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Social Engineering Exploits Relationships and Trust

23

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Research Questions

24

Mwahaha!Mwahaha!

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

How Many Attacker Did You Befriend Today?

25

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Before

26

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Crawling

27

TargetAdversary

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Ranking

28

TargetAdversary

6

2

8

5

1

7 4

3

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Infiltrating

29

TargetAdversary

6

2

8

5

1

7 4

3

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Infiltrating

30

TargetAdversary

6

2

8

5

1

7 4

3

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Infiltrating

31

TargetAdversary

6

2

8

5

1

7 4

3

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - Infiltrating

32

TargetAdversary

6

2

8

5

1

7 4

3

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - After

33

6

2

8

5

1

7 4

3

TargetAdversary

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Attack - After

34

TargetAdversary

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

What Does The Adversary Have?

35

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

A Network of “Trust”

36

TargetAdversary

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Surveillance

37

TargetAdversary

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Global Surveillance

38

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Amplified Social Engineering

39

TargetAdversary

Sarah, the Pool event last week was

awesome!

Sarah, the Pool event last week was

awesome!

Yeah, I posted the picture! Will send you a

link soon.

Yeah, I posted the picture! Will send you a

link soon.

Aha!Aha!

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Mitigation: The Wisdom of Crowd

40

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Towards Social Collaborative Security

41

Hey Kosta, check out this link

http://www.malicous.com

Hey Kosta, check out this link

http://www.malicous.com

Looks malicious!

Looks malicious!

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Towards Social Collaborative Security

42

Social Network Collaboration Network

Hey Kosta, check out this link

http://www.malicous.com

Hey Kosta, check out this link

http://www.malicous.com

Hey all, this link is malicious

http://www.malicous.com

Hey all, this link is malicious

http://www.malicous.com

?Looks

malicious!Looks

malicious!

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

The Big Picture

• Vulnerability: Authenticity of online relationships + public

information• Things to evaluate:

The attack in real-settings (Now, simulation-only). Usability and expressiveness of privacy controls vs.

privacy implications realized by users.• Identified issues:

How can social networking sites, or OSNs, distinguish between fake and real online identities (Social Sybil Nodes)?

• Future work: Social Collaborative Security (threat identification,

opinion mining, reasoning, alert diffusion, etc.)

43

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

lersse.ece.ubc.ca

44

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Backup

45

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

Evaluation (Simulation)

46

Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)

47