authors: yazan boshmaf, lldar muslukhov, konstantin beznosov, matei ripeanu university of british...
DESCRIPTION
Abstract OSN Vulnerabilities Socialbot Network The Attack Findings FIS effectivenessTRANSCRIPT
![Page 1: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/1.jpg)
Authors:Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu
University of British ColumbiaAnnual Computer Security Applications Conference (ACSAC) 2011
Presented By:Gavin Grant
![Page 2: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/2.jpg)
http://en.wikipedia.org/wiki/CAPTCHA
http://developers.facebook.com/docs/reference/api/
![Page 3: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/3.jpg)
AbstractOSN VulnerabilitiesSocialbot NetworkThe AttackFindingsFIS effectiveness
![Page 4: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/4.jpg)
Social Networks have millions of users
Illustrate that Online Social Networks (OSN) are vulnerable to infiltrations by socialbotsIn particular Facebook80% success rate
Socialbots – computer programs that control OSN accounts and mimic real users
![Page 5: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/5.jpg)
Ineffective CAPTCHAsHiring cheap labor ($1 per 1,000 broken)Reusing session IDs of known CAPTCHAs
Fake User Accounts and ProfilesEmail and profile
Crawlable Social GraphsTraversing linked profiles
Exploitable Platforms and APIsUse APIs to automate the execution of
activities
![Page 6: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/6.jpg)
Set of socialbots owned and maintained by human controller called the botherder
Made up of socialbots, botmaster, and command and control channel
Socialbot controls a profileData collected called botcargoCapable of executing commands
Botmaster is software botherder uses to send commands through C & C channel
C & C facilitates transfer of botcargo and commands
![Page 7: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/7.jpg)
![Page 8: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/8.jpg)
Read, write, connect, disconnect
Set of commands used to mimic a real userNative commands
Master commands
![Page 9: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/9.jpg)
Botworker builds and maintains profilesBotupdater pushes new software updatesC & C engine maintains a repository of
master commandsMaster commands needed
ClusterRand_connect(k)DeclusterCrawl_extneighborhoodMutual_connectHarvest-data
![Page 10: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/10.jpg)
Communication model
Works with socialbot-OSN ChannelOnly OSN-specific API calls and HTTP traffic
Helps in non detection
![Page 11: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/11.jpg)
Socialbot has to hide its real identity
Botmaster should be able to perform large-scale infiltration
C & C channel traffic has to look benign
![Page 12: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/12.jpg)
Facebook Immune System (FIS)8 week processExploited Facebook’s Graph API to carry out social-interaction operationsUsed HTTP request to send friendship requestIheartquotes.com, decaptcher.com, hotornot.com, mail.ru
![Page 13: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/13.jpg)
![Page 14: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/14.jpg)
102 socialbots created and 1 botmasterUsers were created manually49 males53 females5053 valid profile IDs25 request per day per socialbotHarvested data
![Page 15: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/15.jpg)
First 2 weeks2 days t send 5043 request (2,391 male , 2.662
female)976 accepted (381 M, 595 F)
Next 6 weeks3,517 more users added2,079 infiltrated successfully Generated 250 GB inbound and 3 GB outbound
trafficAcceptance rate increase to 80% as mutual
friends increased
![Page 16: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/16.jpg)
News feedsProfile infoWall messages3,055 direct neighborhoods1,085,785 extended neighborhoods
![Page 17: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/17.jpg)
Real time learning system used to protect its users
Only 20 bots were flagged by system
Doesn’t consider fake accounts a real threat
![Page 18: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/18.jpg)
OSN vulnerability to a large-scale socialbot network infiltration
Defense social networks have against social bots that mimic human behavior
Prayed on common user behavior
![Page 19: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/19.jpg)
Only Facebook was attacked
Didn’t provide any prevention techniques
![Page 20: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/20.jpg)
Try on other social networking sites
Not create socialbots manually
![Page 21: Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5a4d1ad27f8b9ab059971aa0/html5/thumbnails/21.jpg)