Advertisement

Antisocial Networks: Turning a Social Network into a Botnet

  • Elias Athanasopoulos
  • A. Makridakis
  • S. Antonatos
  • D. Antoniades
  • Sotiris Ioannidis
  • K. G. Anagnostakis
  • Evangelos P. Markatos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)

Abstract

Antisocial Networks are distributed systems based on social networking Web sites that can be exploited by attackers, and directed to carry out network attacks. Malicious users are able to take control of the visitors of social sites by remotely manipulating their browsers through legitimate Web control functionality such as image-loading HTML tags, JavaScript instructions, etc. In this paper we experimentally show that Social Network web sites have the ideal properties to become attack platforms.

We start by identifying all the properties of Facebook, a real-world Social Network, and then study how we can utilize these properties and transform it into an attack platform against any host connected to the Internet. Towards this end, we developed a real-world Facebook application that can perform malicious actions covertly. We experimentally measured it’s impact by studying how innocent Facebook users can be manipulated into carrying out a Denial-of-Service attack. Finally, we explored other possible misuses of Facebook and how they can be applied to other online Social Network web sites.

Keywords

Social Network Social Networking Site Malicious Application Victim Host Inline Image 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Facebook Analytics and Advertising, http://adonomics.com
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    National Geographic Photo of the Day Utility, http://photography.nationalgeographic.com/photography/photo-of-the-day
  8. 8.
  9. 9.
    Ahn, Y.-Y., Han, S., Kwak, H., Moon, S., Jeong, H.: Analysis of Topological Characteristics of Huge Online Social Networking Sites. In: Proceedings of the 16th International Conference on World Wide Web, (May 2007)Google Scholar
  10. 10.
    Athanasopoulos, E., Anagnostakis, K.G., Markatos, E.P.: Misusing Unstructured P2P Systems to Perform DoS Attacks: The Network That Never Forgets. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 130–145. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Backstrom, L., Huttenlocher, D., Kleinberg, J., Lan, X.: Group Formation in Large Social Networks: Membership, Growth, and Evolution. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2006), (August 2006)Google Scholar
  12. 12.
    Defrawy, K.E., Gjoka, M., Markopoulou, A.: Bottorrent: Misusing bittorrent to launch ddos attacks. In: Proceedings of the USENIX 3rd Workshop on Steps Towards Reducing Unwanted Traffic on the Internet (SRUTI) (2007)Google Scholar
  13. 13.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI 2006: Proceedings of the SIGCHI conference on Human Factors in com puting systems, pp. 581–590. ACM Press, New York (2006)CrossRefGoogle Scholar
  14. 14.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  15. 15.
    Halavais, A.: The Slashdot Effect: Analysis of a Large-Scale Public Conversation on the World Wide Web (2001)Google Scholar
  16. 16.
    Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)CrossRefGoogle Scholar
  17. 17.
    Lam, V.T., Antonatos, S., Akritidis, P., Anagnostakis, K.G.: Puppetnets: misusing web browsers as a distributed attack infrastructure. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 221–234. ACM, New York (2006)CrossRefGoogle Scholar
  18. 18.
    Mislove, A., Marcon, M., Gummadi, K.P., Drushcel, P., Bhattacharjee, B.: Measurement and Analysis of Online Social Networks. In: Proceedings of the Internet Measurements Conference (IMC 2007) (2007)Google Scholar
  19. 19.
    Naoumov, N., Ross, K.: Exploiting P2P systems for DDoS attacks. In: InfoScale 2006: Proceedings of the 1st international conference on Scalable information systems, p. 47. ACM Press, New York (2006)CrossRefGoogle Scholar
  20. 20.
    Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)CrossRefGoogle Scholar
  21. 21.
    Steiner, M., Biersack, E.W., En-Najjary, T.: Exploiting kad: Possible uses and misuses. Computer Communication Review 37(5) (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Elias Athanasopoulos
    • 1
  • A. Makridakis
    • 1
  • S. Antonatos
    • 1
  • D. Antoniades
    • 1
  • Sotiris Ioannidis
    • 1
  • K. G. Anagnostakis
    • 2
  • Evangelos P. Markatos
    • 1
  1. 1.Institute of Computer Science (ICS), Foundation for Research & Technology Hellas (FORTH) 
  2. 2.Institute for Infocomm ResearchSingapore

Personalised recommendations