Abstract
Social networking sites have been increasingly gaining popularity, and they have already changed the communication habits of hundred of millions of users. Unfortunately, this new technology can easily be misused to collect private information and violate the users’ privacy. In this chapter, we summarize two practical attacks we have presented in the past: an impersonation attack in which we automatically clone a user profile, and an attack that abuses the information provided by social networks to automatically correlate information extracted from different social networks. Our results show that these attacks are very successful in practice and that they can significantly impact the users’ privacy. Therefore, these attacks represent a first important step to raise awareness among users about the privacy and security risks involved in sharing information in one or more social networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Berkowitz, S.D.: An introduction to structural analysis: The Network Approach to Social Research. Butterworth, Toronto, ISBN 0409813621 (1982)
Xing—Global networking for professionals. http://www.xing.com (2008)
LinkedIn. http://www.linkedin.com (2008)
Facebook. http://www.facebook.com (2008)
MySpace. http://www.myspace.com (2008)
StudiVerzeichnis—StudVZ. http://www.studivz.net (2008)
MeinVerzeichnis—MeinVZ. http://www.meinvz.net/ (2008)
Facebook by the numbers. http://www.fastcompany.com/magazine/115/open_features-hacker-dropout-ceo-facebook-numbers.html (2008)
The spamhaus project. http://www.spamhaus.org/ (2008)
New myspace and facebook worm target social networks. http://www.darknet.org.uk/2008/08/new-myspace-and-facebook-worm-target- social-networks (2008)
CERT advisory CA-2000-04 love letter worm. http://www.cert.org/advisories/CA-2000-04.html (2008)
Spear phishing: highly targeted phishing scams. http://www.microsoft.com/protect/yourself/phishing/spear.mspx (2006)
Modeling and preventing phishing attacks. http://www.informatics.indiana.edu/markus/papers/phishing_jakobsson.pdf (2005)
Karlberger, C., Bayler, G., Kruegel, C., Kirda, E.: Exploiting redundancy in natural language to penetrate Bayesian spam filters. In: First USENIX Workshop on Offensive Technologies (WOOT ’07), Boston, MA, August (2007)
Dwyer, C., Hiltz, S.: Trust and privacy concern within social networking sites: a comparison of facebook and myspace. In: Proceedings of the 13th Americas Conference on Information Systems (AMCIS) (2007)
Fogel, J., Nehmad, E.: Internet social network communities: Risk taking, trust, and privacy concerns. Comput. Hum. Behav.25(1), 153–160 (2009)
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: ACM Workshop on Privacy in the Electronic Society (WPES) (2005)
Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All your contacts are belong to us: automated identity theft attacks on social networks. In: 18th International Conference on World Wide Web (WWW) (2009)
Balduzzi, M., Platzer, C., Holz, T., Kirda, E., Balzarotti, D., Kruegel, C.: Abusing social networks for automated user profiling. In: nternational Symposium on Recent Advances in Intrusion Detection (RAID) (2010)
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)
Brown, G., Howe, T., Ihbe, M., Prakash, A., Borders, K.: Social networks and context-aware spam. In: ACM Conference on Computer Supported Cooperative Work (CSCW) (2008)
News, H.: Spam-Bots werten soziale Netze aus http://www.heise.de/security/Spam-Bots-werten-soziale-Netze-aus–/news/meldung/145344, September 2009
Douceur, J.R.: The sybil attack. In: Electronic Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS ’02), March (2002)
Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: SybilGuard: defending against sybil attacks via social networks. The Proceedings of ACM SIGCOMM ’06 (2006)
Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: SybilLimit: a near-optimal social network defense against sybil attacks. In: IEEE Symposium on Security and Privacy (2008)
Boyd, S., Ghosh, A., Prabhakar, B., Shah, D.: Gossip algorithms: Design, analysis and applications. In: IEEE INFOCOM (2005)
Flaxman, A.D.: Expansion and lack thereof in randomly perturbed graphs. Internet Mathematics 4(2) (2007)
Sophos facebook ID probe. http://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html (2008)
Bonneau, J., Preibusch, S.: The privacy jungle: on the market for privacy in social networks. In: Workshop on the Economics of Information Security (WEIS) (2009)
Chew, M., Balfanz, D., Laurie, B.: (Under)mining privacy in social networks. In: Proceedings of Web 2.0 Security and Privacy Workshop (W2SP) (2008)
Jones, S., Millermaier, S., Goya-Martinez, M., Schuler, J.: Whose space is MySpace? A content analysis of MySpace profiles. First Monday, 12(9), August (2008)
Krishnamurthy, B., Wills, C.E.: Characterizing privacy in online social networks. In: Workshop on Online Social Networks (WOSN) (2008)
Bonneau, J., Anderson, J., Danezis, G.: Prying data out of a social network. In: First International Conference on Advances in Social Networks Analysis and Mining (2009)
Chau, D.H., Pandit, S., Wang, S., Faloutsos, C.: Parallel crawling for online social networks. In: 16th International Conference on World Wide Web (WWW) (2007)
Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: ACM SIGCOMM Conference on Internet Measurement (IMC) (2007)
Wilson, C., Boe, B., Sala, A., Puttaswamy, K.P.N., Zhao, B.Y.: User interactions in social networks and their implications. In: 4th ACM European Conference on Computer Systems (EuroSys) ACM (2009)
Griffith, V., Jakobsson, M.: Messin’ with texas, deriving mother’s maiden names using public records. In: Third Conference on Applied Cryptography and Network Security (ACNS), June 2005
Raymond Heatherly, M.K., Thuraisingham, B.: Preventing private information inference attacks on social networks. Technical Report UTDCS-03-09, University of Texas at Dallas (2009)
Irani, D., Webb, S., Li, K., Pu, C.: Large online social footprints–an emerging threat. In: IEEE International Conference on Computational Science and Engineering, 3, 271–276 (2009)
Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy (2008)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: EEE Symposium on Security and Privacy (2009)
Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: EEE Symposium on Security and Privacy (2010)
kloover.com. Breaking the ASP Security Image Generator. http://www.kloover.com/2008/02/28/breaking-the-asp-security-image-generator/
PWNtcha. PWNtcha—captcha decoder. http://sam.zoy.org/pwntcha/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Italia Srl
About this chapter
Cite this chapter
Bilge, L., Balduzzi, M., Balzarotti, D., Kirda, E. (2011). A Summary of Two Practical Attacks Against Social Networks. In: Salgarelli, L., Bianchi, G., Blefari-Melazzi, N. (eds) Trustworthy Internet. Springer, Milano. https://doi.org/10.1007/978-88-470-1818-1_13
Download citation
DOI: https://doi.org/10.1007/978-88-470-1818-1_13
Published:
Publisher Name: Springer, Milano
Print ISBN: 978-88-470-1817-4
Online ISBN: 978-88-470-1818-1
eBook Packages: EngineeringEngineering (R0)