Skip to main content
SpringerLink
Log in
SpringerLink
Log in

A Summary of Two Practical Attacks Against Social Networks

  • Chapter
  • First Online:
Trustworthy Internet

Abstract

Social networking sites have been increasingly gaining popularity, and they have already changed the communication habits of hundred of millions of users. Unfortunately, this new technology can easily be misused to collect private information and violate the users’ privacy. In this chapter, we summarize two practical attacks we have presented in the past: an impersonation attack in which we automatically clone a user profile, and an attack that abuses the information provided by social networks to automatically correlate information extracted from different social networks. Our results show that these attacks are very successful in practice and that they can significantly impact the users’ privacy. Therefore, these attacks represent a first important step to raise awareness among users about the privacy and security risks involved in sharing information in one or more social networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Berkowitz, S.D.: An introduction to structural analysis: The Network Approach to Social Research. Butterworth, Toronto, ISBN 0409813621 (1982)

    Google Scholar 

  2. Xing—Global networking for professionals. http://www.xing.com (2008)

  3. LinkedIn. http://www.linkedin.com (2008)

  4. Facebook. http://www.facebook.com (2008)

  5. MySpace. http://www.myspace.com (2008)

  6. StudiVerzeichnis—StudVZ. http://www.studivz.net (2008)

  7. MeinVerzeichnis—MeinVZ. http://www.meinvz.net/ (2008)

  8. Facebook by the numbers. http://www.fastcompany.com/magazine/115/open_features-hacker-dropout-ceo-facebook-numbers.html (2008)

  9. The spamhaus project. http://www.spamhaus.org/ (2008)

  10. New myspace and facebook worm target social networks. http://www.darknet.org.uk/2008/08/new-myspace-and-facebook-worm-target- social-networks (2008)

  11. CERT advisory CA-2000-04 love letter worm. http://www.cert.org/advisories/CA-2000-04.html (2008)

  12. Spear phishing: highly targeted phishing scams. http://www.microsoft.com/protect/yourself/phishing/spear.mspx (2006)

  13. Modeling and preventing phishing attacks. http://www.informatics.indiana.edu/markus/papers/phishing_jakobsson.pdf (2005)

  14. Karlberger, C., Bayler, G., Kruegel, C., Kirda, E.: Exploiting redundancy in natural language to penetrate Bayesian spam filters. In: First USENIX Workshop on Offensive Technologies (WOOT ’07), Boston, MA, August (2007)

    Google Scholar 

  15. Dwyer, C., Hiltz, S.: Trust and privacy concern within social networking sites: a comparison of facebook and myspace. In: Proceedings of the 13th Americas Conference on Information Systems (AMCIS) (2007)

    Google Scholar 

  16. Fogel, J., Nehmad, E.: Internet social network communities: Risk taking, trust, and privacy concerns. Comput. Hum. Behav.25(1), 153–160 (2009)

    Article  Google Scholar 

  17. Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: ACM Workshop on Privacy in the Electronic Society (WPES) (2005)

    Google Scholar 

  18. Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All your contacts are belong to us: automated identity theft attacks on social networks. In: 18th International Conference on World Wide Web (WWW) (2009)

    Google Scholar 

  19. Balduzzi, M., Platzer, C., Holz, T., Kirda, E., Balzarotti, D., Kruegel, C.: Abusing social networks for automated user profiling. In: nternational Symposium on Recent Advances in Intrusion Detection (RAID) (2010)

    Google Scholar 

  20. Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)

    Article  Google Scholar 

  21. Brown, G., Howe, T., Ihbe, M., Prakash, A., Borders, K.: Social networks and context-aware spam. In: ACM Conference on Computer Supported Cooperative Work (CSCW) (2008)

    Google Scholar 

  22. News, H.: Spam-Bots werten soziale Netze aus http://www.heise.de/security/Spam-Bots-werten-soziale-Netze-aus–/news/meldung/145344, September 2009

  23. Douceur, J.R.: The sybil attack. In: Electronic Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS ’02), March (2002)

    Google Scholar 

  24. Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: SybilGuard: defending against sybil attacks via social networks. The Proceedings of ACM SIGCOMM ’06 (2006)

    Google Scholar 

  25. Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: SybilLimit: a near-optimal social network defense against sybil attacks. In: IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

  26. Boyd, S., Ghosh, A., Prabhakar, B., Shah, D.: Gossip algorithms: Design, analysis and applications. In: IEEE INFOCOM (2005)

    Google Scholar 

  27. Flaxman, A.D.: Expansion and lack thereof in randomly perturbed graphs. Internet Mathematics 4(2) (2007)

    Google Scholar 

  28. Sophos facebook ID probe. http://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html (2008)

  29. Bonneau, J., Preibusch, S.: The privacy jungle: on the market for privacy in social networks. In: Workshop on the Economics of Information Security (WEIS) (2009)

    Google Scholar 

  30. Chew, M., Balfanz, D., Laurie, B.: (Under)mining privacy in social networks. In: Proceedings of Web 2.0 Security and Privacy Workshop (W2SP) (2008)

    Google Scholar 

  31. Jones, S., Millermaier, S., Goya-Martinez, M., Schuler, J.: Whose space is MySpace? A content analysis of MySpace profiles. First Monday, 12(9), August (2008)

    Google Scholar 

  32. Krishnamurthy, B., Wills, C.E.: Characterizing privacy in online social networks. In: Workshop on Online Social Networks (WOSN) (2008)

    Google Scholar 

  33. Bonneau, J., Anderson, J., Danezis, G.: Prying data out of a social network. In: First International Conference on Advances in Social Networks Analysis and Mining (2009)

    Google Scholar 

  34. Chau, D.H., Pandit, S., Wang, S., Faloutsos, C.: Parallel crawling for online social networks. In: 16th International Conference on World Wide Web (WWW) (2007)

    Google Scholar 

  35. Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: ACM SIGCOMM Conference on Internet Measurement (IMC) (2007)

    Google Scholar 

  36. Wilson, C., Boe, B., Sala, A., Puttaswamy, K.P.N., Zhao, B.Y.: User interactions in social networks and their implications. In: 4th ACM European Conference on Computer Systems (EuroSys) ACM (2009)

    Google Scholar 

  37. Griffith, V., Jakobsson, M.: Messin’ with texas, deriving mother’s maiden names using public records. In: Third Conference on Applied Cryptography and Network Security (ACNS), June 2005

    Google Scholar 

  38. Raymond Heatherly, M.K., Thuraisingham, B.: Preventing private information inference attacks on social networks. Technical Report UTDCS-03-09, University of Texas at Dallas (2009)

    Google Scholar 

  39. Irani, D., Webb, S., Li, K., Pu, C.: Large online social footprints–an emerging threat. In: IEEE International Conference on Computational Science and Engineering, 3, 271–276 (2009)

    Google Scholar 

  40. Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

  41. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: EEE Symposium on Security and Privacy (2009)

    Google Scholar 

  42. Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: EEE Symposium on Security and Privacy (2010)

    Google Scholar 

  43. kloover.com. Breaking the ASP Security Image Generator. http://www.kloover.com/2008/02/28/breaking-the-asp-security-image-generator/

  44. PWNtcha. PWNtcha—captcha decoder. http://sam.zoy.org/pwntcha/

Download references

Author information

Authors and Affiliations

  1. Institute Eurecom, Valbonne, Sophia Antipolis, France

    Leyla Bilge, Marco Balduzzi, Davide Balzarotti & Engin Kirda

Authors
  1. Leyla Bilge
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Balduzzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Davide Balzarotti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Engin Kirda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leyla Bilge .

Editor information

Editors and Affiliations

  1. , Information Engineering, University of Brescia, Via Branze 38, Brescia, 25123, Italy

    Luca Salgarelli

  2. , Electronic Engineering, University of Rome Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Giuseppe Bianchi

  3. , Electronic Engineering, University of Rome, Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Nicola Blefari-Melazzi

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Italia Srl

About this chapter

Cite this chapter

Bilge, L., Balduzzi, M., Balzarotti, D., Kirda, E. (2011). A Summary of Two Practical Attacks Against Social Networks. In: Salgarelli, L., Bianchi, G., Blefari-Melazzi, N. (eds) Trustworthy Internet. Springer, Milano. https://doi.org/10.1007/978-88-470-1818-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-88-470-1818-1_13

  • Published:

  • Publisher Name: Springer, Milano

  • Print ISBN: 978-88-470-1817-4

  • Online ISBN: 978-88-470-1818-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation