3. Motivation and problem:
large increase of people using Facebook dramatically, over one billion
active users in 2012.
http://money.cnn.com/2012/10/04/technology/facebook-billion-
users/index.html
lots of personal identifiable information being disclosed. this information
can be used for the following:
social engineering attacks.
Reconnaissance in order to perform a large scale attack.
Malware delivery.
Some facts related with Facebook.
39.3 million identified a family member in a profile.
20.4 million included their birth date and year in their profile.
2.6 million discussed their recreational use of alcohol on their wall.
4.8 million people have used Facebook to say where they planned
to go on a certain day (a potential tip-off for burglars) and that 4.7
million liked a Facebook page about health conditions or
treatments (details an insurer might use against you).
http://www.consumerreports.org/cro/magazine/2012/06/facebook-
your-privacy/index.htm
http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-
too-much-itll-cost-you/
4. What is a Facebot?:
facebot is a piece of software that resembles a real human user on
Facebook. allowing it to gather personal information for later use.
This information can be used as material to perform social
engineering , reconnaissance and even for monetary gain. the bot
would have the ability to: post status updates , and send/accept
friend request to/from people of interest.
Example of other bots relating social media.
on the 2012 presidential campaign an analysis was made by
barracuda networks. barracuda found that 31 percent of
Romney followers were bots, in addition, for the Obama
campaign the was 42 percent.
http://www.wired.com/wiredenterprise/2012/11/poll-of-twitter-
bots/
on November 2012 there was a socialbot competition. this
competition used twitter as social network and its goal was to
gain followers, start conversations, in a nutshell impersonate a real
human. http://www.iftf.org/future-now/article-detail/social-bot-
competition-2012/
5. Facebot Architecture
masterbot
facebot
Facebook
Servers
---------------------
Graph api
This is an overview of the facebot architecture.
The masterbot communicates with the dB in
order to add the content that is to be published
on the profile. Then bit bot will grab the some
content from the db and will use http templates
in order to communicate to Facebook servers to
perform several operations such as send friend
requests and post status updates. Then after the
bot reaches its friend threshold, it will then crawl
each and every one of friend’s profiles for
personal information and will store it on the db.
internet
Fbot
db
6. Facebot architecture(continued):
Facebot consist of three main components:
First component is the masterbot. The function of the masterbot is to deliver the
instructions and content to be published by the facebot on facebook . The masterbot
will listen on port 2222 and once a facebot phones home periodically masterbot will
pick randomly an instruction and content to be delivered. So far the instructions that are
available at the time are “write_wall. Send_frequest ans collect_data”
7. Facebot architecture(continued):
the second component it’s the client bot. the client bot is the one that handles
all the interaction with facebook. The way the the client bot operates is by
connecting to the masterbot via port 2222 once it establishes a connection it
will then receive an instruction and a set of data to be published. And once
the friend threshold is reached it will the start the data collection phase in
which all the relevant profile information from each user will be crawled.
8. Facebot architecture(continued):
the third component was the process of creating the profile on facebook. In
order to create the profile the person only needs a valid email account. But
the real challenge is to be able to build a profile that looks legitimate. In order
to make it look legitimate. The content published is randomized in order to
avoid detection see profile used for this experiment below as well as the
facebook in action:
9. Vulnerabilities seen on facebook:
A few vulnerabilities were noticed on the process of performing this research:
Large number of sybil accounts due to the ease of creating a Facebook profile. only a
valid email address is needed to create an account in in order to validate the email.
Once this is validated the profile will be active. A malicious actor can use automation in
order to parse the email contents in order to perform this process in masse
Large amount of fake profiles. In order to make the profile looks legitimate and prone to
successful infiltration. The profile needs to de compliant with current social standards of
attractiveness. A malicious actor can crawl pictures on dating sites and used them on
the fake profile. The problem here lies on the weak registration system in which doesn’t
effectively validate the identity of the person.
Abuse of facebook api. The api allows read/write of the entire social graph. This allows a
malicious actor to perform targeted crawling on victims . At the same time since the api
does not allow send/receive friend request other scripting tools have been used to
overcome this limitation
10. Findings and statistics:
The facebot was executed for a cumulative time of two weeks . Facebot send
around 1k friend requests and received approximately 900 friend requests. This
research only included with 615 friends in order to analyze a small dataset.
Some of the statistics including: gender acceptance rate, family data,
employment data, school data, location and places , relationship status info.
11. Challenges:
develop a system that is effective in detecting facebot friend
requests.
challenge the user with personal knowledge about the user in
question "social Authentication" Kim et al. Social authentication:
Harder than it looks.
detect use of automation (social API) across de OSN.
security controls need to be intuitive and easy to use to avoid
confusion.
12. Challenges:
in order to reduce pollution on social networks by facebot like programs here are some
stuff to think about:
Friend information is not private enough and only might be effective against purely
strangers. The researchers state that that people whom we frequently require privacy
protections are precisely those in our own social circle .
Automatic face recognition: researchers state that photo-based social authentication is
an extension of image-recognition CAPTCHA. Therefore the vulnerabilities that are
related with CAPTCHA can also be applicable to automatic face recognition. Which
involves machine learning attacks.
Detection of abusive usage of abusive/malicious usage related with malicious api’s.
Using web automation, a malicious actor can impersonate a user and perform all the
requests as if they were coming from a legitimate browser source. Furthermore, in order
to look less noticeable the software can be crafted in a way that falls into the normal
traffic pattern category
13. Challenges(continued):
Another challenge that needs to be addressed is the development of
security controls that are intuitive and easy to use in order to avoid user
confusion. This can be considered one of the most important challenges
because if a security control does a good job on communicating the target
user about the risk of accepting a stranger, this in itself could lead to the
prevention of social engineering attacks right from the start. In addition, in
order to accomplish this it requires knowledge of user behavior including the
influences that drove the user to make such of decisions which is another
challenge.
14. Conclusions:
Facebot like programs are a threat to OSN’s why ?
A large-scale infiltration can be possible
Defending against facebot like programs create a new set of challenges.
Facebot’s Can compromise the integrity of the OSN ecosystem. Making
real users lose trust.
Facebot’s can be a vehicle for malware delivery eg: koobface .