SlideShare a Scribd company logo

Facebot

P
PuN1sh3r_1
Technology
1 of 14
Download to read offline
OUTLINE Problem: Facebot: Motivation: Conclusions/challenges:
Motivation and problem:  large increase of people using Facebook dramatically, over one billion active users in 2012. http://money.cnn.com/2012/10/04/technology/facebook-billion- users/index.html  lots of personal identifiable information being disclosed. this information can be used for the following:  social engineering attacks.  Reconnaissance in order to perform a large scale attack.  Malware delivery.  Some facts related with Facebook.  39.3 million identified a family member in a profile.  20.4 million included their birth date and year in their profile.  2.6 million discussed their recreational use of alcohol on their wall.  4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million liked a Facebook page about health conditions or treatments (details an insurer might use against you). http://www.consumerreports.org/cro/magazine/2012/06/facebook- your-privacy/index.htm http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing- too-much-itll-cost-you/
What is a Facebot?:  facebot is a piece of software that resembles a real human user on Facebook. allowing it to gather personal information for later use. This information can be used as material to perform social engineering , reconnaissance and even for monetary gain. the bot would have the ability to: post status updates , and send/accept friend request to/from people of interest.  Example of other bots relating social media.  on the 2012 presidential campaign an analysis was made by barracuda networks. barracuda found that 31 percent of Romney followers were bots, in addition, for the Obama campaign the was 42 percent. http://www.wired.com/wiredenterprise/2012/11/poll-of-twitter- bots/  on November 2012 there was a socialbot competition. this competition used twitter as social network and its goal was to gain followers, start conversations, in a nutshell impersonate a real human. http://www.iftf.org/future-now/article-detail/social-bot- competition-2012/
Facebot Architecture masterbot facebot Facebook Servers --------------------- Graph api This is an overview of the facebot architecture. The masterbot communicates with the dB in order to add the content that is to be published on the profile. Then bit bot will grab the some content from the db and will use http templates in order to communicate to Facebook servers to perform several operations such as send friend requests and post status updates. Then after the bot reaches its friend threshold, it will then crawl each and every one of friend’s profiles for personal information and will store it on the db. internet Fbot db
Facebot architecture(continued):  Facebot consist of three main components:  First component is the masterbot. The function of the masterbot is to deliver the instructions and content to be published by the facebot on facebook . The masterbot will listen on port 2222 and once a facebot phones home periodically masterbot will pick randomly an instruction and content to be delivered. So far the instructions that are available at the time are “write_wall. Send_frequest ans collect_data”
Facebot architecture(continued):  the second component it’s the client bot. the client bot is the one that handles all the interaction with facebook. The way the the client bot operates is by connecting to the masterbot via port 2222 once it establishes a connection it will then receive an instruction and a set of data to be published. And once the friend threshold is reached it will the start the data collection phase in which all the relevant profile information from each user will be crawled.
Facebot architecture(continued):  the third component was the process of creating the profile on facebook. In order to create the profile the person only needs a valid email account. But the real challenge is to be able to build a profile that looks legitimate. In order to make it look legitimate. The content published is randomized in order to avoid detection see profile used for this experiment below as well as the facebook in action:
Vulnerabilities seen on facebook:  A few vulnerabilities were noticed on the process of performing this research:  Large number of sybil accounts due to the ease of creating a Facebook profile. only a valid email address is needed to create an account in in order to validate the email. Once this is validated the profile will be active. A malicious actor can use automation in order to parse the email contents in order to perform this process in masse  Large amount of fake profiles. In order to make the profile looks legitimate and prone to successful infiltration. The profile needs to de compliant with current social standards of attractiveness. A malicious actor can crawl pictures on dating sites and used them on the fake profile. The problem here lies on the weak registration system in which doesn’t effectively validate the identity of the person.  Abuse of facebook api. The api allows read/write of the entire social graph. This allows a malicious actor to perform targeted crawling on victims . At the same time since the api does not allow send/receive friend request other scripting tools have been used to overcome this limitation
Findings and statistics:  The facebot was executed for a cumulative time of two weeks . Facebot send around 1k friend requests and received approximately 900 friend requests. This research only included with 615 friends in order to analyze a small dataset.  Some of the statistics including: gender acceptance rate, family data, employment data, school data, location and places , relationship status info.
Challenges:  develop a system that is effective in detecting facebot friend requests.  challenge the user with personal knowledge about the user in question "social Authentication" Kim et al. Social authentication: Harder than it looks.  detect use of automation (social API) across de OSN.  security controls need to be intuitive and easy to use to avoid confusion.
Challenges:  in order to reduce pollution on social networks by facebot like programs here are some stuff to think about:  Friend information is not private enough and only might be effective against purely strangers. The researchers state that that people whom we frequently require privacy protections are precisely those in our own social circle .  Automatic face recognition: researchers state that photo-based social authentication is an extension of image-recognition CAPTCHA. Therefore the vulnerabilities that are related with CAPTCHA can also be applicable to automatic face recognition. Which involves machine learning attacks.  Detection of abusive usage of abusive/malicious usage related with malicious api’s. Using web automation, a malicious actor can impersonate a user and perform all the requests as if they were coming from a legitimate browser source. Furthermore, in order to look less noticeable the software can be crafted in a way that falls into the normal traffic pattern category
Challenges(continued):  Another challenge that needs to be addressed is the development of security controls that are intuitive and easy to use in order to avoid user confusion. This can be considered one of the most important challenges because if a security control does a good job on communicating the target user about the risk of accepting a stranger, this in itself could lead to the prevention of social engineering attacks right from the start. In addition, in order to accomplish this it requires knowledge of user behavior including the influences that drove the user to make such of decisions which is another challenge.
Conclusions:  Facebot like programs are a threat to OSN’s why ?  A large-scale infiltration can be possible  Defending against facebot like programs create a new set of challenges.  Facebot’s Can compromise the integrity of the OSN ecosystem. Making real users lose trust.  Facebot’s can be a vehicle for malware delivery eg: koobface .

Recommended

Facebook
FacebookFacebook
FacebookSTOBARTEVANS
 
Third parties are actively seeking out end-user information using Facebook
Third parties are actively seeking out end-user information using FacebookThird parties are actively seeking out end-user information using Facebook
Third parties are actively seeking out end-user information using FacebookDaniel Ilunga
 
Cataloguing your friends and neighbours
Cataloguing your friends and neighboursCataloguing your friends and neighbours
Cataloguing your friends and neighboursScottish Library & Information Council (SLIC), CILIP in Scotland (CILIPS)
 
Facebook Security
Facebook SecurityFacebook Security
Facebook Securitythaash95
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Facebook and security settings settings
Facebook and security settings settingsFacebook and security settings settings
Facebook and security settings settingsAbhishek Gupta
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
Future of Contact Importers
Future of Contact ImportersFuture of Contact Importers
Future of Contact Importersstreety
 

Recommended

Facebook
FacebookFacebook
FacebookSTOBARTEVANS
 
Third parties are actively seeking out end-user information using Facebook
Third parties are actively seeking out end-user information using FacebookThird parties are actively seeking out end-user information using Facebook
Third parties are actively seeking out end-user information using FacebookDaniel Ilunga
 
Cataloguing your friends and neighbours
Cataloguing your friends and neighboursCataloguing your friends and neighbours
Cataloguing your friends and neighboursScottish Library & Information Council (SLIC), CILIP in Scotland (CILIPS)
 
Facebook Security
Facebook SecurityFacebook Security
Facebook Securitythaash95
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Facebook and security settings settings
Facebook and security settings settingsFacebook and security settings settings
Facebook and security settings settingsAbhishek Gupta
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
Future of Contact Importers
Future of Contact ImportersFuture of Contact Importers
Future of Contact Importersstreety
 
Twitter 11 mar15
Twitter 11 mar15Twitter 11 mar15
Twitter 11 mar15Naval OPSEC
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings ReportAbhishek Gupta
 
project1lis3353 (1)
project1lis3353 (1)project1lis3353 (1)
project1lis3353 (1)Monte VanDyke
 
Dangers facebook
Dangers facebookDangers facebook
Dangers facebookJigawa State Polytechnic
 
Dangers of Facebook
Dangers of FacebookDangers of Facebook
Dangers of FacebookJigawa State Polytechnic Dutse
 
Dangers facebook
Dangers facebookDangers facebook
Dangers facebookJigawa State Polytechnic Dutse
 
Facebook mobile 11mar15
Facebook mobile 11mar15Facebook mobile 11mar15
Facebook mobile 11mar15Naval OPSEC
 
762019109
762019109762019109
762019109IJRAT
 
1) Danger of facebook
1) Danger of facebook1) Danger of facebook
1) Danger of facebookjigawa state polytechnic Dutse CST
 
Facebook Privacy and Security Guide
Facebook Privacy and Security GuideFacebook Privacy and Security Guide
Facebook Privacy and Security Guide- Mark - Fullbright
 
Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareAditya K Sood
 
Facebook 10 mar15
Facebook 10 mar15Facebook 10 mar15
Facebook 10 mar15Naval OPSEC
 
Security Paper
Security PaperSecurity Paper
Security PaperShante' Perrin
 
Photo sharing services 10 mar15
Photo sharing services 10 mar15Photo sharing services 10 mar15
Photo sharing services 10 mar15Naval OPSEC
 
Diving Into Facebook And Twitter
Diving Into Facebook And TwitterDiving Into Facebook And Twitter
Diving Into Facebook And TwitterPaulette Bennett
 
Google plus 10 mar15
Google plus 10 mar15Google plus 10 mar15
Google plus 10 mar15Naval OPSEC
 
Barcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applicationsBarcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applicationsRichard Wright
 
Assignmet on facebook
Assignmet on facebookAssignmet on facebook
Assignmet on facebookRajib Pagol Bondhu
 
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...Nicola Osborne
 
Trace Criminal using IBM Watson
Trace Criminal using IBM WatsonTrace Criminal using IBM Watson
Trace Criminal using IBM WatsonAmitava Roy
 
How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?Thought096
 
Whats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 IskandarWhats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 IskandarNudge Social Media
 

More Related Content

What's hot

Twitter 11 mar15
Twitter 11 mar15Twitter 11 mar15
Twitter 11 mar15Naval OPSEC
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings ReportAbhishek Gupta
 
Facebook mobile 11mar15
Facebook mobile 11mar15Facebook mobile 11mar15
Facebook mobile 11mar15Naval OPSEC
 
762019109
762019109762019109
762019109IJRAT
 
Facebook Privacy and Security Guide
Facebook Privacy and Security GuideFacebook Privacy and Security Guide
Facebook Privacy and Security Guide- Mark - Fullbright
 
Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareAditya K Sood
 
Facebook 10 mar15
Facebook 10 mar15Facebook 10 mar15
Facebook 10 mar15Naval OPSEC
 
Photo sharing services 10 mar15
Photo sharing services 10 mar15Photo sharing services 10 mar15
Photo sharing services 10 mar15Naval OPSEC
 
Diving Into Facebook And Twitter
Diving Into Facebook And TwitterDiving Into Facebook And Twitter
Diving Into Facebook And TwitterPaulette Bennett
 
Google plus 10 mar15
Google plus 10 mar15Google plus 10 mar15
Google plus 10 mar15Naval OPSEC
 

What's hot (16)

Twitter 11 mar15
Twitter 11 mar15Twitter 11 mar15
Twitter 11 mar15
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings Report
 
project1lis3353 (1)
project1lis3353 (1)project1lis3353 (1)
project1lis3353 (1)
 
Dangers facebook
Dangers facebookDangers facebook
Dangers facebook
 
Dangers of Facebook
Dangers of FacebookDangers of Facebook
Dangers of Facebook
 
Dangers facebook
Dangers facebookDangers facebook
Dangers facebook
 
Facebook mobile 11mar15
Facebook mobile 11mar15Facebook mobile 11mar15
Facebook mobile 11mar15
 
762019109
762019109762019109
762019109
 
1) Danger of facebook
1) Danger of facebook1) Danger of facebook
1) Danger of facebook
 
Facebook Privacy and Security Guide
Facebook Privacy and Security GuideFacebook Privacy and Security Guide
Facebook Privacy and Security Guide
 
Emerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks MalwareEmerging Trends in Online Social Networks Malware
Emerging Trends in Online Social Networks Malware
 
Facebook 10 mar15
Facebook 10 mar15Facebook 10 mar15
Facebook 10 mar15
 
Security Paper
Security PaperSecurity Paper
Security Paper
 
Photo sharing services 10 mar15
Photo sharing services 10 mar15Photo sharing services 10 mar15
Photo sharing services 10 mar15
 
Diving Into Facebook And Twitter
Diving Into Facebook And TwitterDiving Into Facebook And Twitter
Diving Into Facebook And Twitter
 
Google plus 10 mar15
Google plus 10 mar15Google plus 10 mar15
Google plus 10 mar15
 

Similar to Facebot

Barcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applicationsBarcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applicationsRichard Wright
 
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...Nicola Osborne
 
Trace Criminal using IBM Watson
Trace Criminal using IBM WatsonTrace Criminal using IBM Watson
Trace Criminal using IBM WatsonAmitava Roy
 
How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?Thought096
 
Whats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 IskandarWhats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 IskandarNudge Social Media
 
Ikandar Najmuddin - "What's new?"
Ikandar Najmuddin - "What's new?"Ikandar Najmuddin - "What's new?"
Ikandar Najmuddin - "What's new?"iPlatform
 
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...Moon Technolabs Pvt. Ltd.
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
 
Most effective Social Media Platform today
Most effective Social Media Platform today Most effective Social Media Platform today
Most effective Social Media Platform today rajjoshi78
 
IRJET- Fake Profile Identification using Machine Learning
IRJET- Fake Profile Identification using Machine LearningIRJET- Fake Profile Identification using Machine Learning
IRJET- Fake Profile Identification using Machine LearningIRJET Journal
 
OpenSocial Vs Facebook
OpenSocial Vs FacebookOpenSocial Vs Facebook
OpenSocial Vs FacebookPravin Nirmal
 
IRJET - A Web-based College Enquiry Chatbot using .Net and Dataset
IRJET - A Web-based College Enquiry Chatbot using .Net and DatasetIRJET - A Web-based College Enquiry Chatbot using .Net and Dataset
IRJET - A Web-based College Enquiry Chatbot using .Net and DatasetIRJET Journal
 
Sbs facebook data privacy dilemma case study
Sbs facebook data privacy dilemma case studySbs facebook data privacy dilemma case study
Sbs facebook data privacy dilemma case studysmumbahelp
 
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...Paolo Massa
 

Similar to Facebot (20)

Barcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applicationsBarcamp AK4 Building facebook applications
Barcamp AK4 Building facebook applications
 
Assignmet on facebook
Assignmet on facebookAssignmet on facebook
Assignmet on facebook
 
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
Cataloguing Your Friends and Neighbours: Personal Metadata and the Opportunit...
 
Trace Criminal using IBM Watson
Trace Criminal using IBM WatsonTrace Criminal using IBM Watson
Trace Criminal using IBM Watson
 
How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?How to use a Tool to Hack Facebook?
How to use a Tool to Hack Facebook?
 
Whats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 IskandarWhats New On The Facebook Platform Feb 2010 Iskandar
Whats New On The Facebook Platform Feb 2010 Iskandar
 
Ikandar Najmuddin - "What's new?"
Ikandar Najmuddin - "What's new?"Ikandar Najmuddin - "What's new?"
Ikandar Najmuddin - "What's new?"
 
Proposal.docx
Proposal.docxProposal.docx
Proposal.docx
 
FacebookAPIWhitePaper
FacebookAPIWhitePaperFacebookAPIWhitePaper
FacebookAPIWhitePaper
 
FacebookAPIWhitePaper
FacebookAPIWhitePaperFacebookAPIWhitePaper
FacebookAPIWhitePaper
 
Facebook
FacebookFacebook
Facebook
 
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...
Casual Dating App_ An Effective Way To Connect With Each Other In San Francis...
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
 
Most effective Social Media Platform today
Most effective Social Media Platform today Most effective Social Media Platform today
Most effective Social Media Platform today
 
IRJET- Fake Profile Identification using Machine Learning
IRJET- Fake Profile Identification using Machine LearningIRJET- Fake Profile Identification using Machine Learning
IRJET- Fake Profile Identification using Machine Learning
 
OpenSocial Vs Facebook
OpenSocial Vs FacebookOpenSocial Vs Facebook
OpenSocial Vs Facebook
 
IRJET - A Web-based College Enquiry Chatbot using .Net and Dataset
IRJET - A Web-based College Enquiry Chatbot using .Net and DatasetIRJET - A Web-based College Enquiry Chatbot using .Net and Dataset
IRJET - A Web-based College Enquiry Chatbot using .Net and Dataset
 
Sbs facebook data privacy dilemma case study
Sbs facebook data privacy dilemma case studySbs facebook data privacy dilemma case study
Sbs facebook data privacy dilemma case study
 
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...
An Empirical Analysis on Social Capital and Enterprise 2.0 Participation in a...
 
Social Media Android APP
Social Media Android APPSocial Media Android APP
Social Media Android APP
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Facebot

  • 1.
  • 3. Motivation and problem:  large increase of people using Facebook dramatically, over one billion active users in 2012. http://money.cnn.com/2012/10/04/technology/facebook-billion- users/index.html  lots of personal identifiable information being disclosed. this information can be used for the following:  social engineering attacks.  Reconnaissance in order to perform a large scale attack.  Malware delivery.  Some facts related with Facebook.  39.3 million identified a family member in a profile.  20.4 million included their birth date and year in their profile.  2.6 million discussed their recreational use of alcohol on their wall.  4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million liked a Facebook page about health conditions or treatments (details an insurer might use against you). http://www.consumerreports.org/cro/magazine/2012/06/facebook- your-privacy/index.htm http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing- too-much-itll-cost-you/
  • 4. What is a Facebot?:  facebot is a piece of software that resembles a real human user on Facebook. allowing it to gather personal information for later use. This information can be used as material to perform social engineering , reconnaissance and even for monetary gain. the bot would have the ability to: post status updates , and send/accept friend request to/from people of interest.  Example of other bots relating social media.  on the 2012 presidential campaign an analysis was made by barracuda networks. barracuda found that 31 percent of Romney followers were bots, in addition, for the Obama campaign the was 42 percent. http://www.wired.com/wiredenterprise/2012/11/poll-of-twitter- bots/  on November 2012 there was a socialbot competition. this competition used twitter as social network and its goal was to gain followers, start conversations, in a nutshell impersonate a real human. http://www.iftf.org/future-now/article-detail/social-bot- competition-2012/
  • 5. Facebot Architecture masterbot facebot Facebook Servers --------------------- Graph api This is an overview of the facebot architecture. The masterbot communicates with the dB in order to add the content that is to be published on the profile. Then bit bot will grab the some content from the db and will use http templates in order to communicate to Facebook servers to perform several operations such as send friend requests and post status updates. Then after the bot reaches its friend threshold, it will then crawl each and every one of friend’s profiles for personal information and will store it on the db. internet Fbot db
  • 6. Facebot architecture(continued):  Facebot consist of three main components:  First component is the masterbot. The function of the masterbot is to deliver the instructions and content to be published by the facebot on facebook . The masterbot will listen on port 2222 and once a facebot phones home periodically masterbot will pick randomly an instruction and content to be delivered. So far the instructions that are available at the time are “write_wall. Send_frequest ans collect_data”
  • 7. Facebot architecture(continued):  the second component it’s the client bot. the client bot is the one that handles all the interaction with facebook. The way the the client bot operates is by connecting to the masterbot via port 2222 once it establishes a connection it will then receive an instruction and a set of data to be published. And once the friend threshold is reached it will the start the data collection phase in which all the relevant profile information from each user will be crawled.
  • 8. Facebot architecture(continued):  the third component was the process of creating the profile on facebook. In order to create the profile the person only needs a valid email account. But the real challenge is to be able to build a profile that looks legitimate. In order to make it look legitimate. The content published is randomized in order to avoid detection see profile used for this experiment below as well as the facebook in action:
  • 9. Vulnerabilities seen on facebook:  A few vulnerabilities were noticed on the process of performing this research:  Large number of sybil accounts due to the ease of creating a Facebook profile. only a valid email address is needed to create an account in in order to validate the email. Once this is validated the profile will be active. A malicious actor can use automation in order to parse the email contents in order to perform this process in masse  Large amount of fake profiles. In order to make the profile looks legitimate and prone to successful infiltration. The profile needs to de compliant with current social standards of attractiveness. A malicious actor can crawl pictures on dating sites and used them on the fake profile. The problem here lies on the weak registration system in which doesn’t effectively validate the identity of the person.  Abuse of facebook api. The api allows read/write of the entire social graph. This allows a malicious actor to perform targeted crawling on victims . At the same time since the api does not allow send/receive friend request other scripting tools have been used to overcome this limitation
  • 10. Findings and statistics:  The facebot was executed for a cumulative time of two weeks . Facebot send around 1k friend requests and received approximately 900 friend requests. This research only included with 615 friends in order to analyze a small dataset.  Some of the statistics including: gender acceptance rate, family data, employment data, school data, location and places , relationship status info.
  • 11. Challenges:  develop a system that is effective in detecting facebot friend requests.  challenge the user with personal knowledge about the user in question "social Authentication" Kim et al. Social authentication: Harder than it looks.  detect use of automation (social API) across de OSN.  security controls need to be intuitive and easy to use to avoid confusion.
  • 12. Challenges:  in order to reduce pollution on social networks by facebot like programs here are some stuff to think about:  Friend information is not private enough and only might be effective against purely strangers. The researchers state that that people whom we frequently require privacy protections are precisely those in our own social circle .  Automatic face recognition: researchers state that photo-based social authentication is an extension of image-recognition CAPTCHA. Therefore the vulnerabilities that are related with CAPTCHA can also be applicable to automatic face recognition. Which involves machine learning attacks.  Detection of abusive usage of abusive/malicious usage related with malicious api’s. Using web automation, a malicious actor can impersonate a user and perform all the requests as if they were coming from a legitimate browser source. Furthermore, in order to look less noticeable the software can be crafted in a way that falls into the normal traffic pattern category
  • 13. Challenges(continued):  Another challenge that needs to be addressed is the development of security controls that are intuitive and easy to use in order to avoid user confusion. This can be considered one of the most important challenges because if a security control does a good job on communicating the target user about the risk of accepting a stranger, this in itself could lead to the prevention of social engineering attacks right from the start. In addition, in order to accomplish this it requires knowledge of user behavior including the influences that drove the user to make such of decisions which is another challenge.
  • 14. Conclusions:  Facebot like programs are a threat to OSN’s why ?  A large-scale infiltration can be possible  Defending against facebot like programs create a new set of challenges.  Facebot’s Can compromise the integrity of the OSN ecosystem. Making real users lose trust.  Facebot’s can be a vehicle for malware delivery eg: koobface .