OUTLINE

Problem:

Facebot:

Motivation:

Conclusions/challenges:

Motivation and problem: large increase of people using Facebook dramatically, over one billion

active users in 2012. http://money.cnn.com/2012/10/04/technology/facebook-billion-users/index.html

lots of personal identifiable information being disclosed. this information can be used for the following:

social engineering attacks.

Reconnaissance in order to perform a large scale attack.

Malware delivery.

Some facts related with Facebook. 39.3 million identified a family member in a profile.

20.4 million included their birth date and year in their profile.

2.6 million discussed their recreational use of alcohol on their wall.

4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million liked a Facebook page about health conditions or treatments (details an insurer might use against you).

http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm

http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/

What is a Facebot?: facebot is a piece of software that resembles a real human user on

Facebook. allowing it to gather personal information for later use. This information can be used as material to perform social engineering , reconnaissance and even for monetary gain. the bot would have the ability to: post status updates , and send/accept friend request to/from people of interest.

Example of other bots relating social media.

on the 2012 presidential campaign an analysis was made by barracuda networks. barracuda found that 31 percent of Romney followers were bots, in addition, for the Obama campaign the was 42 percent. http://www.wired.com/wiredenterprise/2012/11/poll-of-twitter-bots/

on November 2012 there was a socialbot competition. this competition used twitter as social network and its goal was to gain followers, start conversations, in a nutshell impersonate a real human. http://www.iftf.org/future-now/article-detail/social-bot-competition-2012/

Facebot Architecture

masterbot

facebot

Facebook Servers

--------------------- Graph api

This is an overview of the facebot architecture. The masterbot communicates with the dB in order to add the content that is to be published on the profile. Then bit bot will grab the some content from the db and will use http templates

in order to communicate to Facebook servers to perform several operations such as send friend requests and post status updates. Then after the bot reaches its friend threshold, it will then crawl each and every one of friend’s profiles for personal information and will store it on the db.

internet Fbot

db

Facebot architecture(continued): Facebot consist of three main components:

First component is the masterbot. The function of the masterbot is to deliver the

instructions and content to be published by the facebot on facebook . The masterbot

will listen on port 2222 and once a facebot phones home periodically masterbot will

pick randomly an instruction and content to be delivered. So far the instructions that are

available at the time are “write_wall. Send_frequest ans collect_data”

Facebot architecture(continued): the second component it’s the client bot. the client bot is the one that handles

all the interaction with facebook. The way the the client bot operates is by connecting to the masterbot via port 2222 once it establishes a connection it will then receive an instruction and a set of data to be published. And once the friend threshold is reached it will the start the data collection phase in which all the relevant profile information from each user will be crawled.

Facebot architecture(continued): the third component was the process of creating the profile on facebook. In

order to create the profile the person only needs a valid email account. But the real challenge is to be able to build a profile that looks legitimate. In order to make it look legitimate. The content published is randomized in order to avoid detection see profile used for this experiment below as well as the facebook in action:

Vulnerabilities seen on facebook: A few vulnerabilities were noticed on the process of performing this research:

Large number of sybil accounts due to the ease of creating a Facebook profile. only a

valid email address is needed to create an account in in order to validate the email.

Once this is validated the profile will be active. A malicious actor can use automation in

order to parse the email contents in order to perform this process in masse

Large amount of fake profiles. In order to make the profile looks legitimate and prone to

successful infiltration. The profile needs to de compliant with current social standards of

attractiveness. A malicious actor can crawl pictures on dating sites and used them on

the fake profile. The problem here lies on the weak registration system in which doesn’t effectively validate the identity of the person.

Abuse of facebook api. The api allows read/write of the entire social graph. This allows a

malicious actor to perform targeted crawling on victims . At the same time since the api

does not allow send/receive friend request other scripting tools have been used to

overcome this limitation

Findings and statistics: The facebot was executed for a cumulative time of two weeks . Facebot send

around 1k friend requests and received approximately 900 friend requests. This research only included with 615 friends in order to analyze a small dataset.

Some of the statistics including: gender acceptance rate, family data, employment data, school data, location and places , relationship status info.

Challenges: develop a system that is effective in detecting facebot friend

requests.

challenge the user with personal knowledge about the user in

question "social Authentication" Kim et al. Social authentication:

Harder than it looks.

detect use of automation (social API) across de OSN.

security controls need to be intuitive and easy to use to avoid

confusion.

Challenges: in order to reduce pollution on social networks by facebot like programs here are some

stuff to think about:

Friend information is not private enough and only might be effective against purely

strangers. The researchers state that that people whom we frequently require privacy

protections are precisely those in our own social circle .

Automatic face recognition: researchers state that photo-based social authentication is

an extension of image-recognition CAPTCHA. Therefore the vulnerabilities that are

related with CAPTCHA can also be applicable to automatic face recognition. Which

involves machine learning attacks.

Detection of abusive usage of abusive/malicious usage related with malicious api’s. Using web automation, a malicious actor can impersonate a user and perform all the

requests as if they were coming from a legitimate browser source. Furthermore, in order

to look less noticeable the software can be crafted in a way that falls into the normal

traffic pattern category

Challenges(continued): Another challenge that needs to be addressed is the development of

security controls that are intuitive and easy to use in order to avoid user

confusion. This can be considered one of the most important challenges

because if a security control does a good job on communicating the target

user about the risk of accepting a stranger, this in itself could lead to the

prevention of social engineering attacks right from the start. In addition, in

order to accomplish this it requires knowledge of user behavior including the

influences that drove the user to make such of decisions which is another

challenge.

Conclusions: Facebot like programs are a threat to OSN’s why ?

A large-scale infiltration can be possible

Defending against facebot like programs create a new set of challenges.

Facebot’s Can compromise the integrity of the OSN ecosystem. Making real users lose trust.

Facebot’s can be a vehicle for malware delivery eg: koobface .