abusing social networks for automated user profilingsiy117527/sil765/readings/socialabuse.pdf ·...
TRANSCRIPT
![Page 1: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/1.jpg)
Abusing Social Networks forAutomated User Profiling
Presented byNiraj 2009CS50249Sidhartha Gupta 2009CS50490
Recent Advances in Intrusion
Marco Balduzzi, Christian Platzer, Thorsten HolzEngin Kirda, Davide Balzarotti and Christopher Kruegel
![Page 2: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/2.jpg)
Motivations
• Social Networks have experienced a huge surge inpopularity
- The amount of personal information they store requiresappropriate security precautions
• Many users tend to be overly revealing whenpublishing personal information
- People are not aware of all the possible way in which theseinfo can be abused
• A simple problem can result in serious consequencesfor thousands of Social Networks users
![Page 3: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/3.jpg)
The Finding-Friends functionality
Social Networks usually provide an email-basedfunctionality to search for existing friends
RAID 2010 - 17th September
![Page 4: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/4.jpg)
What is the Problem?
• Problems of the Finding-Friends functionality:- Map a profile to an email
(normally considered a private information)
- Bulk queries of thousands of emails (10,000 on FB)
- Recursive queries via email fuzzing on user friends
![Page 5: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/5.jpg)
How to build the Identity of a person?iSecLab @ Eurecom
• Different profiles with the same e-mail address belong tothe same person
• The e-mail address can be used to build the identity of aperson extracting info from multiple social networks
RAID 2010 - 17th September
![Page 6: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/6.jpg)
Impact
• Validation of e-mail addresses on large scale formassive spam attacks
- Fast and automated
• Enrich e-mail addresses with private user informationfor targeted attacks
- Phishing, social engineering
- Information gathering
• Detection of inconsistent profile informations
• Discovering of “hidden” identities
![Page 7: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/7.jpg)
System OverviewiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 8: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/8.jpg)
Experiments
• Identified 8 popular Social Networks providers thatsupport the Finding-Friends functionality:- Facebook, MySpace, Twitter, LinkedIN, Friendster, Badoo,
Netlog, XING
• Input data: 10 million e-mail addresses
• Two phases:1. Discover user profiles by e-mail querying
2. Profile user identities by e-mail correlation
![Page 9: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/9.jpg)
Discovered profilesiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 10: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/10.jpg)
Discovered profilesiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 11: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/11.jpg)
Discovered profilesiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 12: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/12.jpg)
Profiling of the user identitiesiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 13: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/13.jpg)
Parsing sensitive informationiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 14: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/14.jpg)
Information MismatchiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 15: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/15.jpg)
Information MismatchiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 16: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/16.jpg)
Information MismatchiSecLab @ Eurecom
RAID 2010 - 17th September
![Page 17: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/17.jpg)
Mismatches in Provided Age Information
iSecLab @ Eurecom
• 1/3 of the profiles have a mismatch in the age(of at least two years)
• Underage users claim to be > 18 to register on datingsites (Badoo)
RAID 2010 - 17th September
![Page 18: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/18.jpg)
Countermeasures
1. Do not provide a direct map between e-mail and user(e.g. returning a list of registered accounts in random order)
2. CAPTCHA
3. Require contextual information to acknowledge thedata
4. Raising awareness (e.g. use a different e-mail forsites with personal information)
![Page 19: Abusing Social Networks for Automated User Profilingsiy117527/sil765/readings/socialabuse.pdf · sites (Badoo) RAID 2010 - 17th September. Countermeasures 1. Do not provide a direct](https://reader035.vdocument.in/reader035/viewer/2022063018/5fdba6e1fe38016ab249417b/html5/thumbnails/19.jpg)
Conclusions• “Finding-Friends” can be abused to:
1. Map thousands of profiles to their personal e-mails
2. Correlate profiles across multiple networks to build user identities• Implemented an Automated System that showsthe real impact of the attack•Run experiments on 8 popular SN providers,most of which acknowledge/fixed the problem