automated social engineering attacks in osns
DESCRIPTION
Automated Social Engineering Attacks in OSNs. Yazan Boshmaf Konstantin Beznosov Matei Ripeanu. The Not-So-Private Social Web. Or, Web 2.0. Facebook: Sharing. Social Attributes Demographics Preferences. Facebook Archives. http//www.facebook.com. Facebook: Sharing. Social Structure - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/1.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Networked Systems Laboratory (NetSysLab)
Department of Electrical & Computer Engineering
Automated Social Engineering Automated Social Engineering Attacks in OSNsAttacks in OSNs
Yazan BoshmafYazan BoshmafKonstantin BeznosovKonstantin Beznosov
Matei RipeanuMatei Ripeanu
![Page 2: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/2.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Not-So-Private Social Web.Or, Web 2.0
2
![Page 3: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/3.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Sharing
3
Facebook Archives. http//www.facebook.com
Social Attributes Demographics Preferences
![Page 4: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/4.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Sharing
4
Social Structure Friends Mutual Friends
Facebook Archives. http//www.facebook.com
![Page 5: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/5.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Public Access
5
Whoops!Whoops!
Sample!Sample!
![Page 6: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/6.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
6
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 7: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/7.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
7
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 8: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/8.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
8
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 9: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/9.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
9
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 10: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/10.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
10
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 11: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/11.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Facebook: Privacy Evolution
11
MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy
![Page 12: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/12.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
That’s Natural! People Want to Be Visible.
Or Not?
12
![Page 13: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/13.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Automated Cross-Site ID Theft
13
Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09
![Page 14: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/14.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Automated Cross-Site ID Theft
14
Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09
![Page 15: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/15.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Automated Cross-Site ID Theft
15
Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09
From Facebook
![Page 16: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/16.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Automated Cross-Site ID Theft
16
Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09
Sample!Sample!
Why did it work?
![Page 17: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/17.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Context-Aware Spam
17
Brown, G., Howe, T., Ihbe, M., Prakash, A., and Borders, K. Social networks and context-aware spam. In CSCW 2008
![Page 18: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/18.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Social Phishing
18
Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. Social phishing. Communications ACM 2007
![Page 19: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/19.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Oh, Adversaries Like OSNs!
19
![Page 20: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/20.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Web Applications Attacks
20
Evron, G. New Facebook worm warning: Wanna see somethong hot? http://darkreading.com/blog/archives/2009/11/new_facebook_wo.html
![Page 21: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/21.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Can be Turned into a Botnet!
21
Anthanasopolous, E., Makridakias, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K. G., and Markatos, E. P. Antisocial networks: Turning a social network into a botnet. In ISC ’08
![Page 22: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/22.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Koobface Botnet
22
TrendMicro. The real face of koobface. Technical report 2009
![Page 23: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/23.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Social Engineering Exploits Relationships and Trust
23
![Page 24: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/24.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Research Questions
24
Mwahaha!Mwahaha!
![Page 25: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/25.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
How Many Attacker Did You Befriend Today?
25
![Page 26: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/26.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Before
26
![Page 27: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/27.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Crawling
27
TargetAdversary
![Page 28: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/28.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Ranking
28
TargetAdversary
6
2
8
5
1
7 4
3
![Page 29: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/29.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Infiltrating
29
TargetAdversary
6
2
8
5
1
7 4
3
![Page 30: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/30.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Infiltrating
30
TargetAdversary
6
2
8
5
1
7 4
3
![Page 31: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/31.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Infiltrating
31
TargetAdversary
6
2
8
5
1
7 4
3
![Page 32: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/32.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - Infiltrating
32
TargetAdversary
6
2
8
5
1
7 4
3
![Page 33: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/33.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - After
33
6
2
8
5
1
7 4
3
TargetAdversary
![Page 34: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/34.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Attack - After
34
TargetAdversary
![Page 35: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/35.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
What Does The Adversary Have?
35
![Page 36: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/36.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
A Network of “Trust”
36
TargetAdversary
![Page 37: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/37.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Surveillance
37
TargetAdversary
![Page 38: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/38.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Global Surveillance
38
![Page 39: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/39.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Amplified Social Engineering
39
TargetAdversary
Sarah, the Pool event last week was
awesome!
Sarah, the Pool event last week was
awesome!
Yeah, I posted the picture! Will send you a
link soon.
Yeah, I posted the picture! Will send you a
link soon.
Aha!Aha!
![Page 40: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/40.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Mitigation: The Wisdom of Crowd
40
![Page 41: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/41.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Towards Social Collaborative Security
41
Hey Kosta, check out this link
http://www.malicous.com
Hey Kosta, check out this link
http://www.malicous.com
Looks malicious!
Looks malicious!
![Page 42: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/42.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Towards Social Collaborative Security
42
Social Network Collaboration Network
Hey Kosta, check out this link
http://www.malicous.com
Hey Kosta, check out this link
http://www.malicous.com
Hey all, this link is malicious
http://www.malicous.com
Hey all, this link is malicious
http://www.malicous.com
?Looks
malicious!Looks
malicious!
![Page 43: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/43.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
The Big Picture
• Vulnerability: Authenticity of online relationships + public
information• Things to evaluate:
The attack in real-settings (Now, simulation-only). Usability and expressiveness of privacy controls vs.
privacy implications realized by users.• Identified issues:
How can social networking sites, or OSNs, distinguish between fake and real online identities (Social Sybil Nodes)?
• Future work: Social Collaborative Security (threat identification,
opinion mining, reasoning, alert diffusion, etc.)
43
![Page 44: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/44.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
lersse.ece.ubc.ca
44
![Page 45: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/45.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Backup
45
![Page 46: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/46.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
Evaluation (Simulation)
46
![Page 47: Automated Social Engineering Attacks in OSNs](https://reader035.vdocument.in/reader035/viewer/2022062803/56814703550346895db43f74/html5/thumbnails/47.jpg)
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)Networked Systems Laboratory (NetSysLab)
47