Guided socialbots: Infiltrating the social networks of specific organizations' employees

A dimension of the Internet that has gained great popularity in recent years is the platform of online social networks (OSNs). Users all over the world write, share, and publish personal information about themselves, their friends, and their workplaces within this platform of communication. In this study we demonstrate the relative ease of creating malicious socialbots that act as social network “friends”, resulting in OSN users unknowingly exposing potentially harmful information about themselves and their places of employment. We present an algorithm for infiltrating specific OSN users who are employees of targeted organizations, using the topologies of organizational social networks and utilizing socialbots to gain access to these networks. We focus on two well-known OSNs – Facebook and Xing – to evaluate our suggested method for infiltrating key-role employees in targeted organizations. The results obtained demonstrate how adversaries can infiltrate social networks to gain access to valuable, private information regarding employees and their organizations.

[1]  Katie A. Siek,et al.  Analysis of Information Disclosure on a Social Networking Site , 2009, HCI.

[2]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[3]  Aaron Smith,et al.  Social Media & Mobile Internet Use among Teens and Young Adults. Millennials. , 2010 .

[4]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[5]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[6]  George Danezis,et al.  Prying Data out of a Social Network , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[7]  Gang Wang,et al.  Follow the green: growth and dynamics in twitter follower markets , 2013, Internet Measurement Conference.

[8]  Yamir Moreno,et al.  Theory of Rumour Spreading in Complex Social Networks , 2007, ArXiv.

[9]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[10]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[11]  Krishna P. Gummadi,et al.  Growth of the flickr social network , 2008, WOSN '08.

[12]  Lindsay T. Graham,et al.  A Review of Facebook Research in the Social Sciences , 2012, Perspectives on psychological science : a journal of the Association for Psychological Science.

[13]  Bhavani M. Thuraisingham,et al.  Inferring private information using social network data , 2009, WWW '09.

[14]  Shah Mahmood,et al.  Online Social Networks: Privacy Threats and Defenses , 2013, Security and Privacy Preserving in Social Networks.

[15]  Hosung Park,et al.  What is Twitter, a social network or a news media? , 2010, WWW '10.

[16]  Jacob Ratkiewicz,et al.  Detecting and Tracking the Spread of Astroturf Memes in Microblog Streams , 2010, ArXiv.

[17]  Janis Wolak,et al.  Online “predators” and their victims: Myths, realities, and implications for prevention and treatment , 2010 .

[18]  Sushil Jajodia,et al.  Who is tweeting on Twitter: human, bot, or cyborg? , 2010, ACSAC '10.

[19]  Elisheva F. Gross,et al.  Adolescent Internet use: What we expect, what teens report , 2004 .

[20]  Michele L. Ybarra,et al.  How Risky Are Social Networking Sites? A Comparison of Places Online Where Youth Sexual Solicitation and Harassment Occurs , 2008, Pediatrics.

[21]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.

[22]  Lars Backstrom,et al.  The Anatomy of the Facebook Social Graph , 2011, ArXiv.

[23]  Yuval Elovici,et al.  Friend or foe? Fake profile identification in online social networks , 2013, Social Network Analysis and Mining.

[24]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions Survey , 2013, ArXiv.

[25]  Krishna P. Gummadi,et al.  Understanding and combating link farming in the twitter social network , 2012, WWW.

[26]  Susan B. Barnes,et al.  A privacy paradox: Social networking in the United States , 2006, First Monday.

[27]  Krishna P. Gummadi,et al.  A measurement-driven analysis of information propagation in the flickr social network , 2009, WWW '09.

[28]  Roger Wattenhofer,et al.  Word of Mouth: Rumor Dissemination in Social Networks , 2008, SIROCCO.

[29]  Michele L. Ybarra,et al.  Online "Predators" and Their Victims , 2008 .

[30]  Jasmine Novak,et al.  Geographic routing in social networks , 2005, Proc. Natl. Acad. Sci. USA.

[31]  Christopher Krügel,et al.  Abusing Social Networks for Automated User Profiling , 2010, RAID.

[32]  Gianluca Stringhini,et al.  Detecting spammers on social networks , 2010, ACSAC '10.

[33]  Weili Wu,et al.  Maximizing rumor containment in social networks with constrained time , 2014, Social Network Analysis and Mining.

[34]  Jacob Ratkiewicz,et al.  Truthy: mapping the spread of astroturf in microblog streams , 2010, WWW.

[35]  Y. Elovici,et al.  Strangers Intrusion Detection - Detecting Spammers and Fake Proles in Social Networks Based on Topology Anomalies , 2012 .

[36]  Virgílio A. F. Almeida,et al.  Detecting Spammers on Twitter , 2010 .

[37]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[38]  Amir Herzberg,et al.  Ethical Considerations when Employing Fake Identities in Online Social Networks for Research , 2014, Sci. Eng. Ethics.

[39]  Yuval Elovici,et al.  Organizational Intrusion: Organization Mining Using Socialbots , 2012, 2012 International Conference on Social Informatics.

[40]  Tino Fenech,et al.  Web retailing adoption: exploring the nature of internet users Web retailing behaviour , 2003 .

[41]  Markus Strohmaier,et al.  When Social Bots Attack: Modeling Susceptibility of Users in Online Social Networks , 2012, #MSM.

[42]  Yuval Elovici,et al.  Homing Socialbots: Intrusion on a specific organization's employee using Socialbots , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[43]  Rami Puzis,et al.  Organization Mining Using Online Social Networks , 2013, Networks and Spatial Economics.

[44]  Konstantin Beznosov,et al.  Design and analysis of a social botnet , 2013, Comput. Networks.

[45]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions , 2013, IEEE Communications Surveys & Tutorials.

[46]  James Andrew Lewis,et al.  The economic impact of cybercrime and cyber espionage , 2013 .

[47]  Jiangchuan Liu,et al.  Statistics and Social Network of YouTube Videos , 2008, 2008 16th Interntional Workshop on Quality of Service.

[48]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[49]  Karen Rose,et al.  What is Twitter , 2009 .

[50]  Jacob Ratkiewicz,et al.  Detecting and Tracking Political Abuse in Social Media , 2011, ICWSM.

[51]  Christos Faloutsos,et al.  Parallel crawling for online social networks , 2007, WWW '07.

[52]  Joseph A. Diaz,et al.  Patients’ use of the internet for medical information , 2002, Journal of General Internal Medicine.