Leak sinks: The threat of targeted social eavesdropping

Online social networks are a popular and important channel for people to share, find and disseminate information on a massive scale. Some of the information exposed through these networks is meant to be private. However, sensitive organizational information can be accidentally leaked by employees and become exposed to adversaries or competitors. The threat is escalated due to socialbots used by adversaries to penetrate the informal social network of an organization's employees in order to harvest sensitive information. This study evaluates the ability of an attacker to harvest leaked information using socialbots versus the effort required to wire the profiles into the organizational network. The evaluation is performed using real information diffusion data of two social networks and extensive simulations of socialbot wiring strategies. Our results demonstrate that organizations whose social network topologies are characterized by low clustering coefficient are more vulnerable to eavesdropping. We also show that the most effective socialbot wiring strategy for harvesting information is different from the most effective strategies for infiltrating the organization.

[1]  M. Newman,et al.  Mixing Patterns and Community Structure in Networks , 2002, cond-mat/0210146.

[2]  Yuval Elovici,et al.  Homing Socialbots: Intrusion on a specific organization's employee using Socialbots , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[3]  Justine Becker Measuring privacy risk in online social networks , 2009 .

[4]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[5]  Stephen P. Boyd,et al.  Randomized gossip algorithms , 2006, IEEE Transactions on Information Theory.

[6]  Krishna P. Gummadi,et al.  Characterizing social cascades in flickr , 2008, WOSN '08.

[7]  Calton Pu,et al.  Social Honeypots: Making Friends With A Spammer Near You , 2008, CEAS.

[8]  Yuval Elovici,et al.  Organizational Intrusion: Organization Mining Using Socialbots , 2012, 2012 International Conference on Social Informatics.

[9]  Hosung Park,et al.  What is Twitter, a social network or a news media? , 2010, WWW '10.

[10]  Ahmed K. Elmagarmid,et al.  Privometer: Privacy protection in social networks , 2010, 2010 IEEE 26th International Conference on Data Engineering Workshops (ICDEW 2010).

[11]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[12]  Shanton Chang,et al.  Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats , 2010, AISM 2010.

[13]  Ilsun You,et al.  Syntactic Analysis for Monitoring Personal Information Leakage on Social Network Services: A Case Study on Twitter , 2013, ICT-EurAsia.

[14]  Sarah Spiekermann,et al.  SOCIAL NETWORKS : WHY WE DISCLOSE , 2012 .

[15]  Kristina Lerman,et al.  Social Browsing on Flickr , 2006, ICWSM.

[16]  Jean-Loup Guillaume,et al.  Fast unfolding of communities in large networks , 2008, 0803.0476.

[17]  Rami Puzis,et al.  Anti-Reconnaissance Tools: Detecting Targeted Socialbots , 2014, IEEE Internet Computing.

[18]  Kyumin Lee,et al.  Seven Months with the Devils: A Long-Term Study of Content Polluters on Twitter , 2011, ICWSM.

[19]  Quanyan Zhu,et al.  Deployment and exploitation of deceptive honeybots in social networks , 2012, 52nd IEEE Conference on Decision and Control.

[20]  Rami Puzis,et al.  Organization Mining Using Online Social Networks , 2013, Networks and Spatial Economics.

[21]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[22]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[23]  Krishna P. Gummadi,et al.  A measurement-driven analysis of information propagation in the flickr social network , 2009, WWW '09.

[24]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[25]  M E J Newman,et al.  Community structure in social and biological networks , 2001, Proceedings of the National Academy of Sciences of the United States of America.

[26]  Patricia S. Abril,et al.  Blurred Boundaries: Social Media Privacy and the Twenty‐First‐Century Employee , 2012 .

[27]  Krishna P. Gummadi,et al.  Growth of the flickr social network , 2008, WOSN '08.

[28]  Yuval Elovici,et al.  CoBAn: A context based model for data leakage prevention , 2014, Inf. Sci..