The socialbot network: when bots socialize for fame and money

Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web users. Unfortunately, in the wrong hands, OSNs can be used to run astroturf campaigns to spread misinformation and propaganda. Such campaigns usually start off by infiltrating a targeted OSN on a large scale. In this paper, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: computer programs that control OSN accounts and mimic real users. We adopt a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion. We operated such an SbN on Facebook---a 750 million user OSN---for about 8 weeks. We collected data related to users' behavior in response to a large-scale infiltration where socialbots were used to connect to a large number of Facebook users. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.

[1]  A. Rapoport Spread of information through a population with socio-structural bias: I. Assumption of transitivity , 1953 .

[2]  Anatol Rapoport,et al.  Spread of information through a population with socio-structural bias: III. Suggested experimental procedures , 1954 .

[3]  Miss A.O. Penney (b) , 1974, The New Yale Book of Quotations.

[4]  Joseph Weizenbaum,et al.  and Machine , 1977 .

[5]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[6]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[7]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[8]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[9]  Illah R. Nourbakhsh,et al.  A survey of socially interactive robots , 2003, Robotics Auton. Syst..

[10]  David R. Karger,et al.  Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[11]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[12]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[13]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[14]  Christian P. Robert,et al.  Monte Carlo Statistical Methods (Springer Texts in Statistics) , 2005 .

[15]  Cliff Lampe,et al.  A face(book) in the crowd: social Searching vs. social browsing , 2006, CSCW '06.

[16]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[17]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[18]  Cliff Lampe,et al.  The Benefits of Facebook "Friends: " Social Capital and College Students' Use of Online Social Network Sites , 2007, J. Comput. Mediat. Commun..

[19]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[20]  Stefano Battiston,et al.  A model of a trust-based recommendation system on a social network , 2006, Autonomous Agents and Multi-Agent Systems.

[21]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[22]  Brandon Van Der Heide,et al.  Too Much of a Good Thing? The Relationship Between Number of Friends and Interpersonal Impressions on Facebook , 2008, J. Comput. Mediat. Commun..

[23]  Cliff Lampe,et al.  Changes in use and perception of facebook , 2008, CSCW.

[24]  Kevin Borders,et al.  Social networks and context-aware spam , 2008, CSCW.

[25]  Jinyang Li,et al.  Friendstore: cooperative online backup using trusted nodes , 2008, SocialNets '08.

[26]  Jure Leskovec,et al.  Planetary-scale views on a large instant-messaging network , 2008, WWW.

[27]  Lakshminarayanan Subramanian,et al.  Sybil-Resilient Online Content Voting , 2009, NSDI.

[28]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[29]  Lisa Singh,et al.  Can Friends Be Trusted? Exploring Privacy in Online Social Networks , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[30]  Karrie Karahalios,et al.  Research ethics in the facebook era: privacy, anonymity, and oversight , 2009, CHI Extended Abstracts.

[31]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[32]  Arturo Ribagorda,et al.  Remotely Telling Humans and Computers Apart: An Unsolved Problem , 2009, iNetSeC.

[33]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[34]  A. Jøsang,et al.  Challenges for Robust Trust and Reputation Systems , 2009 .

[35]  Ravi S. Sandhu,et al.  Social-Networks Connect Services , 2010, Computer.

[36]  Leyla Bilge,et al.  CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms , 2010, SAC '10.

[37]  Edgar R. Weippl,et al.  Who on Earth Is "Mr. Cypher": Automated Friend Injection Attacks on Social Networking Sites , 2010, SEC.

[38]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[39]  Damon Horowitz,et al.  The anatomy of a large-scale social search engine , 2010, WWW '10.

[40]  Krishna P. Gummadi,et al.  An analysis of social network-based Sybil defenses , 2010, SIGCOMM 2010.

[41]  Chris Kanich,et al.  Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context , 2010, USENIX Security Symposium.

[42]  Minas Gjoka,et al.  Walking in Facebook: A Case Study of Unbiased Sampling of OSNs , 2010, 2010 Proceedings IEEE INFOCOM.

[43]  Chris Kanich,et al.  Botnet Judo: Fighting Spam with Itself , 2010, NDSS.

[44]  A. Kaplan,et al.  Users of the world, unite! The challenges and opportunities of Social Media , 2010 .

[45]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[46]  Cormac Herley,et al.  The Plight of the Targeted Attacker in a World of Scale , 2010, WEIS.

[47]  Jacob Ratkiewicz,et al.  Detecting and Tracking the Spread of Astroturf Memes in Microblog Streams , 2010, ArXiv.

[48]  Gianluca Stringhini,et al.  Detecting spammers on social networks , 2010, ACSAC '10.

[49]  Guillaume Pierre,et al.  A survey of DHT security techniques , 2011, CSUR.

[50]  Stefan Savage,et al.  Dirty Jobs: The Role of Freelance Labor in Web Service Abuse , 2011, USENIX Security Symposium.

[51]  Haifeng Yu,et al.  Sybil defenses via social networks: a tutorial and survey , 2011, SIGA.

[52]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[53]  Nikita Borisov,et al.  Stegobot: A Covert Social Network Botnet , 2011, Information Hiding.

[54]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[55]  Lakshminarayanan Subramanian,et al.  Optimal Sybil-resilient node admission control , 2011, 2011 Proceedings IEEE INFOCOM.

[56]  Jacob Ratkiewicz,et al.  Truthy: mapping the spread of astroturf in microblog streams , 2010, WWW.

[57]  Johan Bollen,et al.  Twitter mood predicts the stock market , 2010, J. Comput. Sci..

[58]  Guanhua Yan,et al.  Malware propagation in online social networks: nature, dynamics, and defense implications , 2011, ASIACCS '11.