Authors:
Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu
University of British Columbia
Annual Computer Security Applications Conference (ACSAC) 2011
Presented By:
Gavin Grant
 http://en.wikipedia.org/wiki/CAPTCHA
 http://developers.facebook.com/docs/reference/api/
 Abstract
 OSN Vulnerabilities
 Socialbot Network
 The Attack
 Findings
 FIS effectiveness
 Social Networks have millions of users
 Illustrate that Online Social Networks (OSN) are
vulnerable to infiltrations by socialbots
 In particular Facebook
 80% success rate
 Socialbots – computer programs that control OSN
accounts and mimic real users
 Ineffective CAPTCHAs
 Hiring cheap labor ($1 per 1,000 broken)
 Reusing session IDs of known CAPTCHAs
 Fake User Accounts and Profiles
 Email and profile
 Crawlable Social Graphs
 Traversing linked profiles
 Exploitable Platforms and APIs
 Use APIs to automate the execution of activities
 Set of socialbots owned and maintained by human
controller called the botherder
 Made up of socialbots, botmaster, and command and
control channel
 Socialbot controls a profile
 Data collected called botcargo
 Capable of executing commands
 Botmaster is software botherder uses to send
commands through C & C channel
 C & C facilitates transfer of botcargo and commands
 Read, write, connect, disconnect
 Set of commands used to mimic a real user
 Native commands
 Master commands
 Botworker builds and maintains profiles
 Botupdater pushes new software updates
 C & C engine maintains a repository of master
commands
 Master commands needed
 Cluster
 Rand_connect(k)
 Decluster
 Crawl_extneighborhood
 Mutual_connect
 Harvest-data
 Communication model
 Works with socialbot-OSN Channel
 Only OSN-specific API calls and HTTP traffic
 Helps in non detection
 Socialbot has to hide its real identity
 Botmaster should be able to perform large-scale
infiltration
 C & C channel traffic has to look benign
 Facebook Immune System (FIS)
 8 week process
 Exploited Facebook’s Graph API to carry out social-
interaction operations
 Used HTTP request to send friendship request
 Iheartquotes.com, decaptcher.com, hotornot.com,
mail.ru
 102 socialbots created and 1 botmaster
 Users were created manually
 49 males
 53 females
 5053 valid profile IDs
 25 request per day per socialbot
 Harvested data
 First 2 weeks
 2 days t send 5043 request (2,391 male , 2.662 female)
 976 accepted (381 M, 595 F)
 Next 6 weeks
 3,517 more users added
 2,079 infiltrated successfully
 Generated 250 GB inbound and 3 GB outbound traffic
 Acceptance rate increase to 80% as mutual friends
increased
 News feeds
 Profile info
 Wall messages
 3,055 direct neighborhoods
 1,085,785 extended neighborhoods
 Real time learning system used to protect its users
 Only 20 bots were flagged by system
 Doesn’t consider fake accounts a real threat
 OSN vulnerability to a large-scale socialbot network
infiltration
 Defense social networks have against social bots that
mimic human behavior
 Prayed on common user behavior
 Only Facebook was attacked
 Didn’t provide any prevention techniques
 Try on other social networking sites
 Not create socialbots manually