Transcript Automated Identity Theft Attacks on Social Networks

All Your Contacts Are Belong to Us:
Automated Identity Theft Attacks on
Social Networks
Reporter :鄭志欣
Advisor: Hsing-Kuo Pao
Date
: 2010/12/06
1
2
Conference
All your contacts are belong to us :
automated identity theft attacks on social
networks,Bilge, Leyla;Strufe,
Thorsten;Balzarotti, Davide;Kirda, Engin, 18th
International World Wide Web Conference,
April 20-24, Madrid, Spain (WWW'09)
3
Outline
 Introduction
 iCloner
overview
 Cloning attacks
 Evaluation
 Suggestions for improvements in social
network site security
 Conclusion
4
Introduction (cont.)


Social network sites have been increasingly
gaining popularity.
Business relationship



Friend relationship





XING (5 million registered users,2008)
LinkedIn (80 million registered users,2010)
Facebook (0.5 billion registered users,2010)
StudiVZ (16 million registered users,2010)
MeinVZ
As the Interest for a new technology grows on the
Internet, miscreants are attracted as well.
E-mail  Social network (steal personal info.)
5
This paper do ….
 This
paper investigate how easy it would
be for a potential attacker to launch this
type of impersonation attacks in an
automated fashion against a number of
popular social networking sites in order to
gain access to a large volume of personal
user information.
6
iCloner
 First

Attack :
It clone an already existing profile in a
social network and send friend requests to
the contacts of the victim.
 Second

Attack :
It is effective and feasible to launch an
automated, cross-site profile cloning attack.
7
Contributions

It is feasible in to launch automated attacks
against five popular social networking sites.




Profile cloning , cross-site profile cloning.
There is significant room for improvement to make
these CAPTCHAs more difficult to break.
That most social network users are not cautious
when accepting friend requests or clicking on links
that are sent to them.
It makes suggestions on how social networking
sites can improve their security, and therefore,
better protect the privacy of their users.
8
An architectural overview of
iCloner
9
CAPTCHAs
 CAPTCHA
algorithm is the ability to
generate tests that are at the same time
easily solvable by humans, but very hard
to solve for a computer application.
 ImageMagick(Image filter) + Tesseract
(OCR)
10
Breaking …..
 MeinVZ




 It
and StudiVZ
Replace the background with white pixels
Isolate the letters (if overlapping ,ask new
CAPTCHA)
Scale all letters to same size
Tesseract
can solve the CAPTCHA with 99.8% in
one of the three consecutive attempts.
11
Breaking …

Facebook (reCAPTCHA)






Unbend the word back to the original shape
Translate pixel column up or down becomes a
straight line
Similar to MeinVZ and StudiVZ steps
Compared with English dictionary ,or submit the
word to Google.
Success rate between 4% and 7%
Botnets and IPs
12
Cloning attacks
 Profile
cloning
 Cross-site profile cloning
13
Profile cloning

Promise :





profile cloning attack is that social networking users are
generally not cautious when accepting friend requests.
Many users will not get suspicious if a friend request
comes from someone they know, even if this person is
already on their contact list.
The profile cloning attack consists of identifying a
victim and creating a new account with his real
name and photograph inside the same social
network.
Once the cloned account has been created, our
system can automatically contact the friends of the
victim and send friend requests.
Friend requests + Social engineering
14
Cross-site Profile Cloning
 Aim

:
Identify victims who are registered in one
social network, but not in another.
 Retrieve
as much information as possible form
victim original social network account.

Identify the friends of the victim in the
original network and check which of them
are registered in the target network.
Field
Score
Education
2
Company
2
City &
Country
1
15
16
Evaluation
 Crawling
Experiments
 Experiments (Profile Cloning)
 Experiments(Cross-site profile cloning)
17
Crawling Experiments
 StudiVZ


and MeinVZ
40.000 profiles/day
5 million public user profiles with contact
information and more than 1.2 million
profiles with complete user information
 Xing

118,000 profiles
18
Experiments (Profile Cloning)
 1.Wanted
to test how willing users would
be to accept friendship requests from
forged profiles of people who were
already on their friendship lists.(in
Facebook)


Using iCloner , it duplicated 5 user profiles
(same name , arbitrary birth date , same
picture , D1,…,D5)
iClone sent requests to all contact for each
victim .(705 users in total)
19
Experiments (Profile Cloning)
 2.How
effective profile cloning is with
respect to requests that the contacted
users might receive from people that they
do not know


These profiles consisted of random names
and pictures of arbitrary people.(F1,…,F5)
We contacted the same users from these
accounts as with the respective forged
profiles.
20
Experiments (Profile Cloning)
 3How
much trust users would have in
messages that they would receive from
their new contacts.
21
Experiments (Profile Cloning)
22
Experiments (Profile Cloning)
23
Experiments(Cross-site profile
cloning)




A profile taken from a social network is cloned
to another social network.
XING 30,000 profiles ,and found 3,700 also
registered in LinkedIn .(12%)
It clone 5 XING account into LinkedIn and
iCloner identified 78 out of 443 XING
(17.6%)friend contacts were also registered on
LinkedIn
In 2008, XING have 5 million registers. This
attack Upper bound to 600,000 .
24
Experiments(Cross-site profile
cloning)
Of the 78 contact requests that we sent to
the users in LinkedIn, 56%, in total 44, were
accepted.
25
Suggestions for improvements
in social network site security
 Overlapping
 Rate
the CAPTCHAs symbol
limit
 behavior-based anomaly detection
26
Conclusion



How easy it would be for a potential attacker
to launch automate crawling and identity
theft attacks against five popular social
network sites.
This paper present two identity automated
theft attacks
Social networking sites are useful, we believe
it is important to raise awareness among users
about the privacy and security risks that are
involved.