Embed Size (px)
Citation preview
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks
Reporter :鄭志欣Advisor: Hsing-Kuo PaoDate : 2010/12/061
ConferenceAll your contacts are belong to us : automated identity theft attacks on social networks,Bilge, Leyla;Strufe, Thorsten;Balzarotti, Davide;Kirda, Engin, 18th International World Wide Web Conference, April 20-24, Madrid, Spain (WWW'09)
2
Outline Introduction iCloner overview Cloning attacks Evaluation Suggestions for improvements in social
network site security Conclusion
3
Introduction (cont.) Social network sites have been increasingly
gaining popularity. Business relationship
XING (5 million registered users,2008) LinkedIn (80 million registered users,2010)
Friend relationship Facebook (0.5 billion registered users,2010) StudiVZ (16 million registered users,2010) MeinVZ
As the Interest for a new technology grows on the Internet, miscreants are attracted as well.
E-mail Social network (steal personal info.)
4
This paper do …. This paper investigate how easy it
would be for a potential attacker to launch this type of impersonation attacks in an automated fashion against a number of popular social networking sites in order to gain access to a large volume of personal user information.
5
iCloner First Attack :
It clone an already existing profile in a social network and send friend requests to the contacts of the victim.
Second Attack : It is effective and feasible to launch an
automated, cross-site profile cloning attack.
6
Contributions It is feasible in to launch automated attacks
against five popular social networking sites. Profile cloning , cross-site profile cloning.
There is significant room for improvement to make these CAPTCHAs more difficult to break.
That most social network users are not cautious when accepting friend requests or clicking on links that are sent to them.
It makes suggestions on how social networking sites can improve their security, and therefore, better protect the privacy of their users.
7
An architectural overview of iCloner
8
CAPTCHAs CAPTCHA algorithm is the ability to
generate tests that are at the same time easily solvable by humans, but very hard to solve for a computer application.
ImageMagick(Image filter) + Tesseract (OCR)
9
Breaking ….. MeinVZ and StudiVZ
Replace the background with white pixels Isolate the letters (if overlapping ,ask
new CAPTCHA) Scale all letters to same size Tesseract
It can solve the CAPTCHA with 99.8% in one of the three consecutive attempts.
10
Breaking … Facebook (reCAPTCHA)
Unbend the word back to the original shape Translate pixel column up or down becomes a
straight line Similar to MeinVZ and StudiVZ steps Compared with English dictionary ,or submit
the word to Google. Success rate between 4% and 7% Botnets and IPs
11
Cloning attacks Profile cloning Cross-site profile cloning
12
Profile cloning Promise :
profile cloning attack is that social networking users are generally not cautious when accepting friend requests.
Many users will not get suspicious if a friend request comes from someone they know, even if this person is already on their contact list.
The profile cloning attack consists of identifying a victim and creating a new account with his real name and photograph inside the same social network.
Once the cloned account has been created, our system can automatically contact the friends of the victim and send friend requests.
Friend requests + Social engineering
13
Cross-site Profile Cloning Aim :
Identify victims who are registered in one social network, but not in another. Retrieve as much information as possible
form victim original social network account. Identify the friends of the victim in the
original network and check which of them are registered in the target network.
14
Field Score
Education 2
Company 2
City & Country
1
15
Evaluation Crawling Experiments Experiments (Profile Cloning) Experiments(Cross-site profile cloning)
16
Crawling Experiments StudiVZ and MeinVZ
40.000 profiles/day 5 million public user profiles with contact
information and more than 1.2 million profiles with complete user information
Xing 118,000 profiles
17
Experiments (Profile Cloning) 1.Wanted to test how willing users
would be to accept friendship requests from forged profiles of people who were already on their friendship lists.(in Facebook) Using iCloner , it duplicated 5 user
profiles (same name , arbitrary birth date , same picture , D1,…,D5)
iClone sent requests to all contact for each victim .(705 users in total)
18
Experiments (Profile Cloning) 2.How effective profile cloning is with
respect to requests that the contacted users might receive from people that they do not know These profiles consisted of random names
and pictures of arbitrary people.(F1,…,F5) We contacted the same users from
these accounts as with the respective forged profiles.
19
Experiments (Profile Cloning) 3How much trust users would have in
messages that they would receive from their new contacts.
20
Experiments (Profile Cloning)
21
Experiments (Profile Cloning)
22
Experiments(Cross-site profile cloning) A profile taken from a social network is
cloned to another social network. XING 30,000 profiles ,and found 3,700
also registered in LinkedIn .(12%) It clone 5 XING account into LinkedIn and
iCloner identified 78 out of 443 XING (17.6%)friend contacts were also registered on LinkedIn
In 2008, XING have 5 million registers. This attack Upper bound to 600,000 .
23
Experiments(Cross-site profile cloning)
Of the 78 contact requests that we sent to the users in LinkedIn, 56%, in total 44, were accepted.
24
Suggestions for improvements in social network site security Overlapping the CAPTCHAs symbol Rate limit behavior-based anomaly detection
25
Conclusion How easy it would be for a potential
attacker to launch automate crawling and identity theft attacks against five popular social network sites.
This paper present two identity automated theft attacks
Social networking sites are useful, we believe it is important to raise awareness among users about the privacy and security risks that are involved.
26
