Abusing Social Networks for Automated User Profiling

Abusing Social Networks for Automated User Profiling

Cached

Download Links

by Marco Balduzzi , Christian Platzer , Thorsten Holz , Engin Kirda , Davide Balzarotti , Christopher Kruegel

Citations:

BibTeX

@MISC{Balduzzi_abusingsocial,
    author = {Marco Balduzzi and Christian Platzer and Thorsten Holz and Engin Kirda and Davide Balzarotti and Christopher Kruegel},
    title = {Abusing Social Networks for Automated User Profiling},
    year = {}
}

Bookmark

OpenURL

Abstract

Abstract. Recently, social networks such as Facebook have experienced a huge surge in popularity. The amount of personal information stored on these sites calls for appropriate security precautions to protect this data. In this paper, we describe how we are able to take advantage of a common weakness, namely the fact that an attacker can query popular social networks for registered e-mail addresses on a large scale. Starting with a list of about 10.4 million email addresses, we were able to automatically identify more than 1.2 million user profiles associated with these addresses. By automatically crawling and correlating these profiles, we collect detailed personal information about each user, which we use for automated profiling (i.e., to enrich the information available from each user). Having access to such information would allow an attacker to launch sophisticated, targeted attacks, or to improve the efficiency of spam campaigns. We have contacted the most popular providers, who acknowledged the threat and are currently implementing our proposed countermeasures. Facebook and XING, in particular, have recently fixed the problem. 1

Citations

185	Measurement and Analysis of Online Social Networks - Mislove, Marcon, et al. - 2007
160	CAPTCHA: Using hard AI problems for security - Ahn, Blum, et al. - 2003
120	Recognizing objects in adversarial clutter: Breaking a visual captcha - Mori, Malik - 2003
115	Simple Mail Transfer Protocol - Klensin - 2008
95	Information revelation and privacy in online social networks - Gross, Acquisti, et al. - 2005
81	Robust de-anonymization of large sparse datasets - Narayanan, Shmatikov - 2008
67	A Large-Scale Study of Web Password Habits - Florêncio, Herley - 2007
57	De-anonymizing social networks - Narayanan, Shmatikov - 2009
46	User interactions in social networks and their implications - Wilson, Boe, et al. - 2009
45	Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace - Dwyer, Hiltz, et al. - 2007
41	The finger user information protocol - Zimmerman - 1991
33	Designing ethical phishing experiments: a study of (ROT13) rOnl query features - Jakobsson, Ratkiewicz - 2006
30	Using machine learning to break visual human interaction proofs (HIPs - Chellapilla, Simard - 2005
30	Characterizing privacy in online social networks - Krishnamurthy, Wills - 2008
28	All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks - Bilge, Strufe, et al. - 2009
22	Messin' with Texas Deriving Mother's Maiden Names Using Public Records - Griffith, Jakobsson - 2005
21	To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles - Zheleva, Getoor
19	Exposing private information by timing web applications - Bortz, Boneh - 2007
19	A low-cost attack on a microsoft CAPTCHA - Yan, Ahmad - 2008
14	Parallel crawling for online social networks - Chau, Pandit, et al.
14	A practical attack to de-anonymize social network users - Wondracek, Holz, et al.
12	Why and How to Perform Fraud Experiments - Jakobsson, Finn, et al. - 2008
12	Prying data out of a social network - Bonneau, Anderson, et al.
11	Social networks and context-aware spam - Brown, Howe, et al. - 2008
9	Returning Values from Forms: multipart/form-data - Masinter - 1998
7	Internet social network communities: Risk taking, trust, and privacy concerns - Fogel, Nehmad - 2009
7	Preventing private information inference attacks on social networks - Heatherly, Kantarcioglu, et al. - 2009
6	To Join or Not to Join: The Illusion of Privacy - Zheleva, Getoor - 2009
5	Under)mining Privacy in Social Networks - Chew, Balfanz, et al. - 2008
5	and Vitaly Shmatikov. Robust De-anonymization of Large Sparse Datasets - Narayanan - 2008
3	Large online social footprints–an emerging threat - Irani, Webb, et al. - 2009
2	http://www.facebook.com/press/info.php? statistics - Statistics - 2010
2	Whose space is MySpace? A content analysis of MySpace profiles.” First Monday 13(9 - Jones, Millermaier, et al. - 2008
2	Engin Kirda. All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks - Bilge, Strufe, et al. - 2009
2	and Vitaly Shmatikov. De-anonymizing social networks - Narayanan - 2009
1	Spam-Bots werten soziale Netze aus (September 2009) http://www. heise.de/security/Spam-Bots-werten-soziale-Netze-aus--/news/ meldung/145344 - News
1	Inside India’s CAPTCHA solving economy - Danchev - 2008
1	The Privacy Jungle: On the Market for Privacy in Social Networks - Bonneau, Preibusch - 2009
1	OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability - Bugtraq - 2003
1	Inside India’s CAPTCHA solving - Danchev - 2008
1	and Elham Nehmad. Internet social network communities: Risk taking, trust, and privacy concerns - Fogel
1	Spam-Bots werten soziale Netze aus - News - 2009
1	Heatherly and Bhavani Thuraisingham. Preventing private information inference attacks on social networks - Raymond - 2009