reverse social engineering attacks in online social
play

Reverse Social Engineering Attacks in Online Social Networks Danesh - PowerPoint PPT Presentation

Dec 12, 2023 •126 likes •336 views

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu Motivations Social Networks have experienced a huge surge in popularity Facebook has more than 500

  1. Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu

  2. Motivations  Social Networks have experienced a huge surge in popularity  Facebook has more than 500 Million users: http://www.facebook.com/press/info.php?statistics  The amount of personal information they store requires appropriate security precautions  People are not aware of all the possible way in which these info can be abused  A simple problem can result in serious consequences for thousands of Social Networks users 2 July 7-8th, 2011 Amsterdam, The Netherlands

  3. Social Engineering Social engineering is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques 3 July 7-8th, 2011 Amsterdam, The Netherlands

  4. Reverse Social Engineering Attacks in Social Networks  Classic Social Engineering: The attacker contacts his victim  RSE: The attacker…  1. feeds his victim with a pretext (baiting)  2. waits for victim to make the initial approach  Victim less suspicious as she makes the initial contact  Bypasses current behavioral and filter-based detection  Potential to reach millions of users on social networks 4 July 7-8th, 2011 Amsterdam, The Netherlands

  5. Facebook Initial Experiment  Last year (RAID 2010): “Abusing Social Networks for Automated User Profiling” 5 July 7-8th, 2011 Amsterdam, The Netherlands

  6. Facebook Initial Experiment  The account used in that research received a large number of friend requests  Hit the limit : 25,000 6 July 7-8th, 2011 Amsterdam, The Netherlands

  7. Facebook Initial Experiment Results 7 July 7-8th, 2011 Amsterdam, The Netherlands

  8. Facebook Initial Experiment Results  About 500,000 email queried  3.3% friend connect rate in 3 months  Cascading effect based on reputation  0.37% average friend connect rate per month 8 July 7-8th, 2011 Amsterdam, The Netherlands

  9. 3 Types of Real-World RSE Attacks  Recommendation-Based  Mediated attack where Recommendation System performs baiting 9 July 7-8th, 2011 Amsterdam, The Netherlands

  10. 3 Types of Real-World RSE Attacks  Demographic-Based – Mediated  Visitor Tracking-Based – Direct 10 July 7-8th, 2011 Amsterdam, The Netherlands

  11. Experiment  RSE attack on Facebook, Badoo and Friendster  Determine characteristics which make profiles effective 11 July 7-8th, 2011 Amsterdam, The Netherlands

  12. Ethical and Legal Considerations  We consulted with the legal department of our institution (comparable to the Institute Review Board (IRB) in the US) and our handling and privacy precautions were deemed appropriate and consistent with the European legal position.  When the data was analyzed, identifiers (e.g., names) were anonymized, and only aggregate analysis of the collected data was performed. 12 July 7-8th, 2011 Amsterdam, The Netherlands

  13. Recommendation Based (Facebook)  50,000 profiles queried per attack profile  Profiles 2 and 3 (girls) most successful  Profile 5 least effective  94% of messages sent after friend requests  Most common 3-grams: “suggested you as” or “suggest I add”  The baiting works 13 July 7-8th, 2011 Amsterdam, The Netherlands

  14. Recommendation Based (Facebook)  Majority of victims attracted: Single Young users who expressed interest in “Women”  Profile 1 received a large number of requests from users expressing interest in “Men”  Profile 5 attracted largest number of requests from older users 14 July 7-8th, 2011 Amsterdam, The Netherlands

  15. Demographic Based (Badoo)  Created the fake profiles and occasionally updated to remain in search  Profile 5 was removed  Profiles 2 and 3 most successful again  Profile 5 not using actual photo was disabled  50% of visitors messaged Profile 2 and 3 (44% avg.)  Most common 3-grams: “how are you”, “get to know”, and “would you like”  Face-to-face relation 15 July 7-8th, 2011 Amsterdam, The Netherlands

  16. Demographic Based (Badoo)  Most users who expressed interest were “Single”.  Attracted users interested in their gender and approximate age group.  Profile 1 received large interest from younger profiles. Profile 4 from older profiles. 16 July 7-8th, 2011 Amsterdam, The Netherlands

  17. Visitor Based (Friendster)  42,000 users visited per attack profile  Number of users visited attack profiles back, consistent with Facebook  0.25% to 1.2% per month  Number of following friend requests or mess- ages low in comparison  Demographics similar to Facebook 17 July 7-8th, 2011 Amsterdam, The Netherlands

  18. Lessons Learned  Pretexting – critical for RSE attacks  Excuse needed to “break the ice”  Recommendation systems (e.g. Facebook) provide strongest pretext  The Visitor Based attack was not effective (e.g. Friendster)  Profile effectiveness  Attractive female profiles are highly successful  Can be tuned to demographics of target victim(s) (e.g. Badoo) 18 July 7-8th, 2011 Amsterdam, The Netherlands

  19. Countermeasures  Perform recommendations based on very strong links  Ensure at least a few friends in common (or within n-degrees of separation)  Adapt behavioural techniques to RSE techniques  Check accounts only performing a single action  Ensure bi-directional activity (i.e. profile also searches and adds users)  CAPTCHAs for incoming friend requests 19 July 7-8th, 2011 Amsterdam, The Netherlands

  20. Questions 20 July 7-8th, 2011 Amsterdam, The Netherlands

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of Information Security Date: June 22, 2010 Background More and more attacks are exploiting business logic using social engineering attacks. Low

425 views • 15 slides
The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A

The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A

The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A A R Y A N N I C K S C H E E L E N Introduction Online Social Networks LinkedIn (service data, disclosed data) Facebook

541 views • 51 slides
analysis of a real online social network using semantic web frameworks Guillaume Erto,

analysis of a real online social network using semantic web frameworks Guillaume Erto,

analysis of a real online social network using semantic web frameworks Guillaume Erto, Michel Buffa, Fabien Gandon, Olivier Corby social media landscape social web amplifies social network effects overwhelming flow of social data social

322 views • 31 slides
SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events Social engineering risks Mitigation Strategies Q&A WHAT IS SOCIAL ENGINEERING? The Art of Deception, Kevin Mitnick: "Social

449 views • 19 slides
Distance Matters: Geo-social Metrics for Online Social Networks Salvatore Scellato Computer

Distance Matters: Geo-social Metrics for Online Social Networks Salvatore Scellato Computer

Distance Matters: Geo-social Metrics for Online Social Networks Salvatore Scellato Computer Laboratory, University of Cambridge Joint work with: Cecilia Mascolo , Mirco Musolesi, Vito Latora 3rd Workshop on Online Social Networks Boston, 22

351 views • 24 slides
A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University

A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University

A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University College, Grimstad, Norway Jose M. Sarriegi, Alazne Gurrutxaga Tecnun (University of Navarra) San Sebastian, Spain CRITIS06, Samos Introduction

537 views • 19 slides
Evaluating Attack Amplification in Online Social Networks in Online Social Networks Blase E. Ur

Evaluating Attack Amplification in Online Social Networks in Online Social Networks Blase E. Ur

Evaluating Attack Amplification in Online Social Networks in Online Social Networks Blase E. Ur and Vinod Ganapathy blaseur@rci.rutgers.edu , vinodg@cs.rutgers.edu Rutgers University W2SP09 Online Social Networks 200 million

513 views • 37 slides
PARENTAL WORRIES Vulnerability to online predators Online bullying Social interaction

PARENTAL WORRIES Vulnerability to online predators Online bullying Social interaction

PARENTAL WORRIES Vulnerability to online predators Online bullying Social interaction Addition Online Gambling Unhealthy obsession with celebrities and lifestyle Social media influences of body image THE RIP-OFF GAMES:

1.15k views • 22 slides
My Customers Dont Use Social Media You Are Not Your Customer 3 81% of U.S. Online Adults Use

My Customers Dont Use Social Media You Are Not Your Customer 3 81% of U.S. Online Adults Use

Destroying the 7 Myths of B2B Social Media Jay Baer @jaybaer Myth #1: My Customers Dont Use Social Media You Are Not Your Customer 3 81% of U.S. Online Adults Use Social Media *Forrester 4 Prove It With Social Anthropology Gist.com

693 views • 43 slides
Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non-

Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non-

Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non- technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security

340 views • 16 slides
17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia

17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia

17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia September 2018 "A proposed model for peer assessment in t he digit al age: Leveraging social media plat forms" | 17t h Workshop on

248 views • 13 slides
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security Protocol security,

803 views • 57 slides
Do Social Networks Improve e-Commerce? A Study on Social Marketplaces 1 GAYATRI SWAMYNATHAN,

Do Social Networks Improve e-Commerce? A Study on Social Marketplaces 1 GAYATRI SWAMYNATHAN,

Do Social Networks Improve e-Commerce? A Study on Social Marketplaces 1 GAYATRI SWAMYNATHAN, CHRISTO WILSON , BRYCE BOE, KEVIN ALMEROTH AND BEN Y. ZHAO UC SANTA BARBARA Current Lab @ UCSB Leveraging Online Social Networks 2 Online

529 views • 19 slides
Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks & Techniques Demos Tools of the trade Prevention Methods and Advice

502 views • 27 slides
Characterizing Social Insider Attacks on Facebook Wali Ahmed Usmani, Diogo Marques, Ivan

Characterizing Social Insider Attacks on Facebook Wali Ahmed Usmani, Diogo Marques, Ivan

Characterizing Social Insider Attacks on Facebook Wali Ahmed Usmani, Diogo Marques, Ivan Beschastnikh, Konstantin Beznosov, Tiago Guerreiro and Lus Carrio Social insider attacks on Facebook Social insider: perpetrator is someone

428 views • 25 slides
AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the

AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the

AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the Hell, you said Social Engineering?!? Profile? Process? Why not both! Defences against Social Engineering The Mystery Security T est

737 views • 50 slides
MEASURING PRIVACY RISK IN ONLINE SOCIAL NETWORKS Justin Becker, Hao Chen UC Davis May 2009 1

MEASURING PRIVACY RISK IN ONLINE SOCIAL NETWORKS Justin Becker, Hao Chen UC Davis May 2009 1

MEASURING PRIVACY RISK IN ONLINE SOCIAL NETWORKS Justin Becker, Hao Chen UC Davis May 2009 1 Motivating example College admission Kaplan surveyed 320 admissions offices in 2008 1 in 10 admissions officers viewed applicants online

440 views • 28 slides
CONNEXION TO ALMA Office Hours 5/14/2020 TOPICS Update to the April 27 Office Hour on Data

CONNEXION TO ALMA Office Hours 5/14/2020 TOPICS Update to the April 27 Office Hour on Data

IMPORTING LOCAL FILES FROM OCLC CONNEXION TO ALMA Office Hours 5/14/2020 TOPICS Update to the April 27 Office Hour on Data Sync Collections Importing Local Files from OCLC Connexion to Alma after Go Live Import a single bib record

385 views • 19 slides
Three Kinds of Distance Ed Students Distance Ed Students formally enrolled in entirely online

Three Kinds of Distance Ed Students Distance Ed Students formally enrolled in entirely online

Three Kinds of Distance Ed Students Distance Ed Students formally enrolled in entirely online programs Hybrid students primarily taking on campus classes but one or more online classes Dissertating students no longer on

801 views • 14 slides
Pipes and Y! Query Language (YQL) Jonathan Trevor (jtrevor@yahoo-inc.com) - - Apt near Park How

Pipes and Y! Query Language (YQL) Jonathan Trevor (jtrevor@yahoo-inc.com) - - Apt near Park How

Pipes and Y! Query Language (YQL) Jonathan Trevor (jtrevor@yahoo-inc.com) - - Apt near Park How do you find an apartment near a park? - - Apt near Park Apartment listings For each apartment: Click on map link or enter an address

1.06k views • 83 slides
presence using LinkedIn Rebecca Valentine (Careers Service) Dr Louise Connelly (Institute for

presence using LinkedIn Rebecca Valentine (Careers Service) Dr Louise Connelly (Institute for

Creating an effective online presence using LinkedIn Rebecca Valentine (Careers Service) Dr Louise Connelly (Institute for Academic Development Session outline Creating an effective online presence/your digital footprint Creating an

304 views • 11 slides
Income Statement 2014 2013 m m (underl erlyi ying) g) Full Price Revenue 3,740 3,548 +

Income Statement 2014 2013 m m (underl erlyi ying) g) Full Price Revenue 3,740 3,548 +

Income Statement 2014 2013 m m (underl erlyi ying) g) Full Price Revenue 3,740 3,548 + 5.4% + 6.7% Operating profit 723 650 + 11.2% + 11.2% Interest (28) (28) Profit before tax 695 622 Taxation (142) (149) Profit after

920 views • 57 slides
ASX Small and Mid-Cap Conference 9 September 2020 1 Business Overview CCV 12-month Share Price

ASX Small and Mid-Cap Conference 9 September 2020 1 Business Overview CCV 12-month Share Price

ASX Small and Mid-Cap Conference 9 September 2020 1 Business Overview CCV 12-month Share Price 16 $0.30 $0.25 Countries $0.20 705 $0.15 $0.10 Stores $0.05 83 622 $- Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Jan-20 Feb-20

529 views • 16 slides
County PUD and Enervee transformed a residential appliance rebate program Presented by Hillary

County PUD and Enervee transformed a residential appliance rebate program Presented by Hillary

The Case for Kits: How Snohomish County PUD and Enervee transformed a residential appliance rebate program Presented by Hillary Olson, Snohomish PUD Katie Breene, C+C AGENDA 1. Who is Snohomish PUD? 2. What is Enervee? 3. How is Enervee

500 views • 19 slides

More recommend