On vulnerability of Facebook users to social botnets

How likely for a Facebook user to accept a friendship request from a stranger (albeit a pretty/handsome one)? By how much do such chances correlate with “promiscuity” of the user in terms of FB friends? Can such requests be automated? What can an adversary gain from befriending users?

These and other questions were investigated in the project led by my Ph.D. student Yazan Boshmaf. Preliminary results of this ongoing project will be presented in December at ACSAC. Yazan and Ildar Muslukhov have done cool stuff with automating a small but potent “social botnet” that used various heuristics to pose its “bot” profiles as “real people” to evade FB detection and to become friends with hundreds of profiles, collect information those “victims” shared with friends-only.

The most interesting questions of why FB users accept friendship request from strangers and how technology can help the users to make informed choices remain open.

You don’t have to wait until December and to come to hot sunny Florida to find more about this work. Just read the full paper.

Comments are closed.