Online Social Networks (OSNs) provide conveniences to connect people online. For example, a popular social media platform like Facebook has over 2.5 billion monthly active users. But are you aware of the users you are connected with might not be a real person?
A research group at the University of British Columbia conducted an infiltration test on Facebook with a Socialbot Network where researchers operated social engineering bots to gain access to users’ personal information such as birthday, addresses, and phone numbers. They started with creating fake user accounts and profiles for the bots. Each social bot was automated and linked to a Facebook account. Social bots could make posts and sending friend requests. Then, these bots tried to mimic real users’ activities and make as many friends as possible. Because most of the Facebook users publish their personal information to their friends only.
Then, things get interesting as the social engineering strategy that bots used was to send friend requests to the friends of their friends they already had. This was related to the triadic closure principle which shows that if the connections between A-B and B-C exist, then there is a tendency for the new connection A-C to be formed. This strategy increased the likelihood of accepting bots’ friend requests about three times higher given the existence of mutual friends.
The research group had to take down the bots since they caused heavy traffic to Facebook and resulted in a successful acceptance rate of 80% after 8 weeks of starting the experiment. With this large-scale infiltration, it is easy to collect users’ personal information for malicious purposes such as identity theft. To further elaborate on the experiment, we can see that it is dangerous to leave our sensitive information on OSNs like Facebook. The protection that Facebook used did not appear to be effective in detecting social bots, and this is only one of the vulnerabilities in the network. Defending against such threats will be just the first step in maintaining a safer network.
References
Fruhlinger, J. (2019, September 25). Social engineering explained: How criminals exploit human behavior. Retrieved October 23, 2020, from https://www.csoonline.com/article/2124681/what-is-social-engineering.html
Maffei, K. (n.d.). Six Degrees: The Science of a Connected Age by Duncan Watts. Retrieved October 23, 2020, from https://serendipstudio.org/complexity/course/emergence06/bookreviews/kmaffei.html
Boshmaf, Y., Muslukhov, I., Beznosov, K., & Ripeanu, M. (2011, September 27). The Socialbot Network: When Bots Socialize for Fame and Money. Retrieved October 23, 2020, from http://lersse-dl.ece.ubc.ca/record/258?ln=en