Socialbots used by researchers to 'steal' Facebook data
Published: 2nd Nov 2011 12:00:00
Researchers have demonstrated a new technique capable of stealing personal information from Facebook.
Using 'socialbots', computer programmes that mimic real Facebook profiles, the researchers were able to harvest vast quantities of personal data.
Socialbots are increasingly being used by internet criminals and are being offered for sale on the internet for as little as $29 (£18).
Facebook said that the research was overstated and unethical.
A socialbot is a social networking adaption of the wide-scale botnets used by criminals to send out spam.
In a traditional botnet, a network of computers are infected by a virus to allow a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.
What makes a socialbot different is that it is able to pass itself off as a real Facebook user.
The software takes over control of a social networking profile and from there performs basic activities such as posting messages and sending requests.
The four researchers from the University of British Columbia in Vancouver, created 102 socialbots for use in their experiment and one 'botmaster' - software that sent commands to the other bots.
The researchers employed their socialbots over a period of eight weeks. In total the bots attempted to make friends with 8,570 Facebook users. 3,055 accepted the friendships.
The researchers found that the more friendships people had on Facebook, the more likely they were to accept the 'fake' friend.
To prevent triggering Facebook's fraud detection software, the fake accounts only sent 25 requests per day.
From the profiles of those they befriended and the extended networks of those friends, the researchers claimed to have 'stolen' 46,500 email addresses and 14,500 home addresses.
In their paper, due to be presented at next month's Annual Computer Security Applications Conference in Florida, the researchers wrote: "As socialbots infiltrate a targeted online social network, they can further harvest private users' data such as email addresses, phone numbers, and other personal data that have monetary value."
"To an adversary, such data is valuable and can be used for online profiling and large-scale email spam and phishing campaigns."
Facebook said that the experiment was unrealistic because the IP addresses used came from a trusted university source, whereas the IP addresses used by real-life criminals would raise alarm bells.
It also said that it had disabled more of the fake accounts than the researchers claimed.
"We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks," said a spokesperson.
"We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them.
"In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site."
The researchers estimated that a real-life malicious attack could have a success rate of 80%.
"Online social network's security defences, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs," they concluded.
"We believe that large-scale infiltration in online social networks is only one of many future cyber threats, and defending against such threats is the first step towards maintaining a safer social web for millions of active web users."
Consultant from security firm Sophos Graham Cluley said the research was "interesting"
"Clearly there's a lesson for Facebook users to learn there about the need to carefully vet who you allow to become your Facebook friend, and what information you choose to share online," he said in his blog.
But he questioned how ethical such research was.
"Facebook's security team is unlikely to look kindly on people who conduct experiments such as that done by the university researchers, and users are reminded that under Facebook's terms of service you are not allowed to create fake profiles, should use your real name, and should only collect information from other users with their consent," he said.
Harvard CitationBBC News, 2011. Socialbots used by researchers to 'steal' Facebook data. [Online] (Updated 02 Nov 2011)
Available at: http://www.manchesterwired.co.uk/news.php/198895-Socialbots-used-by-researchers-to-steal-Facebook-data [Accessed 18th June 2013]
More Technology News
Huawei has unveiled what is says is the world's thinnest smartphone....
The internet's love affair with zany cat pictures has been combined with the craze for self-portraits to create an app likely to appeal...
A system which uses giant holograms to help medical students master their subject has been pioneered by two London-based junior doctors. ...
Yahoo is the latest company to reveal its dealings with the US authorities, following revelations about the Prism surveillance programme....
Diego Maradona has won compensation from two Chinese firms for using his name in an online game, Hot-Blooded Soccer, without his consent. ...
Internet firms are to meet ministers at No 10 amid calls for more to be done to block images of child sex abuse and to stop children viewing...
Sharp has released what it says is the biggest TV ever to go on sale in Europe....
Working together as a team at different times, in different locations, on different bits of digital kit - a trend that has gathered momentum...
They are two tribes with power over all of our lives - but politicians and internet companies just don't speak the same language. ...
UK ISPs have rejected calls by David Cameron's adviser on preventing the sexualisation of childhood to impose parental filters for adul...
At 19:00:51 in OtherA 13-year-old girl was raped on her way to school in Greater Manchester....
At 18:39:05 in OtherA woman was raped by a number of men during a house party in a "disgusting" attack, police have said....
At 13:44:40 in OtherIan Brady is banned from carrying pens in case he uses them as a weapon after a confrontation at his secure mental hospital, a tribunal has ...
At 10:50:26 in OtherMuseums in three northern cities which faced uncertain futures are "safe" from closure, the culture minister has said....
At 03:49:06 in OtherDemand for the HS2 high-speed rail project has "likely been overestimated", a think tank has said....
At 00:11:45 in BusinessBruce Dickinson arrived for his BBC interview wet, hot, but in remarkably good spirits....
At 23:10:41 in OtherA youth of 17 has been charged with the murder of a man who was found with head injuries in a Bolton street....
At 21:01:55 in OtherBradford's National Media Museum will not close, MPs say they have been told....
At 20:39:05 in OtherTwo officers from Greater Manchester Police (GMP) have gone on trial over the fatal shooting of an unarmed officer on a training exercise....
At 17:02:26 in OtherA police officer accused of making false statements against a protester has been formally cleared....
News In Other Categories
A UK-wide Family Arts Festival has been launched aiming to increase family participation in the arts. ...
A ceremony has been held to mark the building of the latest addition to London's skyline. ...
Leaders of the G8 major economies have agreed new measures to clamp down on money launderers, illegal tax evaders and corporate tax avoiders...
A man has been charged with raping two women in West Lothian, one of them at gunpoint....
Two French football stars, Franck Ribery and Karim Benzema, are to go on trial in Paris on charges of paying for sex with an underage prosti...
Mali's government has signed a peace deal with Tuareg rebels to help pave the way for elections next month. ...