With the recent and widespread Facebook hack that inundated millions of users with pictures of sexually explicit and violent material, some wonder how a breach of this magnitude could possibly happen and who exactly might be responsible.
Researchers from the University of British Columbia’s Vancouver campus recently released a study concerning the potential hazards posed by cyber prowlers cruising social networks pretending to be real people.
According to Facebook, users were tricked into copy and pasting malicious code in their web browser. Hackers were then able to gain access to users' profile, allowing them to post and access contact lists.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” said Facebook spokesperson Andrew Noyes in a statement.
During the experiment, the researchers were able to collect over 250 GB worth of personal information. They were able to achieve this simply by using “socialbot” computer programs that mimic the actions of real users.
Socialbots are a social networking adaptation of botnets; programs criminals use to send spam and other harmful viruses.
Botnets traditionally are used when networks of computers are infected with a virus, giving the criminal the ability to remotely access the computers to steal private information or to send spam and other attacks.
Specifically for this research, socialbots were different than botnets because they were able to pass as real Facebook users. The software would then take over control of an online profile and then perform basic tasks of sending requests and posting messages.
The researchers created 102 socialbots and released them onto Facebook. Each one was given a name and profile picture to better assimilate within the Facebook community.
Over the course of eight weeks, researchers were able to send 8,570 friend requests and compile 3,055 friends. In order not to alert Facebook spam monitors, only 25 requests were sent out each day.
The researches claimed to have “stolen” 46,500 email addresses and 14,500 home addresses.
It was also claimed that the more friends an individual user has, the more likely they would accept a friend request form an unknown source.
The study takes aim at the ineffectiveness of current social network security measures for such attacks, with only 20 percent of socialbots caught by Facebook.
The results are expected to be delivered at the “Annual Computer Security Applications Conference” in Florida.
As socialbots infiltrate a targeted online social network, they can further harvest private users' data, such as email addresses, phone numbers, and other personal data, that have monetary value. To an adversary, such data is valuable and can be used for online profiling and large-scale email spam and phishing campaigns.