‘Socialbots’ pose IT security threat on campuses

Socialbots had an 80 percent success rate during the two-month experiment.

University of British Columbia (UBC) Vancouver researchers unleashed an army of more than 100 socialbots—technology that poses as people on social networks—and harvested personal information from 3,000 Facebook users, demonstrating how vulnerable campus networks are to attacks through social media sites.

In “The Socialbot Network,” released Nov. 1, a group of UBC researchers claim they used a cluster of fake Facebook accounts to obtain more than 250 gigabytes of personal information from Facebook users who accepted friend requests from socialbots during the two-month experiment.

The socialbots have profile pictures, personal information, and posts like any other regular Facebook regular.

But instead of proposing a friend request and interacting with friends and colleagues, the bots exist only to scan Facebook profiles for personal eMail addresses, phone numbers, marital status, instant messenger accounts, addresses, and personal preferences.

Read more about network security in higher education…

How to practice safe social networking

Study: Smart phones threaten campus network security

“A successful infiltration can result in privacy breaches where even more users’ data are exposed when compared to a purely public access,” the researchers wrote.

Socialbots deployed by the UBC researchers, which used quotes from the site iheartquotes.com as status updates to simulate a real person, infiltrated Facebook accounts in 80 percent of their attempts.

The researchers launched each socialbot account in part by using temporary eMail addresses from 10minutemail.com as a registration eMail account required to start a Facebook profile. Photos were chosen for each socialbot account through the site hotornot.com, where users rate each others’ “hotness.”

Despite its Facebook Immune System (FIS), the 800-million member social network might not have sufficient defenses for socialbots posing as people, according to the report.

FIS, the report charges, is “not effective enough in detecting or stopping a large-scale infiltration as it occurs.”

“It is, however, not well-understood how such defenses stand against socialbots that mimic real users, and what the expected users’ behavior might be in response to a large-scale infiltration by such bots,” the researchers wrote.

Facebook’s defense system checks about 25 billion online actions every day, or 650,000 per second, according to Facebook. FIS checks every click registered on Facebook for signs or patterns that malware or spam could be spreading across the social network.

Higher education technology officials have said popular sites like Twitter and Facebook – havens for computer hackers – could compromise the campus network when students use access the social sites in their dorms or in class.

Carefully placed spam and malware, IT officials said, could give hackers access to the campus network if students click on the fraudulent link.

MyPageKeeper, created by UC Riverside Ph.D. students Ting-Kai Huang and Sazzadur Rahman, once downloaded, scans a Facebook user’s news feed for potential spam and phishing attempts and sends warnings detailing security compromises.

This not only safeguards the user’s Facebook account, but also the accounts of his or her friends who might click on fraudulent links that launch covert attacks against personal computers when clicked.

Facebook accounts for 5.7 percent of all phishing attacks, more than Google or the IRS, but only a fraction of PayPal, which accounts for 52 percent of phishing scams.

“It’s an ever-changing battle for us,” said Jonathan Domen, a network analyst at Bryant University in Smithfield, R.I., a private campus with about 3,600 students. “It really comes down to getting a handle on it really quickly before people start clicking and things get much worse.”

Blocking Facebook, campus technology chiefs said, isn’t an option, because so many students use the site for social and educational purposes, connecting to classmates and professors alike.

“We have to walk a very fine line,” said Domen, adding that Bryant’s network blocks students from accessing Facebook applications that are especially vulnerable to malware.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.