Researchers fool Facebook site

RESEARCHERS AT a Canadian university have designed computer programs they say are capable of infiltrating social networks such as Facebook with the purpose of stealing private user data.

In a paper, The Socialbot Network: When bots socialize for fame and money,the researchers outlined how they accessed thousands of Facebook accounts and gleaned some 250GB of user data.

The researchers at the University of British Columbia in Vancouver created “socialbots”, computer programs that mimic real users, and used them to access real Facebook user accounts. Online criminals use socialbots to collect data.

The socialbots were able to access user data with a success rate of up to 80 per cent, depending how many mutual friends the socialbots had previously infiltrated.

The researchers were able to harvest a vast quantity of user data from thousands of real Facebook accounts, including data on news feeds, user profile information, and “wall” messages. In total, the experiment gleaned approximately 250GB of user data.

More than 100 socialbots were deployed in the eight-week experiment into so-called socialbot networks, where they were controlled by a single program called a “masterbot”.

The socialbots, which resembled real user accounts, were capable of sending friend requests to real user accounts.

The researchers issued 25 friendship requests from a single computer each day in order to avoid security software measures deployed by Facebook.

Socialbots were designed to be socially attractive and researchers found the use of photographs of good-looking individuals had the greatest impact.

Forty-nine “male” and 53 “female” socialbots were created. Of the requests that were accepted by real Facebook users, 15.9 per cent originated from “male” socialbots while “female”socialbots had a 22.3 per cent acceptance rate.

The researchers found it was possible to automate the collection of profile information through scavenging the web.

Socialbots were able to automatically embed random quotes taken from third-party websites into status updates, thereby giving the impression that they were valid accounts being regularly updated by real Facebook users.

During the first “bootstrapping” phase of the project, 976, or about 19 per cent, of 5,053 friend requests were accepted.

The more friends the socialbots had the higher the acceptance rate. In the second phase, which lasted six weeks, friend requests were sent to 3,517 Facebook friends of users who had accepted requests in the first phase.

Of these, 2,079, or 59 per cent, were accepted.

Researchers found that anti-hacking measures such as the Facebook Immune System were capable of blocking only some 20 per cent of the socialbots and these were as a result of users flagging the socialbots as spam.

Facebook said the company had serious concerns about the methodology used by the researchers.

“We will be putting these concerns to them. In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site.”

The research paper, written by Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov and Matei Ripeanu, will be presented at the annual computer security applications conference in December.