The Latest in IT Security

Facebook: Zombie Bot Invasion

31
Oct
2011

zombieHere’s a possibility that could make your Halloween extra creepy: a Zombie Invasion. Not the brains-eating, rotting-corpse kind, mind you. I’m talking about a zombie bot invasion on Facebook, the world’s largest social network. The technology for such a thing is already available today. In fact, that hot chick adding you up on Facebook – she could very well be a “socialbot”, the virtual equivalent of a zombie.

A group of students named Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu from the University of British Columbia managed to create a network of “socialbots” to infiltrate Facebook, just to see how these bots would fare against the social networking site’s “Facebook Immune System”, which boasts to be the most comprehensive security system in the world. In fact, the FIS is so advanced that it is said to check 650,000 actions a second. As a result, less than 1% of Facebook users experience spam – an impressive accomplishment, all things considered.

However, as it turned out, this FIS did little to curb the infestation of bots in the social network. The group’s bots managed to infiltrate the network with a success rate of 80%. The group created 102 social bots, 49 of them male, 53 female. For the pictures, they merely used random photos taken from sites like HotOrNot. They then used a Web Crawler to gather data that would flesh out these bots’ profiles in order to make them believable. Finally, the group used a BotMaster to instruct the bots to start sending out friend requests to random users.

1 in 5 users accepted the friend request. Once befriended, the bots gathered the information from that person’s profile and from the friends of that user whose profiles were visible for ‘friends of friends’. The bots then went on to befriend their friend’s friends – a process that went on until they were so deeply embedded into the network that their acceptance rate rose to 60%.

Twenty of the bots were blocked, but not because of the automated FIS. They were only detected because the users reported them as spam. All the others were rather successful.

The experiment went on for 8 weeks. In the end, the bots had managed to befriend more than 3,000 people and grow its extended network to a total 1,000,000 users. They also managed to gather 35% of all the personally identifiable information found on their direct networks, and 24% from extended networks. These bots also managed to gather 46,500 e-mail addresses and 14,500 home addresses.

The dangers that these socialbots pose is very obvious, especially when it comes to security and privacy. The data gathered by these bots can be used for phishing attempts or even identity theft. However, there’s a deeper danger posed by socialbots. Used on a much larger scale, these bots can actually influence public opinion. Someone with malicious intents can easily harvest the power of these socialbots to further his or her own ends.

For now, though, there has been no massive socialbot attack ever reported. However, many believe that it’s only a matter of time before it happens.

Leave a reply


Categories

SUNDAY, DECEMBER 17, 2017

Featured

Archives

Latest Comments

Social Networks