Design and analysis of a social botnet (original) (raw)

Introduction

With more than a billion active users [1], [2], Online Social Networks (OSNs) such as Facebook1 and Twitter2 have attracted third parties who exploit them as effective online social media to reach out to and potentially influence a large and diverse population of web users [3], [4]. For example, OSNs were heavily employed by Obama’s 2008 campaign team who raised about half a billion dollars online, introducing the digital era in presidential fundraising [5]. In addition, it has been argued that OSNs were one of the key enablers of the recent Arab Spring in the Middle East [6], [7]. This pervasive integration of OSNs into everyday life is rapidly becoming the norm, and arguably is here to stay [8]. Today’s social web, however, is threatened by cyber criminals who diligently attempt to attack many OSN platforms and breach the privacy of their users.

We recently showed that an adversary can infiltrate OSNs on a large scale by deploying an army of socialbots [9], [10]. A socialbot is an automation software that controls an adversary-owned or hijacked account on a particular OSN, and has the ability to perform basic activities such as posting a message and sending a connection request. What makes a socialbot different from self-declared bots (e.g., Twitter bots that post up-to-date weather forecasts) or spambots (i.e., bots that massively distribute unsolicited messages to non-consenting users) is that it is designed to pass itself off as a human being. This is achieved by either simply mimicking the actions of a real OSN user or by simulating such a user using artificial intelligence, just as in social robotics [11], [12], [13]. Thus, a socialbot can be used to infiltrate a targeted OSN in order to reach an influential position, that is, to compromise the social graph (i.e., the social structure) of the OSN by connecting with a large number of its users.

Large-scale infiltration in OSNs has serious security implications. First of all, a socialbot can pollute the targeted OSN with a large number of non-genuine social relationships. This means that it is unsafe to treat the infiltrated OSN as a trust network, which goes against the long-term health of the OSN ecosystem. In addition, third-party applications and websites have to perform the appropriate “clean up” in order to identify and remove most of the bogus user profiles along with their fake relationships, all before integrating or using such an OSN [14], [15].

Second, once a socialbot infiltrates a targeted OSN, it can exploit its new position in the network to spread misinformation in an attempt to bias the public opinion [16], [17], perform online surveillance [18], or even influence algorithmic trading that uses opinions extracted from OSNs to predict the stock market [19], [20]. For example, Ratkiewicz et al. [21] describe the use of Twitter bots to run astroturf campaigns during the 2010 US midterm elections. Moreover, a socialbot can exploit its new position in the network to distribute malicious content such as botnet executables [22]. For example, the Koobface botnet [23] propagates by hijacking OSN accounts of infected machines, after which it uses these accounts to send messages containing a malicious link to other OSN users. When clicked, this link points to a legitimate but compromised website that attempts to infect its visitors with the Koobface malware.

Third and last, as a socialbot infiltrates the targeted OSN, it can also harvest private user data such as email addresses, phone numbers, and other personally identifiable information that have monetary value. To an adversary, such data are valuable and can be used for online profiling and large-scale email spam and phishing campaigns [24], [25]. It is thus not surprising that similar socialbots are being offered for sale in the Internet underground markets, with prices starting from 29persingle−featuredbotandupto29 per single-featured bot and up to 29persingle−featuredbotandupto2500 per multi-featured bot [26].

A number of recently proposed techniques aim to automatically identify bots in OSNs based on their abnormal behavior [15], [27], [28], [29], [30]. For example, Stein et al. [31] present the Facebook Immune System (FIS): an adversarial learning system that performs real-time checks and classification on every read and write action on Facebook’s database, all for the purpose of protecting its users and the social graph from malicious activities. It is thus not surprising that such an adversarial learning system is rather effective at identifying and blocking spambots. Socialbots, on the other hand, are much more deceptive than spambots as they are designed to appear “normal” [9], [13], [32].

Graph theoretic techniques [14], [33], [34], as an alternative to adversarial learning systems, are expected to be less effective and more expensive at identifying socialbots, as one would typically “look for a needle in a haystack.” Community detection algorithms [34], [35], for example, are deemed to fail as there will be far more fake relationships than socialbots [9], [14]. The intuition behind this is that each socialbot is expected to gradually, but independently, integrate into the targeted online community, resembling the scenario when a new user joins an OSN and starts connecting with others.

In this article, we extend our recent work on large-scale infiltration in OSNs [9], [10], and provide the first comprehensive study of this emerging threat that covers its human, economic, and technical factors. In particular, we enhance our treatment in tackling questions related to how OSN security defenses stand against socialbots that mimic real users, and how OSN users might behave in response to a large-scale infiltration campaign run by such deceptive bots. We also provide new results related to how much leverage an adversary might gain by running a large-scale infiltration campaign, whether it is economically feasible to run such a campaign in the first place, and what the expected challenges faced by OSN security defenses might be.

We studied large-scale infiltration in OSNs as an organized campaign run by an army of socialbots to connect with either random or targeted OSN users on a large scale. We adopted the design of a traditional web-based botnet and defined what we call a Socialbot Network (SbN): a group of programmable socialbots that are coordinated by an adversary (referred to as a botherder) using a software controller (referred to as a botmaster). We designed the botmaster to exploit the known properties of social networks, such as the triadic closure principle [36], in order to improve the magnitude of the potential infiltration.

We created a fairly small and simple, yet effective, SbN consisting of 102 socialbots and a single botmaster, and then operated this SbN on Facebook for 8

weeks. During that time, the socialbots sent a total of 8570 friendship requests, out of which 3055 were accepted. We recorded all data related to the resulted infiltration by this SbN and the corresponding user behavior, along with all accessible user profile information. Our findings can be summarized as follows:

• •
  OSNs such as Facebook are vulnerable to large-scale infiltration campaigns
  From the OSN side, we show that today’s OSNs exhibit inherent vulnerabilities that allow an adversary to automate the infiltration on a large scale (Section 3), and accordingly, build an SbN that is difficult to detect by OSN security defenses such as the FIS (Section 4). From the user side, we show that most OSN users are not careful enough when accepting friendship requests, especially when they share mutual friends with the sender. This behavior can be exploited to achieve a large-scale infiltration with a success rate of up to 80% (Sections 5 Evaluation, 6 Discussion).
• •
  Depending on user profile privacy settings, operating an SbN can result in serious privacy breaches
  We show that after a large-scale infiltration, a botherder can harvest large amounts of publicly inaccessible user data. This data include email addresses, phone numbers, and other profile information of the infiltrated users, all of which have monetary value. Unfortunately, this also includes the private data of “friends of friends”, that is, users who have not been infiltrated but are friends with infiltrated users (Section 6).
• •
  Operating an SbN is expected to be profitable, but it is not particularly attractive as an independent business
  We analyzed the economic feasibility of operating an SbN, and based on a simple cost–volume-profit analysis, we show that a botherder can make profit by either selling harvested user data or earning a lump-sum payment for infiltrating a predetermined number of OSN users. Our analysis, however, indicates that large-scale infiltration is not sustainable as an independent business, and a rational botherder would utilize an SbN as a tool to collect private user data in order to personalize subsequent, more profitable adversarial campaigns such as email-based spam and phishing campaigns (Section 7).
• •
  The security of socially-aware software systems can be at risk, given the infiltration capability of an adversary
  We show that it is not difficult for an adversary to establish arbitrarily many social connections with arbitrary users in OSNs such as Facebook. The opposite, however, is often assumed by software systems that use the social graph of OSNs as a trust network in order to provide socially-aware services such as personalized collaborative filtering and Sybil defense in peer-to-peer systems. We use Distributed Hash Tables (DHTs) as an example, and demonstrate that this assumption is unsafe and can lead to the situation where an adversary circumvents the employed security protocol in order to compromise the functionality of the DHT (Section 8).
• •
  OSN security defenses have a higher leverage detecting infiltration campaigns, rather than trying to prevent them
  Our investigation suggests that preventing large-scale infiltration in OSNs is a hard problem, as it involves fixing inherent vulnerabilities found in today’s OSNs. In fact, this boils down to solving a set of socio-technical challenges that relate to web automation, online-offline identity binding, and usable security. We believe that OSN defenses have a higher leverage in detecting, and thereof, limiting the implications of large-scale infiltration campaigns, especially when such systems are iteratively updated to mitigate adversarial attacks. Doing so has the effect of increasing the cost of running large-scale adversarial campaigns and shrinking the corresponding profit margins, which eventually render such campaigns economically infeasible and non-scalable (Section 9).
• •
  Our findings are not limited to Facebook.
  Recent research shows that other OSNs such as Twitter are vulnerable to large-scale infiltration campaigns as well [13], [21], [32], [37], [38], which, unfortunately, exposes a population of more than one billion OSN users to this emerging threat.
  In conclusion, our findings shed light on the importance of considering the human factor when designing OSN security defenses. We believe that socio-technical solutions are required to effectively protect the social web and realize security defenses that are less vulnerable to both human and technical exploits (i.e., social engineering and OSN platform hacks, respectively).

Section snippets

Background and preliminaries

In what follows, we present background information and define the notations we use in the upcoming discussion.

OSN vulnerabilities

We discuss four vulnerabilities found in today’s OSNs that allow an adversary to run a large-scale infiltration campaign. Collectively, along with poorly designed end-user privacy controls [49], these vulnerabilities represent the enabling factors that make operating socialbots feasible in the first place.

The socialbot network

We first start with a conceptual overview of a Socialbot Network (SbN) and its threat model. This is followed by a discussion on the SbN design requirements, after which we outline its construction details.

Evaluation

In order to evaluate how vulnerable OSNs are to a large-scale infiltration by an SbN, we decided to build one according to the discussion in Section 4.4. We chose Facebook as the targeted OSN because it is the largest OSN found today, consisting of more than 750 million users [1]. Besides, we believe it is particularly difficult to operate an SbN on Facebook as (1) unlike other OSNs, Facebook is mostly used to connect with real-life friends and family but not with strangers [68], [69], [70] and

Discussion

In what follows, we discuss the results presented in the previous section and focus on three main points: the observed user behavior, the harvested user data, and the infiltration performance of the socialbots.

Economic analysis

In Section 5, we showed that OSNs, Facebook in particular, are vulnerable to large-scale infiltration campaigns run by an SbN, but is it economically feasible for a botherder to operate the SbN after all, or should he expect to lose money in order to sustain it? In what follows, we adopt the analysis of Herely [47] and reason about the economic feasibility of operating an SbN by a rational (i.e., profit-driven) botherder. As opposed to a botherder who is motivated by self-fulfillment, fun, or

Implications for other systems

So far, we showed that running a large-scale infiltration campaign is feasible in practice and a has a low cost associated with it. This section explores the wider implications of large-scale infiltration in OSNs beyond today’s social web. In particular, we show that large-scale infiltration has alarming implications on software systems that use the social graph of OSNs to personalize, fine-tune, or bootstrap socially-aware services. We first outline the common assumption these systems make

Challenges and countermeasures

Defending against large-scale infiltration in OSNs can be divided into prevention and limitation. To prevent an SbN from operating in an OSN, the OSN operator has to eliminate the factors that enable the problem in the first place, that is, to fix at least one of the vulnerabilities outlined in Section 3. Doing so, however, gives rise to a set of socio-technical challenges that relate to web automation, online-offline identity binding and usable security. Limiting large-scale infiltration, on

Conclusion and future work

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

— Sun Tzu, The Art of War

From a computer security perspective, the concept of socialbots is both interesting and disturbing: the threat is no longer from a human controlling or monitoring a computer, but from exactly the opposite.

In

Acknowledgments

We would like to thank Shang Cai, San-Tsai Sun, Elizeu Santos-Neto, Albina Muslukhova, and Bader AlAhmad for their kind help and advice. We also would like to thank Laks V.S. Lakshmanan, Cormac Herley, Miranda Mowbray, Hasan Cavusoglu, and Adriana Iamnitchi for their feedback on an early draft of this article. This research is partially supported through funding from the NSERC Internetworked Systems Security Network (ISSNet) and GRAND NCE. The first author is thankful to the University of

Yazan Boshmaf is a Ph.D. student in the Department of Electrical and Computer Engineering at the University of British Columbia. He received his M.Sc. degree in Computer Engineering from the University of Stuttgart, Germany. Yazan is broadly interested in computer security and distributed systems with a focus on Web 2.0 and smartphone security and privacy.

Yazan Boshmaf is a Ph.D. student in the Department of Electrical and Computer Engineering at the University of British Columbia. He received his M.Sc. degree in Computer Engineering from the University of Stuttgart, Germany. Yazan is broadly interested in computer security and distributed systems with a focus on Web 2.0 and smartphone security and privacy.

Ildar Muslukhov is a Ph.D. student in the Department of Electrical and Computer Engineering at the University of British Columbia. He received his M.Sc. degree in technical sciences from Ufa State Aviation and Technical University, Russia. Ildar is broadly interested in computer security with a focus on Web 2.0 and smartphone security and privacy.

Konstantin (Kosta) Beznosov is an Associate Professor at the Department of Electrical and Computer Engineering, the University of British Columbia, where he directs the Laboratory for Education and Research in Secure Systems Engineering. His research interests are usable security, distributed systems security, secure software engineering, and access control.

Matei Ripeanu received his Ph.D. degree in Computer Science from the University of Chicago in 2005. After a brief visiting period with Argonne National Laboratory, Matei joined the Department of Electrical and Computer Engineering at the University of British Columbia as an Assistant Professor. Matei is broadly interested in distributed systems with a focus on self-organization and decentralized control in large-scale Grid and peer-to-peer systems.

Copyright © 2012 Elsevier B.V. All rights reserved.