Presentation is loading. Please wait.

Presentation is loading. Please wait.

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.

Published byWilfrid Crawford Modified over 10 years ago

Similar presentations

Presentation on theme: "Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer."— Presentation transcript:

1 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer Engineering Automated Social Engineering Attacks in OSNs Yazan Boshmaf Konstantin Beznosov Matei Ripeanu

2 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Not-So-Private Social Web. Or, Web 2.0 2

3 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Sharing 3 Facebook Archives. http//www.facebook.com Social Attributes  Demographics  Preferences

4 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Sharing 4 Social Structure  Friends  Mutual Friends Facebook Archives. http//www.facebook.com

5 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Public Access 5 Whoops! Sample!

6 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 6 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

7 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 7 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

8 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 8 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

9 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 9 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

10 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 10 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

11 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Facebook: Privacy Evolution 11 MCKEON, M. The evolution of privacy in Facebook. http://mattmckeon.com.facebook-privacy

12 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) That’s Natural! People Want to Be Visible. Or Not? 12

13 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Automated Cross-Site ID Theft 13 Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

14 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Automated Cross-Site ID Theft 14 Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09

15 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Automated Cross-Site ID Theft 15 Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09 From Facebook

16 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Automated Cross-Site ID Theft 16 Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. All your contacts are belong to us: automated identity theft attacks on social networks. In WWW ’09 Sample! Why did it work?

17 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Context-Aware Spam 17 Brown, G., Howe, T., Ihbe, M., Prakash, A., and Borders, K. Social networks and context-aware spam. In CSCW 2008

18 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Social Phishing 18 Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. Social phishing. Communications ACM 2007

19 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Oh, Adversaries Like OSNs! 19

20 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Web Applications Attacks 20 Evron, G. New Facebook worm warning: Wanna see somethong hot? http://darkreading.com/blog/archives/2009/11/new_facebook_wo.html

21 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Can be Turned into a Botnet! 21 Anthanasopolous, E., Makridakias, A., Antonatos, S., Antoniades, D., Ioannidis, S., Anagnostakis, K. G., and Markatos, E. P. Antisocial networks: Turning a social network into a botnet. In ISC ’08

22 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Koobface Botnet 22 TrendMicro. The real face of koobface. Technical report 2009

23 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Social Engineering Exploits Relationships and Trust 23

24 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Research Questions 24 Mwahaha!

25 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) How Many Attacker Did You Befriend Today? 25

26 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Before 26

27 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Crawling 27 Target Adversary

28 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Ranking 28 Target Adversary 6 2 8 5 1 7 4 3

29 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Infiltrating 29 Target Adversary 6 2 8 5 1 7 4 3

30 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Infiltrating 30 Target Adversary 6 2 8 5 1 7 4 3

31 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Infiltrating 31 Target Adversary 6 2 8 5 1 7 4 3

32 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - Infiltrating 32 Target Adversary 6 2 8 5 1 7 4 3

33 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - After 33 6 2 8 5 1 7 4 3 Target Adversary

34 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Attack - After 34 Target Adversary

35 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) What Does The Adversary Have? 35

36 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) A Network of “Trust” 36 Target Adversary

37 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Surveillance 37 Target Adversary

38 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Global Surveillance 38

39 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Amplified Social Engineering 39 Target Adversary Sarah, the Pool event last week was awesome! Yeah, I posted the picture! Will send you a link soon. Aha!

40 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Mitigation: The Wisdom of Crowd 40

41 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Towards Social Collaborative Security 41 Hey Kosta, check out this link http://www.malicous.com http://www.malicous.com Hey Kosta, check out this link http://www.malicous.com http://www.malicous.com Looks malicious!

42 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Towards Social Collaborative Security 42 Social Network Collaboration Network Hey Kosta, check out this link http://www.malicous.com http://www.malicous.com Hey Kosta, check out this link http://www.malicous.com http://www.malicous.com Hey all, this link is malicious http://www.malicous.com http://www.malicous.com Hey all, this link is malicious http://www.malicous.com http://www.malicous.com ? Looks malicious!

43 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) The Big Picture Vulnerability:  Authenticity of online relationships + public information Things to evaluate:  The attack in real-settings (Now, simulation-only).  Usability and expressiveness of privacy controls vs. privacy implications realized by users. Identified issues:  How can social networking sites, or OSNs, distinguish between fake and real online identities (Social Sybil Nodes)? Future work:  Social Collaborative Security (threat identification, opinion mining, reasoning, alert diffusion, etc.) 43

44 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) lersse.ece.ubc.ca 44

45 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Backup 45

46 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Evaluation (Simulation) 46

47 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) 47

Download ppt "Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer."

Similar presentations

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –http://www.cc.gatech.edu/~feamster/mini-projects/

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –
An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.
K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer

K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services Harvard Townsend Chief Information Security Officer
Primary Threats to Computer Security

Primary Threats to Computer Security
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2010/12/06 1.

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2010/12/06 1.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
Security on Web 2.0 Krasznay Csaba. Google Search Trends.

Security on Web 2.0 Krasznay Csaba. Google Search Trends.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University

Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Social Networks Systems Reading Group Jay Chen 10/25/06.

Social Networks Systems Reading Group Jay Chen 10/25/06.
1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.

1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.

Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,
Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.

Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.

Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Similar presentations

Ads by Google