As social media continues to grow, new research by the University of British Columbia in Vancouver has uncovered a new breed of threats which they have dubbed ‘socialbots’.
These are pieces of software which infiltrate a social network and pass themselves off as human.
Socialbots can be used to influence social networkers by posting updates to spread misinformation and propaganda.
Once they have thoroughly integrated themselves into a site, they can they harvest personal information from other users, depending on how a user has altered their privacy settings.
Since this information has monetary value for spammers and scammers, the report says it is not surprising to find that such bots are now offered for sale on the cybercriminal underground.
The research team built a simple socialbot network (SbN) consisting of 102 bots and one botmaster.
They then carried out a series of experiments over the course of eight weeks in order to test the effectiveness of the SbN.
During the operation, the SbN requested a total of 8570 connections and recorded all of the relevant data associated with the requests, along with all data collected relating to accessible user accounts and behaviours.
It was found that social media sites are extremely vulnerable to infiltration and that a success rate of 80% could be enjoyed.
It was also found that users are dangerously complacent about accepting connections from people that they don’t know, especially if the requestee has mutual friends.
The SbN was able to successfully integrate itself fully with its targeted community and filtering measures already in place did little to prevent it from doing so.
Whilst 20% of the phoney profiles were picked up, this was mostly due to users flagging a profile as bogus, rather than through a site’s defences.
In order to overcome security measures such as Captchas, the socialbot uses a site’s own APIs in order to prevent requests being sent too often, as well as using automated software with optical recognition.
A fake profile might use a picture of an attractive woman or similar in order to draw users into connecting with it.
The research concentrated its efforts on Facebook, and of the 8570 friend requests sent, 3055 were accepted.
Of the 102 socialbots that were created by the team, 49 were assigned as male and 53 as female profiles.
The bots generated a list of over 5000 target profile IDs and 86% of these accepted the connection requests sent to them.
The eight-week experiment was shut-down after researchers decided that the SbN was generating too much traffic and it was found that in that time, it had managed to achieve 250GB of inbound traffic.
This led to a large amount of harvested data, including wall posts and profile information not only from the connected profiles, but also those from a user’s wider circle.
The report concluded that not only is it a simple matter to defy security measures put in place by social media sites such as Facebook, it is also easy to control a large SbN which will grow quickly and integrate itself more fully the longer it remains on the site.
It was found that users who have a large friends list are much more likely to accept random requests from strangers. Whilst this means that their privacy and data is at risk, it also means that they have also put their friends, and friends’ friends at risk too.