[Back]


Contributions to Proceedings:

M. Balduzzi, Ch. Platzer, T. Holz, E. Kirda, D. Balzarotti, Ch. Krügel:
"Abusing Social Networks for Automated User Profiling";
in: "Recent Advances in Intrusion Detection (RAID 2010)", Springer, 2010, ISBN: 978-3-642-15511-6, 20 pages.



English abstract:
Recently, social networks such as Facebook have experienced a huge
surge in popularity. The amount of personal information stored on these sites calls
for appropriate security precautions to protect this data.
In this paper, we describe how we are able to take advantage of a common weak-
ness, namely the fact that an attacker can query popular social networks for reg-
istered e-mail addresses on a large scale. Starting with a list of about 10.4 million
email addresses, we were able to automatically identify more than 1.2 million
user profiles associated with these addresses. By automatically crawling and cor-
relating these profiles, we collect detailed personal information about each user,
which we use for automated profiling (i.e., to enrich the information available
from each user). Having access to such information would allow an attacker to
launch sophisticated, targeted attacks, or to improve the efficiency of spam cam-
paigns. We have contacted the most popular providers, who acknowledged the
threat and are currently implementing our proposed countermeasures. Facebook
and XING, in particular, have recently fixed the problem.


Electronic version of the publication:
http://publik.tuwien.ac.at/files/PubDat_190541.pdf



Related Projects:
Project Head Paolo Milani Comparetti:
Worldwide Observatory of Malicious Behaviors and Attack Threats