Facebook’s Immune System not so strong.
In a recent experiment conducted by researchers at the University of British Columbia, Canada, Facebook was targeted by an army of “socialbots” to see how effective their Immune System is to data gathering bots.
The experimented was conducted over a period of 8 weeks, starting off with 102 socialbots complete with fake names and profile pictures, sent out a friend request to 5,053 randomly selected Facebook users. To avoid detection by Facebook, each of the bots sent out no more than 25 invites per day; the whole process finishing in 2 days. During this time, around 20% of the accounts were blocked off by Facebook, but this was primarily done because the invitees identified the bots as spam and warned Facebook.
Still, 976 people (roughly 19% of the sample size) actually accepted the friends request from these socialbots within the first two weeks. The next step was to send out friends request to everyone on the list of these 976 people. And out of the 3,517 invites, 2,079 accepted. So roughly 59% of the targeted users accepted a friends request from a fake account because it was already friends with someone they knew.
This phenomenon is termed by the researchers as the “triadic closure principle” wherein a person is three times as likely to accept a friends request on social networks if both parties know someone already. This theory worked in favor of the social bots as well, who received 331 friend requests.
These bots than managed to successfully acquire over 250GB worth of data, getting all the information available to friends of the targeted users. Pictures, phone numbers and personal data that can be used for financial gains was an easy process for these socialbots to acquire. Identity theft and email spaming are just a few more ways this data could be used with devastating effects. Full findings of the experiement can be found in detail in this white paper which will be presented at next month’s Annual Computer Security Applications Conference in Orlando, Florida
One of the 4 researchers, Yazan Boshmaf, told The Register that, “Overall, our research goal is not to expose Facebook Immune System’s vulnerabilities per se, but to help Facebook and the wider community to build more secure systems that are less vulnerable to both human exploits (i.e., social engineering) and technical exploits (i.e., platform hacks).”