Facebook data could be at risk of being stolen by hackers using 'socialbot' programmes, a study has suggested.
Researchers from the University of British Columbia in Vancouver have demonstrated how vast quantities of personal data can be obtained using the modified botnets, BBC News reports.
'Socialbots' mimic genuine profiles to trick users into allowing them access to their Facebook accounts. They infect machines with a virus to allow cyber criminals remote access to personal information.
The team of researchers created 102 socialbots for the study, as well as a 'botmaster' to control them. Over the course of eight weeks, the bots sent friend requests to 8,570 Facebook users, of which 3,055 accepted. The rogue software limited its requests to 25 each day to avoid detection.
The group claims to have stolen 46,500 email addresses and 14,500 home addresses during the experiment. They concluded that users with a high friend count were more likely to accept the requests than those with a relatively low one.
"As socialbots infiltrate a targeted online social network, they can further harvest private users' data such as email addresses, phone numbers, and other personal data that have monetary value," the team wrote in their report.
"To an adversary, such data is valuable and can be used for online profiling and large-scale email spam and phishing campaigns."
Facebook has dismissed the study's findings, claiming that the bots were not detected because they came from a trusted university source. The social networking firm also claimed to have disabled more of the bots than the researchers suggest.
"We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks," the company said in a statement.
"We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them.
"In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site."
The paper will be presented at the Annual Computer Security Applications Conference in Florida. However, the ethical nature of the study has been questioned as Facebook's terms and conditions state that the creation of fake profiles is prohibited.
Researchers from the University of British Columbia in Vancouver have demonstrated how vast quantities of personal data can be obtained using the modified botnets, BBC News reports.
'Socialbots' mimic genuine profiles to trick users into allowing them access to their Facebook accounts. They infect machines with a virus to allow cyber criminals remote access to personal information.
The team of researchers created 102 socialbots for the study, as well as a 'botmaster' to control them. Over the course of eight weeks, the bots sent friend requests to 8,570 Facebook users, of which 3,055 accepted. The rogue software limited its requests to 25 each day to avoid detection.
The group claims to have stolen 46,500 email addresses and 14,500 home addresses during the experiment. They concluded that users with a high friend count were more likely to accept the requests than those with a relatively low one.
"As socialbots infiltrate a targeted online social network, they can further harvest private users' data such as email addresses, phone numbers, and other personal data that have monetary value," the team wrote in their report.
"To an adversary, such data is valuable and can be used for online profiling and large-scale email spam and phishing campaigns."
Facebook has dismissed the study's findings, claiming that the bots were not detected because they came from a trusted university source. The social networking firm also claimed to have disabled more of the bots than the researchers suggest.
"We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks," the company said in a statement.
"We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them.
"In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site."
The paper will be presented at the Annual Computer Security Applications Conference in Florida. However, the ethical nature of the study has been questioned as Facebook's terms and conditions state that the creation of fake profiles is prohibited.
No comments:
Post a Comment