Which Web Browser Is the Most Secure?

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security No Responses »

Mar 202012

Which Web Browser Is the Most Secure?

Zone Alarm News

February 28, 2012

When a massive spam attack posted violent and pornographic images across the news feeds of many Facebook users last year, many wondered how hackers had launched the attack. Turns out, it was by exploiting a vulnerability in users’ web browsers.

The event shed light on an often-overlooked issue of online security, your web browser. There are many browsers available, such as Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But the real question is: which browser offers the most protection from malware, adware, viruses, and hackers?

Many browsers are fighting for market share, and therefore paying more attention to their security, but popularity and security are not always equal.

A recent Accuvant study revealed that Chrome (the second most popular browser) ranks as the most secure web browser when compared to Internet Explorer (the most popular) and Firefox. Interestingly, this month the German government named Chrome the most secure browser, perhaps lending weight to the study. However, critics have pointed out that the study was commissioned by Google (creator of Chrome), and the findings may therefore be skewed.

Still, according to the study, Chrome ranks the highest in creating and putting into use new safety measures to boost its security, with Internet Explorer only slightly behind Chrome. Firefox was deemed the least secure in the study.

Despite these recent findings, the browser wars remain a hot-button issue, with various entities dubbing some browsers more secure than others. During the 2011 hacker conference, Pwn2Own, hackers attacked four popular browsers: Internet Explorer, Apple Safari, Mozilla Firefox, and Google Chrome. The hackers were able to quickly compromise Internet Explorer and Safari. In fact, these hackers were able to hack the browsers so thoroughly that they managed to write files on the hard drive of the computer they were attacking. Interestingly (and contrary to the Accuvant study findings), Chrome and Firefox both resisted hacking attacks during the exercise.

Regardless of the browser, manufacturers are always working to ensure users can enjoy surfing the web safely and securely—and that’s the good news. The bad news, as the Pwn2Own conference revealed, is that cybercriminals worldwide are also working hard to figure out new ways to hack your browser.

This means that it’s important for users to educate themselves about this threat and take the steps necessary to lessen their chances of falling victim to a browser security breach. What should you do? Keep the following tips in mind.

If you plan to download a new or different browser, make sure you are downloading a legitimate version. Go directly to the manufacturer’s site, and ignore ads or popups (which may be tricks to get you to install a corrupt version).

Set your online preferences to allow for software updates. Some browsers, such as Internet Explorer and Safari, will automatically update with your operating system. But others, including Firefox, automatically update themselves to deploy security patches and provide enhanced security features.

Set your browser’s security settings to the highest possible to prevent others from exploiting your browser.

Disable popups in your browsers or install security software that prevents popup windows. Deploying infected popups is a popular way that hackers trick users into downloading malware.

No matter which browser you use, always follow safe practices and be alert to any unusual or suspicious functioning when you log onto the web.

Direct Link: http://blog.zonealarm.com/2012/02/which-web-browser-is-the-most-secure.html

With 12 Million Hacked Users’ Data, Pwned List Launches As A Breach Monitoring Service

Mar 192012

With 12 Million Hacked Users’ Data, Pwned List Launches As A Breach Monitoring Service

FORBES

Andy Greenberg, Forbes Staff

March 19, 2012

Having your usernames and passwords stolen and sprayed across the Web is never fun, as millions have discovered after hackers breach a company where they work or where they’ve registered an account. But worse yet is to have that personal information hung out for all to see and not even know it.

Nine months ago, Pwned List was created to answer a simple question for users: Is your account among the millions whose credentials have been spilled onto the web? Visit PwnedList.com, (whose name comes from the verb “to pwn,” slang for hacking someone or something) type in your email address or username, and the site will check it against a database that has now grown to 12 million compromised credentials it’s collected from crawling public sites where hackers post stolen data. For each of those 12 million usernames or email addresses, Pwned List has confirmed that a password was also published online.

On Monday, Pwned List announced that it aims to transform that post-breach notification service into a business. While anyone can still visit the site for free and check their email address or username, users can also pay a dollar a month for a service that emails them an automatic alert if their account data has been dumped by hackers on the Web. And perhaps more significantly for the site’s revenue, it will offer the same automated breach notification service to corporate customers, scouring the Web for any email linked with a company’s collection of domains for a five-figure annual fee.

“We may not catch absolutely everything, but we can catch the vast majority of credentials stolen and shared by hackers. We’ll notify a company the same day that we identify a new credential from its domain,” says Steve Thomas, the company’s chief executive. “Our goal is to be our customers’ eyes and ears, and take a chunk out of their risk of data theft.”

Aside from hackers’ favorite depositories for publishing stolen information like Pastebin and the Pirate Bay, Thomas says Pwned List has amassed more than 200 sources of hacked information that it constantly scours for updates. And it’s also created an upload portal so that volunteers (or the hackers who have themselves stolen user data) can upload stolen information or point the company toward public posts of hacked material. “Maybe you stumbled upon some hacker booty or have a little trophy of your own?,” the site reads. “There are many secure ways to share your data with us, without exposing your identity.”

With attacks the hacktivist movement Anonymous, its splinter groups and other hacker factions on the rise over the last year, companies may be eager for Pwned List’s type of breach alert system. A look at the the site’s Twitter feed, which seems to have gone silent at the end of last year, shows that the information it pulled into its database includes the fallout from major breaches like Anonymous’s hack of the private intelligence firm Stratfor hack, a breach that spilled 860,000 subscribers’ information onto the Web. But it also includes dozens of lesser-known hacks by individuals with handles like Pirax and ThEhAcKeR12.

PwnedList isn’t the only service that has offered to check users’ information against databases of stolen accounts. But it realized early that many users aren’t comfortable typing their email into a random box on an unknown website. So it also allows users to enter a cryptographic hash of their password–a string of characters that results from a mathematic function that can’t be reversed. Comparing those hashes instead of a username or email address itself helped to assure any paranoid users that Pwned List wasn’t a phishing site scooping up gullible users’ credentials. Over the last year about 300,000 people have used the service with about 50,000 new visitors each month.

Thomas says the just-launched startup is already near deals with a handful of corporate customers to monitor their domains. In the future, it may also offer an API that allows firms to check leaked usernames from other domains, too, a trick that would avoid security breaches resulting from victims who use the same password or other credentials across multiple sites.

“So much data theft is the casual hacker, people running exploitation tools, using these millions of stolen credentials available to anyone,” says Thomas. “We want to give people a way to get ahead of the curve, to alert them weeks or months before they can be hit personally.”

Direct Link: http://www.forbes.com/sites/andygreenberg/2012/03/19/with-12-million-hacked-accounts-data-pwned-list-launches-as-a-breach-monitoring-service/

What Kind of Germ Creates a Computer Virus?

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Social Media, Technology & Digital Security No Responses »

Dec 132011

What Kind of Germ Creates a Computer Virus?
TIME Magazine / U.S.
By Jessica Reaves
Tuesday, June 20, 2000

I am tired of these viruses.

Every morning, I come into work, relatively chipper and ready to face the day. Problem is, more mornings than not, I’m met with the dispiriting news that a new high-tech bug is stalking my computer. By 10:30 or so, I’ve reached a state of low-grade panic; I have a third cup of coffee and imagine the virus circling my e-mail in-box like a vulture hunting for injured prey. And I know I’m in for it, because let’s face facts: In the grand scheme of the Internet world, I’m roughly the equivalent of a field mouse who’s had both its knees kicked in.

It’s taken me a long time to admit this, but here goes: I know close to nothing about computers, and my ignorance renders me virtually defenseless against the machinations of a bunch of 15-year-old kids with pocket protectors.

I know, I know. That’s an ugly stereotype of hackers. I’m sure that some of them are at least 18. But even that doesn’t really make me feel any better. And now, after enduring the onslaught of “Melissa,” the “Love Bug” and now “Stages,” I’ve just about had it. I want some answers. Who are these people and why are they so bent on destroying my hard drive and depriving me of precious e-mail?

Let’s take those questions one at a time. I’ll provide my deeply uninformed responses first, and then we’ll turn things over to the experts.

Who are these people?

Most hackers are obscenely young computer geniuses whose IQs probably trump mine by roughly 30 points. Most of these people are not what you would call social butterflies. They hack alone.

Dr. Charles Kreitzberg, CEO of Cognetics Corporation, a software company in Princeton Junction, N.J.:

“Most hackers are creative and intelligent, but they’re not necessarily people who fit comfortably into mainstream culture; they’re a counterculture group that likes to operate with relatively few face-to-face interactions.”

Why do they do it?

That’s a question doomed to yield little more than informed guesses. My feeling is that viruses are the 21st-century equivalent of the pig’s-blood scene in “Carrie.” In other words, we’re dealing with a bunch of people who didn’t have a great time in high school, and whose deepest desires fluctuate daily between wanting to be Bill Gates and wanting to destroy the entire Microsoft mainframe.

Haverford College professor Douglas Davis, who specializes in personality psychology and how people are affected by computer systems:

“In psychoanalytic terms, these hackers have a fantasy about what’s going to happen. They probably imagine their victims thinking they’re going to have a pleasurable experience (like opening a love letter or reading a joke) and it turns into something really rotten. It’s kind of like leaving an unpleasant package in someone’s mailbox and watching them open it. Hacking is, of course, a huge power trip for a young kid who gets to inflict this kind of inconvenience or actual discomfort on a whole lot of grown-ups, including the heads of the same corporations many of these kids might like to see humiliated.”

Dr. Kreitzberg:

“Obviously, there’s a wide spectrum of hackers, and most are not evil people trying to create havoc. If you look at most viruses, they don’t create terrible destruction. It’s much more like Zorro leaving his Z — these people want to let you know they were there, and that they were successful. Having said that, there is a lot of spurious philosophy evident in their content that’s reminiscent of the 1960s. Back then, the counterculture believed that the military industrial complex was evil, and there was a movement to eat away at it from the outside. Today, hackers look at big business as evil, and when they manage to slow or even stop those corporations, they see themselves as revolutionaries, like David felling Goliath.”

Yeah, well, I’m certainly pleased these hackers get to flex their biblical knowledge and hit one home for the little people and everything. But here’s a word of advice for any hackers who want to become just a tad more user-friendly: Next time you feel like hacking something, guys, stick to the real Goliaths and for Pete’s sake, stay the heck out of my tiny little cubicle.

Direct Link: http://www.time.com/time/magazine/article/0,9171,47866,00.html#ixzz1gSxs0sO5

DARPA gets serious with Internet security

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security No Responses »

Nov 182011

DARPA gets serious with Internet security
By Michael Cooney
November 8, 2011

Network World – WASHINGTON — The Defense Advanced Research Projects Agency (DARPA) had a big hand in creating the Internet and now its wants to get serious about protecting it.

At its Colloquium on Future Directions in Cyber Security this week, DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts. Its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to increase its top-line budget investment in cyber research from 8% to 12%.

“DARPA’s role in the creation of the Internet means we were party to the intense opportunities it created and share in the intense responsibility of protecting it. Our responsibility is to acknowledge and prepare to protect the Nation in this new environment,” said Dugan. “We need more and better options. We will not prevail by throwing bodies or buildings at the challenges of cyberspace. Our assessment argues that we are capability limited, both offensively and defensively. We need to fix that.”

The agency has been intently studying the cyber community to come up with what it calls the DARPA Cyber Analytic Framework which, among other things, found that over the past 20 years the effort and cost of information security software has grown exponentially — from software packages with thousands of lines of code to packages with nearly 10 million lines of code. By contrast, over that same period, and across roughly 9,000 examples of viruses, worms, exploits and bots, the analysis revealed a nearly constant average of 125 lines of code for malware.

Dugan said the current U.S. approach to cybersecurity that layers security on top of a standard architecture is not working. “These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat,” she said.

So what to do? Well there are a number of efforts within DARPA that will move the cybersecurity effort forward. DARPA has built an expert cybersecurity team composed of people from the “white hat” hacker community, academia, labs and nonprofits, and major commercial companies, in addition to the defense and intelligence communities.

It has also enlisted the help of security experts such as the inventor of L0phtCrack, a Microsoft password auditing tool, and ex-BBN scientist Peiter “Mudge” Zatko, who now runs a DARPA program called Cyber Fast Track, which brings what he calls unique security technologies into the military realm.

“Having some of the best minds developing unique technologies and paying for what they do best is a key driver for Cyber Fast Track,” Zatko told the Colloquium audience. “Within the first two months of the program we have received 30 submissions, we have funded eight of them and handled the negotiations for those within seven days — four day has been the median. So we can now get prototypes delivered within months rather than years.”

Other security experts enlisted include Dan Roelker, whose background includes a stint at Raytheon where he started the DC Black Ops security unit. He also helped start Sourcefire, the intrusion detection company, and was a lead Snort developer. For DARPA he is now developing what he calls offensive security software.

“The current hacker vs. hacker mentality doesn’t work very well and it doesn’t scale,” Roelker said. One of the main areas his research is looking at is automation, where DARPA can develop technology that lets a single operator handle multiple security missions.

Still others, such as Tim Fraser, who came from Microsoft’s anti-malware group, are looking at ways to exploit and reuse code from current malware strings. The idea, Fraser said, is to extract malware features, study their evolution of malware and come up with an automated way to compare malware components and rapidly figure what’s old and what’s new. That method would conserve analysts’ time, reduce costs and let analysts concentrate on the new component of a threat, he stated.

Direct Link: http://www.computerworld.com/s/article/9221643/DARPA_gets_serious_with_Internet_security?taxonomyId=82&pageNumber=1

Facebook easily infiltrated by data-harvesting bots, researchers find & Researchers build network of social bots to test how many Facebook users befriend them

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security No Responses »

Nov 182011

Facebook easily infiltrated by data-harvesting bots, researchers find
Researchers build network of social bots to test how many Facebook users befriend them
By Lucian Constantin
November 2, 2011

IDG News Service – Facebook’s fake account detection mechanisms can be defeated 80% of the time with the help of automated tools, researchers from the University of British Columbia (UBC) have found after an eight-week test.

The research team, composed of Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu, created a network of 102 bots designed to mimic humans on social networks, and released them on Facebook with the intent of befriending as many users as possible and collecting private information.

“Creating a user account on an OSN [online social network] involves three tasks: providing an active email address, creating a user profile, and sometimes solving a CAPTCHA. [...] We argue that an adversary can fully automate the account creation process,” the researchers wrote in a research paper which they plan to present at the 27th Annual Computer Security Applications Conference next month.

This is not a new type of attack: malware threats like Koobface have long used automatically created accounts to spam malicious links. This pushed Facebook to develop specialized detection mechanisms over the years.

Unfortunately, these defense systems are not effective enough, according to UBC researchers. The social bots they unleashed onto Facebook targeted 5,053 randomly selected users to whom they sent friend requests.

The rate at which the targeted individuals accepted these requests was 20% on average, with bots using female profiles having better success. However, the rate tripled when the bots started targeting friends of those who had accepted requests.

After befriending new users, the automated programs scraped their profiles, news feeds and wall posts for personal information. The collected data included things like gender, birth date, place of employment, names of attended schools, home city, current city, mail address, email address, phone number, IM account IDs and marital status.

The researchers stopped their test when the Internet traffic it generated became too heavy. The social bot network sent 3GB of data and received approximately 250GB over the course of eight weeks.

During this time, Facebook’s real-time protection system only blocked 20 of the 100 fake profiles. However, on closer investigation, it was determined that those profiles were actually flagged as spam by other users.

“Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users’ privacy settings, a successful infiltration can result in privacy breaches where even more users’ data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs,” the researchers said.

Malware experts acknowledge Facebook’s efforts to block automated account creation attempts on its social network. According to antivirus vendor BitDefender, the number of threats that use such techniques has decreased considerably during the past two years.

“This shift is mostly due to the fact that Facebook is continually working on improving the network’s security, but, no matter the effort, cybercrooks still find ways to sneak in,” Bogdan Botezatu, a spokesman for the company, said.

However, there is still a significant amount of malware that abuses already compromised accounts in order to spread on the social network. “There are numerous variants of different botnets that attempt to login to Facebook in order to spread adware or unwanted software,” Adam Thomas, a threat researcher at GFI Software said.

In order to protect both their private information and their computers, social networking users should avoid accepting friend requests from unknown individuals and always be wary of links sent to them, even when the people who sent them are friends.

Direct Link: http://www.computerworld.com/s/article/9221405/Facebook_easily_infiltrated_by_data_harvesting_bots_researchers_find?taxonomyId=82

Facebook porn storm used same tactics as May’s Bin Laden spam & IE8, IE9, Opera and Safari vulnerable to ‘self-XSS’ attacks

Nov 172011

Facebook porn storm used same tactics as May’s Bin Laden spam
IE8, IE9, Opera and Safari vulnerable to ‘self-XSS’ attacks
By Gregg Keizer
November 16, 2011

Computerworld – The attacks against Facebook that planted pornography on users’ news feeds relied on the same trickery as a campaign last spring that touted the death of Osama Bin Laden, a security researcher said today.

On Tuesday, Facebook confirmed what it called “a coordinated spam attack” that resulted in sexually explicit images, as well as photos of animal abuse, spreading on member’s pages.

Facebook identified the hacker tactic used to hijack pages and bombard friends with the photos as an exploit of what it called a “self-XSS browser vulnerability.”

That label — self-XSS — has been used by other researchers, including those at Commtouch, to describe a ploy where spam messages tell recipients to copy and paste JavaScript into their browser’s address bar. The script, however, is in fact malicious and exploits a bug in the browser.

[Editor's note: Yesterday, Computerworld mistakenly identified self-XSS as a form of "clickjacking."]

To dupe users into doing their dirty work — copying and pasting malicious JavaScript — criminals have used a range of bait, including “exclusive” video and the giveaway of free Starbucks cards.

Last May, for instance, a Facebook spam campaign set the trap with the promise of a video supposedly showing the death of Al-Qaeda terrorist Osama Bin Laden at the hands of U.S. commandos.

In that campaign, Facebook recipients were directed to copy and paste JavaScript into their browser’s address bar.

More than a year before the Bin Laden scam, a similar self-XSS attack circulated on Facebook that told recipients they could acquire a $25 Starbucks card for free.

Facebook did not specify which browsers were vulnerable to the recent attacks. But Chet Wisniewski, a Sophos security researcher, said his testing showed Google’s Chrome and Mozilla’s Firefox 6 and later were immune because they don’t allow pasted JavaScript to execute from the address bar.

“[But] I was able to get Internet Explorer 9 to execute JavaScript in the address bar,” Wisniewski said in an email reply to questions today.

Computerworld found that Microsoft’s IE8, Opera Software’s Opera 11.5 and Apple’s Safari 5.1 also executed test JavaScript pasted into the address bar.

IE8 and IE9 collectively account for about 39% of all browsers now in use.

Because Sophos has not seen a sample of the actual spam message, Wisniewski was unable to comment further on its makeup, or what kind of pitch the scammers used to convince people to paste malicious JavaScript into their browser.

But he did take Facebook to task. “Facebook supposedly put in self-XSS protection last spring, so it would appear to have failed,” Wisniewski said.

Wisniewski was right: Just days after the Bin Laden spam hit Facebook, the company posted a document outlining additional steps it had taken to protect users. One of those steps was directed at self-XSS attacks.

“Now, when our systems detect that someone has pasted malicious code into the address bar, we will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea,” said Facebook. “[And] we are also working with the major browser companies to fix the underlying issue that allows spammers to do this.”

Zscaler, an enterprise-oriented security firm, published more information about self-XSS, which it called “self-inflicted JavaScript injection,” in a blog post today.

In the post, Zscaler included a benign JavaScript snippet — javascript:alert(‘test’); — that users could copy and paste into their browser’s address bar to determine if it was vulnerable to self-XSS attacks.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld.

Direct Link: http://www.computerworld.com/s/article/9221900/Facebook_porn_storm_used_same_tactics_as_May_s_Bin_Laden_spam?taxonomyId=82

“FREE” Programs to Protect Your Privacy: Ghostery (We Tested & Reviewed it!)

Articles of Interest, G.E. Investigations Articles, Technology & Digital Security No Responses »

Nov 162011

Programs to Protect Your Privacy: Ghostery
Written By: Thomas Eleftheriou of G.E. Investigations, LLC

Almost all of us hear about internet companies that steal our information, and then use it for their own nefarious purposes. After they get caught, some of them release a public apology, some come up with excuses, and some just tell you “too bad”. All of that only happens after it’s too late, and you have been exploited.

So what if you had a way of monitoring and controlling the flow of your information? Well the answer is, you can. There are several programs, applets, and extensions for you operating system and/or internet browser, that will do just that.

This author will cover a specific one in this article, called Ghostery. Ghostery, is a free and clever little add-on for various web browsers and is even available for iOS (iPad, iPhone, and iPod Touch).

Ghostery monitors the different hidden “bugs” in the websites you visit, and can even stop the “bugs” from gathering information. It is also a great way to prevent malware, spyware, and adware from getting onto your system.

Ghostery scans the images, plug-ins, script, and other parts of the websites you visit, then finds and blocks the “bugs”.

Ghostery also shows you what it has found, so that you can see the name of the “bug”, and learn more about it and the companies that spread it.

Ghostery, like the website says, allows you to “detect”, “learn”, and be in “control” where your information is going. So if you want to protect you information, give Ghostery a try.

You can download any of its various versions from their site.

Direct Link: www.ghostery.com

Price: Free
Type: Internet Browser Add-On

Facebook ‘Robots’ Fool Users, Steal Private Data

Articles of Interest, Investigative, Social Media, Technology & Digital Security Comments Off

Nov 032011

Facebook ‘Robots’ Fool Users, Steal Private Data
Nov 2, 2011
By Matt Liebowitz, SecurityNewsDaily Staff Writer

Facebook, social bot

UPDATE: This story has been updated with a response from Facebook.

You’ve undoubtedly received Facebook friend requests from people you don’t know or don’t recognize, and if you chose to ignore them, it turns out you may have unknowingly prevented an automated bot posing as a real person from stealing loads of your personal data.

Using an army of “socialbots,” computer scripts designed to pass themselves off as real people on social networks, researchers from the University of British Columbia were able to successfully harvest private data, including phone numbers, email and home addresses and birth dates from thousands of strangers on Facebook by infiltrating their friend networks in a proof-of-concept exploit.

Sending friend requests from a social bot — each of the 102 bots was connected to a botmaster and each included a name, picture and a status update generated by iheartquotes.com — the research team stole 250 gigabytes worth of personal data in an eight-week span, the group wrote in its paper, “The Socialbot Network: When Bots Socialize for Fame and Money.”

“Most OSN (online social network) users are not careful enough when accepting connection requests sent by strangers, especially when they have mutual connections,” the team wrote. “This behavior can be exploited to achieve a large-scale infiltration with a success rate of up to 80 percent.”

To back up this assertion, the researchers explained that their 102-”person”-strong socialbot network sent out 8,750 friend requests, made Facebook friends with 3,055 people, and developed an extended network of 1,085,785 profiles, all within the two month span.

The Facebook Immune System, designed to flag fake profiles, only succeeded in blocking about 20 percent of the socialbots.

Along with providing concrete evidence that Facebook users can be easily tricked into befriending a potentially harmful piece of code made to look like a human, the researchers pointed out the skimmed data can lead to some serious problems.

“As socialbots infiltrate a targeted OSN, they can further harvest private users’ data such as email addresses, phone numbers, and other personal data that may have monetary value. To an adversary, such data are valuable and can be used for online profiling and large-scale email spam and phishing campaigns.”

The power to pass a computer off as a real person could also have devastating impacts if the socialbot operator has a political agenda. The paper mentioned the recent Arab Spring, and the effect both Twitter and Facebook had in giving a voice to oppressed citizens and providing a platform for organizing demonstrations.

Infiltrating a network on Facebook or Twitter could grant a socialbot the ability “to spread misinformation and propaganda in order to bias the public opinion,” the researchers said.

UPDATE: In an email to SecurityNewsDaily, Facebook made clear it employs technologies to combat socialbots like the ones the researchers deployed.

“We use a combination of three systems here to combat attacks like this – friend request and fake account classifiers, rate-limiting techniques and anti-scraping technology,” a Facebook spokesperson told SecurityNewsDaily. “These classifiers block and disable inauthentic friend requests and fake accounts while rate-limiting truncates the damage that can be done by any one entity.”

“We are constantly updating these systems to improve their effectiveness and address new kinds of attacks. We use credible research as part of that process,” Facebook added. “We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them. In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behavior they observe on the site.”

Direct Link: http://www.securitynewsdaily.com/facebook-robots-steal-data-1301/

“FREE” Programs to Protect Your Privacy: Ghostery (We Tested & Reviewed it!)

Back to Home

Categories

Follow Us

Archives

Which Web Browser Is the Most Secure?

With 12 Million Hacked Users’ Data, Pwned List Launches As A Breach Monitoring Service

Categories

Follow Us

Tags

Archives