Scholars at the University of British Columbia created 102 fake Facebook profiles to analyze security weakness of the world’s super social network. The fake profiles were socialbots or “automated software” that once introduced into Facebook could make friend requests and maintain a steady stream of updates. The droid activity is what conferred the guise of authenticity to the profiles. The academics published an interpretation of the experimental data obtained in a paper titled: “The Socialbot Network: When Bots Socialise for Fame and Money“; the credited authors are Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu.
So what did the learned folk find out about Facebook’s security? That it was quite susceptible to socialbot “infiltration.” The Canadian bots were able to friend a great number of people and gain access to users’ and the friended users’ friends’ personal intel: email addresses, phone numbers, birth dates, and even home addresses. In other words, they stated that identity theft was possible through Facebook reconnaissance missions.
In all, the researchers’ socialbot network tallied 8,570 outgoing friend requests, 3,055 friends, 46,000 email addresses, and 14,500 home addresses. Through the initial 3,055 friends made, the researchers gained access to details of 1,085,785 separate Facebook profiles.
Facebook responded to the publication stating that they had “serious concerns about the methodology of the research by the University of British Colombia,” and would be “putting these concerns to them.”
Read More:
http://nakedsecurity.sophos.com/2011/11/01/socialbot-network-harvest-data-facebook/
http://allthingsd.com/20111102/researchers-infiltrate-facebook-through-mutual-friends/