Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Communications of the ACM
Unveiling facebook: a measurement study of social network based applications
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Social networks and context-aware spam
Proceedings of the 2008 ACM conference on Computer supported cooperative work
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Eight friends are enough: social graph approximation via public listings
Proceedings of the Second ACM EuroSys Workshop on Social Network Systems
Towards Automating Social Engineering Using Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Hi-index | 0.00 |
In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as "spam") and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.