ABSTRACT
In this study we expose the serious large-scale threat of criminal account hijacking and the resulting damage incurred by users and web services. We develop a system for detecting large-scale attacks on Twitter that identifies 14 million victims of compromise. We examine these accounts to track how attacks spread within social networks and to determine how criminals ultimately realize a profit from hijacked credentials. We find that compromise is a systemic threat, with victims spanning nascent, casual, and core users. Even brief compromises correlate with 21% of victims never returning to Twitter after the service wrests control of a victim's account from criminals. Infections are dominated by social contagions---phishing and malware campaigns that spread along the social graph. These contagions mirror information diffusion and biological diseases, growing in virulence with the number of neighboring infections. Based on the severity of our findings, we argue that early outbreak detection that stems the spread of compromise in 24 hours can spare 70% of victims.
- Eytan Bakshy, Brian Karrer, and Lada A Adamic. Social influence and the difiusion of user-created content. In Proceedings of the 10th ACM conference on Electronic commerce, 2009. Google ScholarDigital Library
- Eytan Bakshy, Itamar Rosenn, Cameron Marlow, and Lada Adamic. The role of social networks in information difiusion. In Proceedings of the 21st international conference on World Wide Web, 2012. Google ScholarDigital Library
- Andrei Z Broder. On the resemblance and containment of documents. In Compression and Complexity of Sequences 1997. Proceedings, 1997. Google ScholarDigital Library
- Chris Brook. Github resets users' passwords following brute force attack. http://threatpost.com/github-resets-users-passwords-following-brute-force-attack/102983 , 2013.Google Scholar
- M. Cha, H. Haddadi, F. Benevenuto, and K.P. Gummadi. Measuring User Influence in Twitter: The Million Follower Fallacy. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.Google Scholar
- Nicholas A Christakis and James H Fowler. The spread of obesity in a large social network over 32 years. New England Journal of Medicine, 2007.Google ScholarCross Ref
- Dan Cosley, Daniel P Huttenlocher, Jon M Kleinberg, Xiangyang Lan, and Siddharth Suri. Sequential influence models in social networks. In Proceedings of the International Conference of Weblogs and Social Media, 2010.Google Scholar
- Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. The tangled web of password reuse. In Symposium on Network and Distributed System Security (NDSS), 2014.Google ScholarCross Ref
- Munmun De Choudhury, Yu-Ru Lin, Hari Sundaram, K Selcuk Candan, Lexing Xie, and Aisling Kelliher. How does the data sampling strategy impact the discovery of information difiusion in social media? In Proceedings of the International Conference of Weblogs and Social Media, 2010.Google Scholar
- Manuel Egele, Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. COMPA: Detecting Compromised Accounts on Social Networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2013.Google Scholar
- Facebook. Guidelines for advertised products & services. https://www.facebook.com/help/399392800124391/ , 2014.Google Scholar
- Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia, and Alok Choudhary. Towards online spam filtering in social networks. In Symposium on Network and Distributed System Security (NDSS), 2012.Google Scholar
- Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen, and Ben Y Zhao. Detecting and characterizing social spam campaigns. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, 2010. Google ScholarDigital Library
- Sharad Goel, Duncan J Watts, and Daniel G Goldstein. The structure of online difiusion networks. In Proceedings of the 13th ACM Conference on Electronic Commerce, 2012. Google ScholarDigital Library
- C. Grier, L. Ballard, J. Caballero, N. Chachra, C.J. Dietrich, K. Levchenko, P. Mavrommatis, D. McCoy, A. Nappa, A. Pitsillidis, et al. Manufacturing compromise: The emergence of exploit-as-a-service. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2012. Google ScholarDigital Library
- C. Grier, K. Thomas, V. Paxson, and M. Zhang. @spam: The Underground on 140 Characters or Less. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2010. Google ScholarDigital Library
- Brian Krebs. Adobe breach impacted at least 38 million users. http://krebsonsecurity.com/ 2013/10/adobe-breach-impacted-at-least-38-million-users/ , 2013.Google Scholar
- Jure Leskovec, Jon Kleinberg, and Christos Faloutsos. Graphs over time: densification laws, shrinking diameters and possible explanations. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, 2005. Google ScholarDigital Library
- Miller McPherson, Lynn Smith-Lovin, and James M Cook. Birds of a feather: Homophily in social networks. Annual review of sociology, 2001.Google Scholar
- Fred Morstatter, Jurgen Pfeffer, Huan Liu, and Kathleen M Carley. Is the Sample Good Enough? Comparing Data from Twitter's Streaming API with Twitter's Firehose. In Proceedings of the International Conference of Weblogs and Social Media, 2013.Google Scholar
- Mark EJ Newman. Spread of epidemic disease on networks. Physical review E, 2002.Google Scholar
- Nicole Perlroth. Lax Security at LinkedIn Is Laid Bare. http://nyti.ms/1fRQIl4 , 2012.Google Scholar
- Daniel M Romero, Brendan Meeder, and Jon Kleinberg. Differences in the mechanics of information difiusion across topics: Idioms, political hashtags, and complex contagion on Twitter. In Proceedings of the 20th international conference on World wide web, 2011. Google ScholarDigital Library
- Stuart Staniford, Vern Paxson, and Nicholas Weaver. How to Own the Internet in Your Spare Time. In USENIX Security Symposium, 2002. Google ScholarDigital Library
- Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, and Ben Y Zhao. Follow the Green: Growth and Dynamics in Twitter Follower Markets. In Proceedings of the 2013 conference on Internet measurement conference, 2013. Google ScholarDigital Library
- Fred Tanneau. Twitter hacked! 250,000 user accounts breached. http://www.cnbc.com/id/100343530 , 2013.Google Scholar
- Ke Tao, Fabian Abel, Claudia Hauff, Geert-Jan Houben, and Ujwal Gadiraju. Groundhog day: Near-duplicate detection on Twitter. In Proceedings of the 22nd international conference on World Wide Web, 2013. Google ScholarDigital Library
- K. Thomas, C. Grier, V. Paxson, and D. Song. Suspended Accounts In Retrospect: An Analysis of Twitter Spam. In Proceedings of the Internet Measurement Conference, November 2011. Google ScholarDigital Library
- Kurt Thomas and David M. Nicol. The Koobface botnet and the rise of social malware. In Proceedings of The 5th International Conference on Malicious and Unwanted Software (Malware 2010), 2010.Google ScholarCross Ref
- C. Yang, R. Harkreader, J. Zhang, S. Shin, and G. Gu. Analyzing Spammers' Social Networks for Fun and Profit: a Case Study of Cyber Criminal Ecosystem on Twitter. In Proceedings of the 21st International Conference on World Wide Web, 2012. Google ScholarDigital Library
- Alison Young. FTC takes action against deceptive weight-loss products. http://www.usatoday.com/story/news/nation/ 2014/01/07/ftc-charges-deceptive-weight-loss-products/4354669/ , 2014.Google Scholar
Index Terms
- Consequences of Connectivity: Characterizing Account Hijacking on Twitter
Recommendations
"My religious aunt asked why i was trying to sell her viagra": experiences with account hijacking
CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsWith so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited ...
Modeling Malicious Behaviors and Fake News Dissemination on Social Networks
Responsible AI and Analytics for an Ethical and Inclusive Digitized SocietyAbstractAs social media has become widely used, fake news has become a serious problem. A representative countermeasure is fake news detection. However, this countermeasure is not sufficient because people using social media tend to ignore facts that ...
The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks
IMC '15: Proceedings of the 2015 Internet Measurement ConferencePeople have long been aware of malicious users that impersonate celebrities or launch identity theft attacks in social networks. However, beyond anecdotal evidence, there have been no in-depth studies of impersonation attacks in today's social networks. ...
Comments