Out of 5,053 friend requests sent to users: 976 let a socialbot into their friend group [1]. You could be next.

Since the recent security breaches of user data in online services like the hacking of Yahoos E-mail, criminals have been able to steal the data of more than 500 million accounts. People are rightly so worried about whether or not their data online is safe? With such a large breach in personal user data in a well known online service and with the rising threat of online attacks and socialbots, it is time to act. We cannot let developers fall behind because they worry that user experience is more important than implementing stronger security controls. Users need to use their lobbying power to strong arm Facebook into changing their business protocols. Especially with the rapid advancement of technology, it does not need to be a trade off. We need to let Facebook know that we deeply care about our user data and a data breach is not only a problem to us but also to our friends and family. Knowing how to fix the problem is half the battle and we can achieve better data security through an intelligent system that is able to detect automated user traffic such as that of a socialbot and prompt that suspected fake user with a CAPTCHA. But instead of using the standard reCAPTCHA, the system uses an FR-CAPTCHA . An advancement on facial recognition technology that uses images of the user themselves that cannot be solved by a computer [3].

A typical reCAPTCHA found online. Source [4]

This will not only make it easier for users but will help keep ourselves, our friends and families data safe as social media has become an integral part of our lives. It is in our own best interest to make our voices heard to Facebook and make sure that we are able to lobby them to enact stricter security standards that will benefit everybody.

 

How does a socialbot work?   

A socialbot is an advancement built on botnets, a network that is compromised out of multiple computers that combines their processing power into one, that are used to preform Distributed Denial of Service attacks world-wide. These are attacks that send large amounts of traffic to a website; Eventually it cannot handle all of them and therefore has to shut down the website. Socialbots use a central server to receive and execute commands, being sent from the botmaster – a central command point. Socialbots are designed to emulate human users and allow the network to run fully automated [1]. Once a socialbot has been easily created on Facebook, it will act like any other typical Facebook user and start sending out friend requests to random recipients. Once a few of these requests are accepted by unknowing users, the socialbot is granted access to this friend group and then can start harvesting their user data [1],  as users are more likely to accept friend requests of users that they share a mutual friends friend with. From there the socialbot spreads through the friend group and tries to gain as much information as possible.

It is happening today!

It is not an idea of the future, socialbots have successfully infiltrated Facebook and have been successful in harvesting user data. Luckily, it was only a study conducted by researchers from the University of British Columbia. With only 103 socialbots they were able to get random Facebook users to accept their friend request 19.3% of the time [1]! But it gets worse:

After 6 weeks, Facebook users accepted the socialbots friend request 59.1% of the time [1] .

In total the research team sent out 5,053 friend request over the testing period of which 976 requests were accepted by users [1]. Once users accepted the socialbot into their network it tried to spread through their friend group the average acceptance rate roughly tripled. Showing that this problem is very real and cannot be ignored.

What can be done about it?

 Currently, Facebook tries to minimize the spread and impact of socialbots on its network but it has not been as good as it could be. Facebook worries that any increase in security will hinder user experience and as a result the implementation of more advanced security mechanisms. To fix this problem, there are two major improvements to its current system called Facebook Immune System (FIS). One working behind the scenes away from the eyes of the user and one that the user has to directly interact with.

First, introducing more complex algorithms that can detect data packets that have a similar response time, meaning the time it takes for a data packet to be sent from the server to the user and back,  will enable the detection of socialbots. As socialbots are controlled from one central location, multiple socialbots will have to get the same information from the same location around the same time resulting in similar response times. This will be easily traceable with the analysis and comparison of their response times, marking that user as suspicious. Once a data packet has been red flagged as suspicious the user will be prompted by a test that will ensure that they are indeed human.

This test currently has the form of a reCAPTCHA. The user is presented with an image of a hard to read word and is asked to type it into a response box. Once the correct word is entered, the system assumes that the user is human. But there is a flaw to the current system as computers have gotten extremely good at solving these tests and therefore we need different methods [1]. This can be achieved with an advancement called an FR-CAPTCHA, which instead of using words uses images that ask the user to solve a problem specifically created by their own pictures [3]. It has been scientifically proven that these are almost impossible to solve for a computer and can therefore increase security for all while being more user-friendly than current reCAPTCHAs [3].

Its on us!

 Being at the forefront of the Facebook empire, it is in the hand of the engineers to drive change but as Facebook still needs users to drive its business, we have a strong say in what they do.  Especially with the replacement for reCAPTCHAs with FR-CAPTCHAs, users like us will experience a completely redesigned and more friendly interface, eliminating the trade-offs of other security features. While users might try everything in their power to keep their data safe on Facebook, engineers create the tools that can exponentially increase the strength of the system and give the user piece of mind.

We need to make sure that our voices are heard by Facebook and ensure that our data is kept safe.

Technology will evolve and with that the exploits to steal user data; It is on us to make sure we do everything in our power to protect our user data.

*Featured Image sourced from [5].

 

Works Cited:

 

[1] Y. Boshmaf, I. Muslukhov, K. Beznosov and M. Ripeanu, “Design and analysis of a social botnet,” Computer Networks, vol. 57, no. 2013, pp. 556-578, 2012.
[2] D. Berrar, A. Konagaya and A. Schuster, “Turing Test Considered Mostly Harmless,” New Generation Computing, vol. 31, no. 4, pp. 241-263, 2013.
[3] G. Goswami, B. M. Powell, M. Vatsa, R. Singh and A. Noore, “FR-CAPTCHA: CAPTCHA based on recognizing human faces,” PloS ONE 9, vol. 9, no. 4, p. 1, 1 4 2014.
[4] Google,. https://Developers.Google.Com/Recaptcha/Old/Images/recaptcha_Sample_White.Png. 2016. Print.
[5] Jason Raish,. https://Static01.Nyt.Com/Images/2014/11/20/Fashion/20Zdisruptions/20Zdisruptions-Master1050.Jpg. 2016. Print.