Kaspersky Academy: Identity Clone Attacks

One of the many problems inherent in social networks such as Twitter, Facebook and LinkedIn is the issue of authentication. People want to connect with their friends and colleagues, but

hassan takbi

One of the many problems inherent in social networks such as Twitter, Facebook and LinkedIn is the issue of authentication. People want to connect with their friends and colleagues, but how can they be sure that the friend request they’re accepting is actually from someone they know?

Right now, there is no foolproof way to do this, aside from perhaps calling every person who sends you a request or tweet and vetting their identity manually. That’s clunky, not to mention somewhat rude. Some of the social networks, notably Facebook, have been trying out so-called social authentication methods, but those have proven easy to fool, as well.

The good news is, there are better ideas on the horizon. One novel approach is an automated system for identifying fake profiles on social networks. Hassan Takabi, a Ph.D student at the University of Pittsburgh, presented his method for weeding out bogus profiles on Friday afternoon at the Kaspersky Lab Cyber Security for the Next Generation conference at NYU-Poly, and the system shows real promise.

“Right now, there is no active defense for identity clone attacks,” Takabi said.

Takabi’s approach is based on looking at a number of common attributes in social network profiles, such as birthdate, educational background, etc., and makes a calculation of the likelihood that the profile is a fake. The calculation may take into account some weighted attributes, depending upon the case.

To test the effectiveness of his system, Takabi took an offline data set of 64,000 Facebook profiles and ran them through his calculations. The system identified nearly 4,000 likely fake profiles, with a low false-positive rate.

Both Twitter and Facebook have been fighting the problem of fake and cloned profiles for several years, with varying degrees of success. Twitter will suspend accounts it believes are impostors, but there are so many such accounts on the service that it’s virtually impossible to find and eliminate every one. Facebook has the same problem, and hackers have been known to employ such fake accounts to get close to a target for future attacks.

In some cases, attackers will set up fake profiles for several of a target’s friends and then befriend them himself in order to make a cloned profile look more authentic.

“Some of these things can be used for future deception of the target,” Takabi said.

Kaspersky Academy Day 2

There is no shortage of hard problems to solve in security. Unsafe Web applications, network defense, mobile device security–all of these are challenges in need of solutions. And the students

Tips