Abusing Phone Numbers and Cross-Application Features for Crafting Targeted Attacks

With the convergence of Internet and telephony, new applications (e.g., WhatsApp) have emerged as an important means of communication for billions of users. These applications are becoming an attractive medium for attackers to deliver spam and carry out more targeted attacks. Since such applications rely on phone numbers, we explore the feasibility, automation, and scalability of phishing attacks that can be carried out by abusing a phone number. We demonstrate a novel system that takes a potential victim's phone number as an input, leverages information from applications like Truecaller and Facebook about the victim and his / her social network, checks the presence of phone number's owner (victim) on the attack channels (over-the-top or OTT messaging applications, voice, e-mail, or SMS), and finally targets the victim on the chosen channel. As a proof of concept, we enumerate through a random pool of 1.16 million phone numbers. By using information provided by popular applications, we show that social and spear phishing attacks can be launched against 51,409 and 180,000 users respectively. Furthermore, voice phishing or vishing attacks can be launched against 722,696 users. We also found 91,487 highly attractive targets who can be attacked by crafting whaling attacks. We show the effectiveness of one of these attacks, phishing, by conducting an online roleplay user study. We found that social (69.2%) and spear (54.3%) phishing attacks are more successful than non-targeted phishing attacks (35.5%) on OTT messaging applications. Although similar results were found for other mediums like e-mail, we demonstrate that due to the significantly increased user engagement via new communication applications and the ease with which phone numbers allow collection of information necessary for these attacks, there is a clear need for better protection of OTT messaging applications.Comment: Submitted to AsiaCCS 201

Systems Applications of Social Networks

The aim of this article is to provide an understanding of social networks as a useful addition to the standard tool-box of techniques used by system designers. To this end, we give examples of how data about social links have been collected and used in di erent application contexts. We develop a broad taxonomy-based overview of common properties of social networks, review how they might be used in di erent applications, and point out potential pitfalls where appropriate. We propose a framework, distinguishing between two main types of social network-based user selection-personalised user selection which identi es target users who may be relevant for a given source node, using the social network around the source as a context, and generic user selection or group delimitation, which lters for a set of users who satisfy a set of application requirements based on their social properties. Using this framework, we survey applications of social networks in three typical kinds of application scenarios: recommender systems, content-sharing systems (e.g., P2P or video streaming), and systems which defend against users who abuse the system (e.g., spam or sybil attacks). In each case, we discuss potential directions for future research that involve using social network properties.Comment: Will appear in ACM computing Survey

Mutual Clustering Coefficient-based Suspicious-link Detection approach for Online Social Networks

Online social networks (OSNs) are trendy and rapid information propagation medium on the web where millions of new connections either positive such as acquaintance or negative such as animosity, are being established every day around the world. The negative links (or sometimes we can say harmful connections) are mostly established by fake profiles as they are being created by minds with ill aims. Detecting negative (or suspicious) links within online users can better aid in mitigation of fake profiles from OSNs. A modified clustering coefficient formula, named as Mutual Clustering Coefficient represented by M_cc, is introduced to quantitatively measure the connectivity between the mutual friends of two connected users in a group. In this paper, we present a classification system based on mutual clustering coefficient and profile information of users to detect the suspicious links within the user communities. Profile information helps us to find the similarity between users. Different similarity measures have been employed to calculate the profile similarity between a connected user pair. Experimental results demonstrate that four basic and easily available features such as work(w),education(e),home_town(ht)and current_city(cc) along with M_CC play a vital role in designing a successful classification system for the detection of suspicious links

Some Recommended Protection Technologies for Cyber Crime Based on Social Engineering Techniques -- Phishing

Phishing (password + fishing) is a form of cyber crime based on social engineering and site spoofing techniques. The name of 'phishing' is a conscious misspelling of the word 'fishing' and involves stealing confidential data from a user's computer and subsequently using the data to steal the user's money. In this paper, we study, discuss and propose the phishing attack stages and types, technologies for detection of phishing web pages, and conclude our paper with some important recommendations for preventing phishing for both consumer and company.Comment: 5 pages; Journal of Communication and Computer, USA, Vol. 8, No. 7, (2011

SODEXO: A System Framework for Deployment and Exploitation of Deceptive Honeybots in Social Networks

As social networking sites such as Facebook and Twitter are becoming increasingly popular, a growing number of malicious attacks, such as phishing and malware, are exploiting them. Among these attacks, social botnets have sophisticated infrastructure that leverages compromised users accounts, known as bots, to automate the creation of new social networking accounts for spamming and malware propagation. Traditional defense mechanisms are often passive and reactive to non-zero-day attacks. In this paper, we adopt a proactive approach for enhancing security in social networks by infiltrating botnets with honeybots. We propose an integrated system named SODEXO which can be interfaced with social networking sites for creating deceptive honeybots and leveraging them for gaining information from botnets. We establish a Stackelberg game framework to capture strategic interactions between honeybots and botnets, and use quantitative methods to understand the tradeoffs of honeybots for their deployment and exploitation in social networks. We design a protection and alert system that integrates both microscopic and macroscopic models of honeybots and optimally determines the security strategies for honeybots. We corroborate the proposed mechanism with extensive simulations and comparisons with passive defenses

Personal Information Privacy Settings of Online Social Networks and their Suitability for Mobile Internet Devices

Protecting personal information privacy has become a controversial issue among online social network providers and users. Most social network providers have developed several techniques to decrease threats and risks to the users privacy. These risks include the misuse of personal information which may lead to illegal acts such as identity theft. This study aims to measure the awareness of users on protecting their personal information privacy, as well as the suitability of the privacy systems which they use to modify privacy settings. Survey results show high percentage of the use of smart phones for web services but the current privacy settings for online social networks need to be improved to support different type of mobile phones screens. Because most users use their mobile phones for Internet services, privacy settings that are compatible with mobile phones need to be developed. The method of selecting privacy settings should also be simplified to provide users with a clear picture of the data that will be shared with others. Results of this study can be used to develop a new privacy system which will help users control their personal information easily from different devices, including mobile Internet devices and computers

A cooperate-defect model for the spread of deviant behavior in social networks

We present a game-theoretic model for the spread of deviant behavior in online social networks. We utilize a two-strategy framework wherein each player's behavior is classified as normal or deviant and evolves according to the cooperate-defect payoff scheme of the classic prisoner's dilemma game. We demonstrate convergence of individual behavior over time to a final strategy vector and indicate counterexamples to this convergence outside the context of prisoner's dilemma. Theoretical results are validated on a real-world dataset collected from a popular online forum.Comment: 9 pages, 6 figures, corrects an oversight in Version 1 in which equilibrium point analysis is insufficiently qualifie

Machine Learning for E-mail Spam Filtering: Review,Techniques and Trends

We present a comprehensive review of the most effective content-based e-mail spam filtering techniques. We focus primarily on Machine Learning-based spam filters and their variants, and report on a broad review ranging from surveying the relevant ideas, efforts, effectiveness, and the current progress. The initial exposition of the background examines the basics of e-mail spam filtering, the evolving nature of spam, spammers playing cat-and-mouse with e-mail service providers (ESPs), and the Machine Learning front in fighting spam. We conclude by measuring the impact of Machine Learning-based filters and explore the promising offshoots of latest developments.Comment: Journal. 27 Page

IP Traceback for Flooding attacks on Internet Threat Monitors (ITM) Using Honeypots

The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.Comment: International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.1, January 2012. arXiv admin note: substantial text overlap with arXiv:1201.248

Fast Spammer Detection Using Structural Rank

Comments for a product or a news article are rapidly growing and became a medium of measuring quality products or services. Consequently, spammers have been emerged in this area to bias them toward their favor. In this paper, we propose an efficient spammer detection method using structural rank of author specific term-document matrices. The use of structural rank was found effective and far faster than similar methods.Comment: 8 pages, 1 figur