Facebook Immune System No Match Against SocialBots?

How many times have you accepted a friend request just because it’s from a friend of a friend? Do you take time on figuring out whether you really know that person? These questions are somewhat pretty insignificant but based on what I have found out on recent study, it is in fact very important. Who you befriended on Facebook is an important matter to carefully consider, if you value your privacy and personal data.

The University of British Columbia in Canada and its researchers conducted an experiment on cyber-security of OSN (Online Social Network) starting with the largest social network, which is Facebook. Should we worry if we get Facebook likes in Canada? Not to worry, this was just a test and was claimed to have minimal risk since they were deleted right after the data analysis.

Here’s the lowdown on how the test was done.

The group of researchers evaluated the vulnerability of Facebook Immune System by creating a large-scale infiltration, releasing 102 socialbots in an eight-week period. These socialbots are computer programs that mimic real Facebook users. The socialbots collects users’ personal data by connecting to a large number of Facebook users via friend’s request.

Results revealed three scary facts:

  1. Facebook can be infiltrated with 80% success rate.
  2. Successful infiltration can result to privacy breaches and more of users’ data are exposed for stealing.
  3. Facebook Immune System or its security defenses are no match against a full scale massive socialbot infiltration.

How was it possible for socialbots to gather personal data through a mere friend’s request?

  1. “Friends of friends” friend requests created an extended neighborhood for socialbots to work on. Due to the concept of common friends, people automatically trust and accept friend’s request whether they know that individual or not.
  2. Some facebook users are careless and jump on the chance of adding friends. Once socialbots befriended these types of users it becomes easier for them to send friend requests and appear as a common friend.
  3. The fake profiles of these socialbots appear as attractive facebook users that brought a higher rate of acceptance when sending friend requests.
  4. The eight-week test gathered around 175 pieces of data from personal profiles per day and gathered a total of 250 gigabytes of data at the end.
  5. Facebook Immunity System was able to block only 20 percent of the socialbots “fake accounts”.

What does Facebook has to say about it?

“We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks,”

“We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be [sic, addressing] these concerns to them.”

“In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site.”

The Facebook spokesperson further said that the test was unrealistic because the IP addresses the researchers used came from a trusted university source, whereas the IP used by real-life criminals would definitely raise a security alarm on Facebook. Also Facebook claimed that the test was unethical and overstated.

What do you think? Does Facebook have strong defenses to prevent real-life attacks?