Researchers know your Facebook secrets by using 'socialbots'

Internet safety is a topic that we are all commonly reminded of as we move to an increasingly digital age. Now, another reminder of how much we willingly share with those we don't know has been shown, as reported by the BBC.

Using what is known as a 'socialbot', researchers were able to acquire information that a Facebook spokesperson rebuked as being "overstated and unethhical". A socialbot is a botnet adapted for usage on social networks. The worst part of the socialbot's power is how affordable it is. Dubious websites offer the bots for sale over the internet for as little as 29USD, or 18GBP.

A socialbot differs from a normal botnet in the sense that it can pass itself off as a normal Facebook user. A regular botnet is a type of virus that can infect a user's computer, and can make use of this to send out spam or partake in digital attacks against other websites. The socialbot takes control of an existing Facebook account, and is able to perform normal activities, such as posting statuses and sending friend requests.

The research was performed by four members of the University of British Columbia, with 102 socialbots being commanded by one 'master'. The master sends commands to the other bots, which they then act upon. These commands would likely consist of seeking profiles and adding them. In the space of eight weeks, the bots sent out 8,570 friend requests and had 3,055 acceptances. The research showed a relation in the number of Facebook friends a user had, and the likelihood of the socialbot being accepted as a friend.

Remaining within Facebook's limitations for sending friend requests, the bots sent only 25 requests per day. Any more and the bots risked triggering the fraud detection and prevention system existing on Facebook. According to Facebook, the research is not reflective of how they prevent socialbots operating, as the accounts operated from 'trusted' university IP addresses. An IP address used by a real-life criminal operating socialbots would apparently raise alarm bells within the company.

Many people are now growing more aware of friend requests coming 'out of the blue', so to speak, and it reflects how people could be growing more aware of the people seeking to acquire more information, whether you intended to give them the information or not.

Report a problem with article
Previous Story

Review: Kinect Sports Season 2

Next Story

Microsoft borks up Nokia Lumia photos on WindowsPhone.com

17 Comments

Commenting is disabled on this article.

HBGary business involve using such program to collect people's information. Hackers that hacked their web site reveal all this information. It seems that HBGary's business model and practice have been given a green-light.

"The research showed a relation in the number of Facebook friends a user had, and the likelihood of the socialbot being accepted as a friend."
These kind of people deserve it; it's their own fault for accepting people they don't know.

What secrets?? lol
Why on earth would anyone put their secrets on facebook? Even if it is completely hidden and only themselves can see it

Navan said,
So the bots sent out requests, 3055 accepted... how many of the accepted were bots?

Haha! Actually that would be interesting to find out

You have to remember the most people are inherently stupid.

And only those aware of these sorts of things will secure their data accordingly.
But seriously as +Rudy said "Do People really accept Friends they don't know?"

Have to be pretty much a moron to accept a friend without getting to know them! It's like real life, there's friends ( who you see regularly or talk to regularly) then there's acquaintances, ( who are friends of friends etc)
I think the word friend takes on a whole new meaning in facebook for some.

Facebook has always been about releasing informations to everyone on the internet. The privacy option comes long after it firsts release.

Now everybody get scared when some infos are being released to the Internet, sounds like you didn't get the point of Facebook then.

And if you disagree, ask yourself if you really need a Facebook account after all

Anthonyd said,
Facebook has always been about releasing informations to everyone on the internet. The privacy option comes long after it firsts release.

Now everybody get scared when some infos are being released to the Internet, sounds like you didn't get the point of Facebook then.

And if you disagree, ask yourself if you really need a Facebook account after all

Exactly. that's why i prefer to avoid Facebook if possible as you can just tell by the way it's setup it's not the most anonymous way to be online as it basically keeps privacy to a minimum. it's just so much crap uses it nowadays your damn near forced into using it at least from time to time.

i guess the main thing i dislike about it is how it forces you to use your real name (and it's generally to interconnected) but besides that i try to keep my use of it to a general minimum.

at least with Twitter you can stay pretty much anonymous like most website as you can use a random name etc which keeps that basic level of privacy intact unlike Facebook.

Rudy said,
Do people really accept "friends" they don't know?

Oh she/he looks hot....going to add them.

Friend of friends, must be okay, I'll add them.

People are stupid.

It's an inherent problem to all sites that feature some kind of social network sub-function. Hell, even Neowin has Friends feature, therefore it's social.

This all boils down to the stupid people having an irresistable urge to collect virtual friends and accept pretty much anyone.

And, lastly, this exploit has worked really well in real life for ages. Not all your friends are your friends, duh.

yowan said,
Is this even fully legal?

According to El Reg, Facecrack is already putting these concerns to the boffins.
Also, the success factor of bots is allegedly higher because of originating from a trusted IP addresses. Universities can't be trusted!

yowan said,
Is this even fully legal?

If you accept someone without checking, it is your fault. Getting information is what a social network is really about...No different than harvesting information from other online sources, a phone book, etc.