2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing
An Analysis of Security in Social Networks
Weimin Luo1, Jingbo Liu1, Jing Liu2
1
College of Mathematics & Computer Science ,
2 Southwest University
Experimental Center
Chongqing Three Gorges University
Wanzhou, Chongqing, China
{weim.luo, allahljb, longcomliujing }@gmail.com
AbstractThe threats to Internet have been also posed to the
social networking sites. In social networks people tend to
reduce the original alert and this makes it easier for malware
to spread. In this paper we study the threats to social networks
in recent years and analyze the targets what the attackers want
and the methods how attackers perform the attacks. We
separate social networks into two parts: user and social
networking site. Then we discuss in details the
countermeasures against the threats to social networks. In the
end we propose a security framework of social networks.
Keywords-social networks; security; user; social networking
site;
I. INTRODUCTION
People can share multimedia data with others and keep in
touch for fun in social networks. As to users, social networks
are like a virtual communication medium or an online
community[1]. User logs into one of these networks and
searches for new users with the same interest after creating a
profile to introduce himself[2]. Social networks show
explosive growth in recent years. Social networking sites,
such as Facebook[3], MySpace[4] and LinkedIn[5], have
been very popular and become the preferred method of
communication for most people. Simultaneously the
popularity of social networks poses a great threat to people.
Attackers can gain the important personal information very
easily by using social networks. These information such as
password and bank account can help attackers in a wide
range of network crimes, including identity theft.
Users are encouraged to provide name, address, gender,
date of birth, school, place of birth, interest and other
personal information in social networking sites. These
information will be shared with other users. Then attackers
will find the important information by analyzing these
information. The more information users provide, the more
information attackers will get. Some social networking sites
such as Twitter[6] do not leave much room for uses to
provide important personal information but attackers also
can analyze the series of these posts and gain what they
want.
In this paper we focus on the threats to social networks
and countermeasures. The structure of the rest of the paper is
as follows. Section introduces the related attacks on social
978-0-7695-3929-4/09 $26.00 2009 IEEE
DOI 10.1109/DASC.2009.100
Chengyu Fan
College of Computer and Information Science
Chongqing, China
chengy.fan@gmail.com
networks. Then we discuss the content and manner of threats
to social networks in Section . Section analyzes the
countermeasures what users and social networking sites
should use and gives a security framework of social
networks. Finally, Section finishes the paper with a
conclusion.
II. ATTACKS ON SOCIAL NETWORKS
In 2005 Sammy worm attacked MySpace and this
represented the danger in social networks. Sammy utilized
the loopholes in MySpace and spread very fast. Though
Sammy did not filch users information, it still had seriously
affected the normal operation of MySpace. In April 2009
Mikeyy worm attacked Twitter and modified the users
pages with some useless message. Mikeyy did not filth the
personal information just like Sammy. Unfortunately in May
2009 Koobface worm spread in Facebook and filched the
important personal information such as password. Later
Koobface began to spread in other social networking sites
and a greater harm was brought. Obviously attackers have
found that social networks are a better way to commit
network crimes.
Malware is not the only threat. Due to the unlimited
access to the profiles of users, attackers can further gain the
information of corporation and commercial secrets. In the
survey conducted by Sophos[7] it indicates that, 1) the
concern of 62.8 percent companies is that the employees
provide too much information in social networks and 2)66
percent companies think that using social networks will pose
a great threat to corporations.
Gostev[8] points out: The growing popularity of social
networking sites has not gone unnoticed by cybercriminals;
in 2008, such sites became a hotbed of malware and spam
and yet another source of illegal earnings on the Internet. By
the end of 2008, the Kaspersky Lab collection contained
more than 43 000 malicious files relating to social
networking sites. As to cybercriminals social networking
sites are an increasingly popular target. The number of
programs received by the Kaspersky Virus Lab which target
social networking sites demonstrates that such sites are an
increasingly popular target. Relevant data in [8] are shown in
Figure 1 and Figure 2.
648

Figure 1. total number of malicious programs targeting social networking
sites in recent years
 The methods how attacks are performed are concluded as
Figure 2. number of malicious programs appeared in some social
networking sites in recent years
As shown in Figure 1 and Figure 2 we can find that
social networking sites have been more dangerous. Attackers
began to commit network crimes largely by utilizing social
networking sites after 2005. Users are easier to be enticed
than before and the personal information are also
comparatively easier to gain in social networking sites. We
believe that the number of malware in social networking
sites will increase in future.
III. THREATS TO SOCIAL NETWORKS
In this section we discuss the targets of attacks in social
networks and analyze how these attacks are performed. We
must make it clear for what and how the attackers attack.
Then we can know how to protect secrets and deal with the
threats.
A. What the attackers want
Attackers attack for different purposes. We find the
targets of attacks in social networks are similar to the ones in
Internet. These targets are concluded as follows:
Jokes: Someone just wants to play a joke on other
users to improve their reputation or to satisfy their
own sense of accomplishment. These attacks will not
649
cause adverse impact, but sometimes will cause
network congestion and make users feel bored.
Access control: Attackers control the computers of
other users and do what they want. The worst is that
the controlled computers are organized into a Botnet
to perform some types of attacks such as DDOS.
Personal information: The important personal
information is very useful to attackers. Privacy such
as password, bank account and social security
number are the very thing attackers are looking for.
Once attackers gain these information they can
commit further crimes, even identity theft.
Company information: In some social networks such
as LinkedIn users are business customers. So the
personal information means a vast reservoir of
wealth. In the past attackers were not easy to break
through the intranet as the company had a strict
protection measures. In contrast attackers can be
easier to obtain the trust of others in social networks.
They can gain the professional information of users
and further customer information. At last the
company information and other financial secrets will
be exposed to attackers.
Money: We can find that attacks on social
networking sites will increasingly become more
financially driven. Apart from jokes, the essential
target of those attacks is money. Most of attackers
want to gain bank accounts, privacy, financial
secrets and etc.
B. How to attack
follows:
Spam: The madness spread of spam will greatly
damage the network availability. Traditional spam
spread via e-mail, but now they begin to utilize
social networks. The spam including advertising or
malicious code can spread very fast via friend list in
social networks.
Flaw in the third-party applications: Social networks
such as Facebook allow users to add the third-party
applications in order to attract users. The more
applications users add, the more flaws will be
brought. This will lead to more danger.
Worm: Worm can self-replicate and spread
automatically. Worm will steal private information
such as password and bank account number. These
information will be sold in the underground black
market, used to steal credit card and bank
information of users.
XSS: XSS can be generated into the web page code
and pose a great threat to users. Attackers can use
XSS vulnerabilities to steal COOKIE, hijack
accounts, run FLASH, force users to download
malware and etc. There are many interactions among
users in social networks. The large amounts of
information including some URLs with XSS flaw
 will attract many users. Once users click the URL
the attacks will be triggered.
Plug-in: Some plug-in such as Flash and Silverlight
are permitted to run in browser. This also brings a
new threat to social networks. Recently the flaw of
Flash has been found and the relevant attacks on
social networks appear rapidly.
Phishing: In social networks attacker can disguise
himself as a legitimate user and uses social
engineering to entice other users to click the
designed URL. Users in social networks are willing
to accept the invitation of strangers and
communicate with them. This will lead to a phishing
attack.
IV. COUNTERMEASURES AGAINST ATTACKS
Now we know for what and how attackers perform
attacks. In this section we separate social networks into two
parts: user and social networking site. Each part has its own
responsibility to prevent from intrusion.
A. User
Social networks can not ignore the interactions among
users. The behaviours of users have some great impact on the
operation of social networks. Especially attackers often use
social engineering to disguise the real attacks in social
networks. If users had a good sense of safety, they could
avoid the vast majority of attacks. What users should do are
concluded as follows:
Users must make it clear what the differences among
social networking sites are before joining them.
Some sites only allow certain users access to your
post, while others allow anyone to view your post.
The uploaded content must be controlled by users.
Users can permit only certain groups, such as
classmates, clubs, colleagues and relatives to have
rights to visit their web pages.
Do not post full name, social security number,
address, telephone number, bank account or credit
card numbers, and do not post the information of
other users either. Some information that can reveal
user identity must be carefully published.
Users should keep in mind that the information
uploaded by users can not be taken back. Even if
users removed the information from the sites, but the
old version of the information still exists in others
computer.
Users should remain alert against strangers and not
visit suspicious pages and links[9].
Users should patch the security holes in time. When
new attack breaks out users should update operation
system or applications immediately.
B. Social networking site
Apart from precautions of users, social networking sites
should provide users with greater security supports. Social
networking site is one of the applications in Internet. In
addition to traditional security measures, the sites should pay
650
more attention to the application layer in order to safeguard
the legitimate users. The countermeasures are concluded as
follows:
Provide the different functions to the different users.
Some normal users can use limited functions in
default while the users with details can use more
functions.
Users should be notified prominently when new
attack breaks out or new high-risk vulnerability is
found. The sites also should notify the users to be
aware of some suspicious information.
Enhance filtering the spam and the malicious links.
This can stop the spread of malicious programs and
prevent users from visiting some dangerous pages.
In addition to installing anti-virus modules, it is very
important that there should be enough communi-
cations between the sites and the security vendors.
The sites should be programmed carefully to prevent
attacks such as SQL injection and XSS. Furthermore
the sites should pay more attention to the latest
security vulnerabilities of the platform. Installing the
patch and ensuring the normal operation of the sites
are the basic tasks which social networking sites
should do.
The sites should be very cautious when calling a
large number of external Web API. The timely
detection of the vulnerability of the third-party
applications or plug-in can minimize the risks.
C. A security framework
According to the analysis above, we represent a security
framework of social networks shown in Figure 3.
Activities Find friends, Join groups, Communicate with others, ...
User
Stay alert to strangers, Not click the suspicious messages,
Security Protect personal information, Be precautious to upload
information, Install patches, ...
Security
Classify users, Block spam, Filter suspicious links, Notify
security alert, ...
Social
networking Services Chat, Message, Video, File sharing, Group, ...
site
Vulnerability detection, Anti-virus detection, Encrypted
Security
transmission, ...
Technology
underpinnings
Web, Database, Multimedia, Software Engineering, ...
Figure 3. the security framework of social networks
We must admit that both users and social networking
sites have impact on the security of social networks. As a
major part, social networking sites should provide users with
enough security supports. As a minor part, users should
increase their security awareness to combat the growing
number of attacks.
 V. CONCLUSIONS
In this paper we study the threats to social networks in [1]
recent years. We find that the traditional attacks still work in
social networks. In the virtual community, attackers prefer
[2]
using social engineering to entice users to click the designed
pages. As users are willing to interact with others, attackers
are easier than before to perform attacks. Most attackers filch [3]
the secrets of users and the ultimate target is money in most [4]
cases. [5]
After analyzing the methods how attacks are performed, [6]
we separate social networks into two parts: user and social
[7]
networking site. Then we discuss the countermeasures
against attacks respectively. In general users should stay alert
in social networks. Users should keep secret and not easily
trust others, especially strangers. As to social networking [8]
sites, they should pay more attention to the security of the
application layer apart from using traditional security
measures.
[9]
In the end we propose a security framework of social
networks and this makes it clear where and of what we
should be aware.
Social networks are still growing while relevant threats
are increasing. We should pay more attention to the safety of
social networks.
651
REFERENCES
X. Li, D. Zeng, W. Mao and F. Wang. Online Communities: A Social
Computing Perspective. Intelligence and Security Informatics 2008
Workshops, 2008, pp. 355-365, doi:10.1007/978-3-540-69304-8.
D. Boyd. Social Network Sites: Public, Private, or What?
http://kt.flexiblelearning.net.au/tkt2007/edition-13/social-network-
sites-public-private-or-what/.
Facebook. http://www.facebook.com
MySpace. http://www.myspace.com
LinkedIn. http://www.linkedin.com
Twitter. http://twitter.com
Sophos: Two thirds of businesses fear that social networking endan-
gers corporate security.
http://www.sophos.com/pressoffice/news/articles/2009/04/social-
networking.html.
A. Gostev, O. Zaitsev, S. Golovanov and V. Kamluk: Kaspersky Se-
curity Bulletin: Malware evolution 2008.
http://usa.kaspersky.com/threats/docs/KasperskySecurityBulletin_Ma
lwareEvolution2008.pdf.
J. Nagy, P. Pecho: Social networks security. 2009 Third International
Conference on Emerging Security Information, Systems and
Technologies, 2009, pp. 321-325, doi:10.1109/SECURWARE.2009.
56.