One dimension on the Internet, which has gained great popularity in recent years are the online social networks (OSNs). Users all over the globe write, share, and publish personal information about themselves, their friends, and their workplace. In this study we present a method for infiltrating specific users in targeted organizations by using organizational social networks topologies and Socialbots. The targeted organizations, which have been chosen by us, were technology oriented organizations. Employees from this kind of organization should be more aware of the dangers of exposing private information. An infiltration is defined as accepting a Socialbot's friend request. Upon accepting a Socialbot's friend request, users unknowingly expose information about themselves and their workplace. To infiltrate this we had to use our Socialbots in a sophisticated manner. First, we had to gather information and recognize Facebook users who work in targeted organizations. Afterwards, we chose ten Facebook users from every targeted organization randomly. These ten users were chosen to be the specific users from targeted organizations of which we would like to infiltrate. The Socialbots sent friend requests to all specific users' mutual friends who worked or work in the same targeted organization. The rationale behind this idea was to gain as many mutual friends as possible and through this act increase the probability that our friend requests will be accepted by the targeted users. We tested the proposed method on targeted users from two different organizations. Our method was able to gain a successful percentage of 50% and 70% respectively. The results demonstrate how easily adversaries can infiltrate users they do not know and get full access to personal and valuable information. These results are more surprising when we emphasize the fact that we chose oriented users who should be more aware to the dangers of information leakage for this study on purpose. Moreover, the results indicate once again that users who are interested in protecting themselves should not disclose information in OSNs and should be cautious of accepting friendship requests from unknown persons.
展开▼
