[Infowarrior] - A Practical Attack to De-Anonymize Social Network Users

Richard Forno rforno at infowarrior.org
Mon Mar 8 13:31:52 UTC 2010 

A Practical Attack to De-Anonymize Social Network Users

Abstract. Social networking sites such as Facebook, LinkedIn, and Xing  
have been reporting exponential growth rates. These sites have  
millions of registered users, and they are interesting from a security  
and privacy point of view because they store large amounts of  
sensitive personal user data.
In this paper, we introduce a novel de-anonymization attack that  
exploits group membership information that is available on social  
networking sites. More precisely, we show that information about the  
group memberships of a user (i.e., the groups of a social network to  
which a user belongs) is often sufficient to uniquely identify this  
user, or, at least, to significantly reduce the set of possible  
candidates. To determine the group membership of a user, we leverage  
well-known web browser history stealing attacks. Thus, whenever a  
social network user visits a malicious website, this website can  
launch our de-anonymization attack and learn the identity of its  
visitors.

The implications of our attack are manifold, since it requires a low  
effort and has the potential to affect millions of social networking   
users. We perform both a theoretical analysis and empirical  
measurements to demonstrate the feasibility of our attack against  
Xing, a medium-sized social network with more than eight million  
members that is mainly used for business relationships. Our analysis  
suggests that about 42% of the users that use groups can be uniquely  
identified, while for 90%, we can reduce the candidate set to less  
than 2,912 persons. Furthermore, we explored other, larger social  
networks and performed experiments that suggest that users of Facebook  
and LinkedIn are equally vulnerable (although attacks would require  
more resources on the side of the attacker). An analysis of an  
additional five social networks indicates that they are also prone to  
our attack.

Paper @ http://www.iseclab.org/papers/sonda-TR.pdf

More information about the Infowarrior mailing list