Graph Theory: Analyzing Social Networks

Posted by Brett Hardin on 8th June 2009

Reading time: 3 – 4 minutes

Photo: escapedtowisconsin

Photo: escapedtowisconsin

Social networking applications are among the most popular websites that are used on the Internet. Facebook.com and myspace.com are both in the top 20 most visited pages on the Internet. According to Alexa, 17% of global Internet users visit facebook.com on a daily basis.
Facebook Alexa Stats
How can attackers use the abundant amounts of information that is available on these websites to aid in their attacks?

One method is by analyzing a victims social network using network analysis.

Network analysis is a way to infer information from the social connections that someone makes. An attacker could use a social applications data set to:

By assigning people and organizations to nodes and linking nodes based on relationships, attackers can begin to infer information from these social graphs.

Who is the Most Influential?
It is beneficial for an attacker to know who is the most influential person in their victim’s social network. Constructing a malicious instant message or email that requires user intervention (think Reflective Cross-Site Scripting) will have a higher success rate, if it is sent from the victim’s most influential friend.

In order to analyze the victim’s social network from an influential perspective, the attacker begins by constructing a graph with the victim in the center and each of the victim’s friends as node off of the victim.

In this example, Sam is the attacker’s target. Sam has five friends, Alice, Bart, Charlie, Dave, and Ed. This would create a star graph that would look like this.

Graph Theory: Analyzing Social Networks

The next step is for the attacker to analyze the connections between Sam’s friends. The attacker identifies that Alice communicates with Bart on a regular basis, so a link is made between Alice and Bart.

It is also easier for the attacker to understand who is the most influential by assigning a value to each vertex. Alice and Bart’s vertex would change from 0 to 1, since they know one of Sam’s friends. In this example, we have made the vertex larger and assigned it a number. Once the social network is analyzed the attacker will have a graph similar to this.

Graph Theory: Analyzing Social Networks

Since Ed knows 3 of Sam’s friends, it can be inferred that Ed is the most influential in Sam’s network. If an attacker wanted to send a malicious instant message or email to Sam, the attacker would have the highest rate of success if the malicious message was from Ed.

This is a simple example. In reality, social networks are vastly more complicated. However, with the use of certain API’s an attacker could use network analysis to his benefit.

Categories: Social Networks
Tags: , , , , , , , , , , ,
8Jun

Information Gathering: A Way to Identify Who Uses Social Sites

Posted by Brett Hardin on 26th May 2009

Reading time: 1 – 2 minutes

Information Gathering: A Way to Identify Who Uses Social Sites

Photo: Pro-Zak

Information gathering on targets is key for attackers. They need to understand their targets to construct more successful attacks.

Recently, I came across http://namechk.com/ I was blown away with the amount of information this site reveals.

The site promotes itself as a way to “check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites.”

Information Gathering: A Way to Identify Who Uses Social Sites

From an attackers standpoint, lets say I want to identify all of the resources that Jeremiah Grossman, the CTO of WhiteHat Security uses. I simply type in his blogspot id, “jeremiahgrossman” and I identify that in addition to blogspot he also posts to delicious and youtube. This is great!

For an attacker, this resource provides a way to identify additional paths of research.

Categories: Social Networks
Tags: , , , , , , , ,
26May

Information Gathering At Its Best: Using Google Alerts for Fun and Profit

Posted by Brett Hardin on 19th May 2009

Reading time: 2 – 3 minutes

Photo: just.Luc (just.Censored)

Photo: just.Luc (just.Censored)

Knowledge is Power.

Sun Tzu stated in the Art of War,So it is said that if you know your enemies and know yourself, you will fight without danger in battles.” Having intelligence on your enemy is a key to winning military battles. In business having any competitive edge, including intelligence, can be the difference between winning and losing a key-project, beating an advisory colleague, and getting a raise or promotion.

Google, a small start-up out of Mountain View, has a feature called Google Alerts that will help keep your enemies informed. Google Alerts is a way for people (or attackers) to stay informed of new pages that have been indexed by Google. When Google’s bots are scanning/indexing the Internet, they will look for specific keywords that the user sets up before hand, just like issuing a Google query. When Google’s bots identify these keywords they will email you a link to the page the keywords were found on.

Information Gathering At Its Best: Using Google Alerts for Fun and Profit

This is a great feature that can be used to stay informed on all sorts of things. Say, you would like to stay informed of Gavin Newsom, the mayor of San Francisco, running for Governor of California. You could set up a Google Alert with “Gavin newsom” and “governor” as the keywords and be emailed any new pages that Google identifies.

It seems that Sun Tzu was correct. Knowing your enemy, and knowing what he knows, is the key to winning battles.

Categories: Information Gathering
Tags: , , , ,
19May