research-article

Consequences of Connectivity: Characterizing Account Hijacking on Twitter

Authors:

Vern PaxsonAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 489 - 500

https://doi.org/10.1145/2660267.2660282

Published: 03 November 2014 Publication History

Abstract

In this study we expose the serious large-scale threat of criminal account hijacking and the resulting damage incurred by users and web services. We develop a system for detecting large-scale attacks on Twitter that identifies 14 million victims of compromise. We examine these accounts to track how attacks spread within social networks and to determine how criminals ultimately realize a profit from hijacked credentials. We find that compromise is a systemic threat, with victims spanning nascent, casual, and core users. Even brief compromises correlate with 21% of victims never returning to Twitter after the service wrests control of a victim's account from criminals. Infections are dominated by social contagions---phishing and malware campaigns that spread along the social graph. These contagions mirror information diffusion and biological diseases, growing in virulence with the number of neighboring infections. Based on the severity of our findings, we argue that early outbreak detection that stems the spread of compromise in 24 hours can spare 70% of victims.

References

[1]

Eytan Bakshy, Brian Karrer, and Lada A Adamic. Social influence and the difiusion of user-created content. In Proceedings of the 10th ACM conference on Electronic commerce, 2009.

Digital Library

[2]

Eytan Bakshy, Itamar Rosenn, Cameron Marlow, and Lada Adamic. The role of social networks in information difiusion. In Proceedings of the 21st international conference on World Wide Web, 2012.

Digital Library

[3]

Andrei Z Broder. On the resemblance and containment of documents. In Compression and Complexity of Sequences 1997. Proceedings, 1997.

Digital Library

[4]

Chris Brook. Github resets users' passwords following brute force attack. http://threatpost.com/github-resets-users-passwords-following-brute-force-attack/102983, 2013.

[5]

M. Cha, H. Haddadi, F. Benevenuto, and K.P. Gummadi. Measuring User Influence in Twitter: The Million Follower Fallacy. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.

[6]

Nicholas A Christakis and James H Fowler. The spread of obesity in a large social network over 32 years. New England Journal of Medicine, 2007.

[7]

Dan Cosley, Daniel P Huttenlocher, Jon M Kleinberg, Xiangyang Lan, and Siddharth Suri. Sequential influence models in social networks. In Proceedings of the International Conference of Weblogs and Social Media, 2010.

[8]

Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. The tangled web of password reuse. In Symposium on Network and Distributed System Security (NDSS), 2014.

[9]

Munmun De Choudhury, Yu-Ru Lin, Hari Sundaram, K Selcuk Candan, Lexing Xie, and Aisling Kelliher. How does the data sampling strategy impact the discovery of information difiusion in social media? In Proceedings of the International Conference of Weblogs and Social Media, 2010.

[10]

Manuel Egele, Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. COMPA: Detecting Compromised Accounts on Social Networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2013.

[11]

Facebook. Guidelines for advertised products & services. https://www.facebook.com/help/399392800124391/, 2014.

[12]

Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia, and Alok Choudhary. Towards online spam filtering in social networks. In Symposium on Network and Distributed System Security (NDSS), 2012.

[13]

Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen, and Ben Y Zhao. Detecting and characterizing social spam campaigns. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, 2010.

Digital Library

[14]

Sharad Goel, Duncan J Watts, and Daniel G Goldstein. The structure of online difiusion networks. In Proceedings of the 13th ACM Conference on Electronic Commerce, 2012.

Digital Library

[15]

C. Grier, L. Ballard, J. Caballero, N. Chachra, C.J. Dietrich, K. Levchenko, P. Mavrommatis, D. McCoy, A. Nappa, A. Pitsillidis, et al. Manufacturing compromise: The emergence of exploit-as-a-service. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2012.

Digital Library

[16]

C. Grier, K. Thomas, V. Paxson, and M. Zhang. @spam: The Underground on 140 Characters or Less. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2010.

Digital Library

[17]

Brian Krebs. Adobe breach impacted at least 38 million users. http://krebsonsecurity.com/ 2013/10/adobe-breach-impacted-at-least-38-million-users/, 2013.

[18]

Jure Leskovec, Jon Kleinberg, and Christos Faloutsos. Graphs over time: densification laws, shrinking diameters and possible explanations. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, 2005.

Digital Library

[19]

Miller McPherson, Lynn Smith-Lovin, and James M Cook. Birds of a feather: Homophily in social networks. Annual review of sociology, 2001.

[20]

Fred Morstatter, Jurgen Pfeffer, Huan Liu, and Kathleen M Carley. Is the Sample Good Enough? Comparing Data from Twitter's Streaming API with Twitter's Firehose. In Proceedings of the International Conference of Weblogs and Social Media, 2013.

[21]

Mark EJ Newman. Spread of epidemic disease on networks. Physical review E, 2002.

[22]

Nicole Perlroth. Lax Security at LinkedIn Is Laid Bare. http://nyti.ms/1fRQIl4, 2012.

[23]

Daniel M Romero, Brendan Meeder, and Jon Kleinberg. Differences in the mechanics of information difiusion across topics: Idioms, political hashtags, and complex contagion on Twitter. In Proceedings of the 20th international conference on World wide web, 2011.

Digital Library

[24]

Stuart Staniford, Vern Paxson, and Nicholas Weaver. How to Own the Internet in Your Spare Time. In USENIX Security Symposium, 2002.

Digital Library

[25]

Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, and Ben Y Zhao. Follow the Green: Growth and Dynamics in Twitter Follower Markets. In Proceedings of the 2013 conference on Internet measurement conference, 2013.

Digital Library

[26]

Fred Tanneau. Twitter hacked! 250,000 user accounts breached. http://www.cnbc.com/id/100343530, 2013.

[27]

Ke Tao, Fabian Abel, Claudia Hauff, Geert-Jan Houben, and Ujwal Gadiraju. Groundhog day: Near-duplicate detection on Twitter. In Proceedings of the 22nd international conference on World Wide Web, 2013.

Digital Library

[28]

K. Thomas, C. Grier, V. Paxson, and D. Song. Suspended Accounts In Retrospect: An Analysis of Twitter Spam. In Proceedings of the Internet Measurement Conference, November 2011.

Digital Library

[29]

Kurt Thomas and David M. Nicol. The Koobface botnet and the rise of social malware. In Proceedings of The 5th International Conference on Malicious and Unwanted Software (Malware 2010), 2010.

[30]

C. Yang, R. Harkreader, J. Zhang, S. Shin, and G. Gu. Analyzing Spammers' Social Networks for Fun and Profit: a Case Study of Cyber Criminal Ecosystem on Twitter. In Proceedings of the 21st International Conference on World Wide Web, 2012.

Digital Library

[31]

Alison Young. FTC takes action against deceptive weight-loss products. http://www.usatoday.com/story/news/nation/ 2014/01/07/ftc-charges-deceptive-weight-loss-products/4354669/, 2014.

Cited By

Zineddine ABelfaik YSadqi Y(2024)A Deep Dive Into Cybersecurity Risk Assessment and Countermeasures in Online Social NetworksRisk Assessment and Countermeasures for Cybersecurity10.4018/979-8-3693-2691-6.ch001(1-19)Online publication date: 31-May-2024
https://doi.org/10.4018/979-8-3693-2691-6.ch001
He PZhang XLin CWang TJi S(2024)Towards understanding bogus traffic service in online social networks在线社交网络中的虚假流量服务挖掘Frontiers of Information Technology & Electronic Engineering10.1631/FITEE.230006825:3(415-431)Online publication date: 23-Mar-2024
https://doi.org/10.1631/FITEE.2300068
Fausak A(2024)Malicious Intent Detection Framework for Social Networksundefined10.12794/metadc2332602Online publication date: May-2024
https://doi.org/10.12794/metadc2332602
Show More Cited By

Index Terms

Consequences of Connectivity: Characterizing Account Hijacking on Twitter
1. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

"My religious aunt asked why i was trying to sell her viagra": experiences with account hijacking
CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited ...
Modeling Malicious Behaviors and Fake News Dissemination on Social Networks
Responsible AI and Analytics for an Ethical and Inclusive Digitized Society
Abstract
As social media has become widely used, fake news has become a serious problem. A representative countermeasure is fake news detection. However, this countermeasure is not sufficient because people using social media tend to ignore facts that ...
The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks
IMC '15: Proceedings of the 2015 Internet Measurement Conference

People have long been aware of malicious users that impersonate celebrities or launch identity theft attacks in social networks. However, beyond anecdotal evidence, there have been no in-depth studies of impersonation attacks in today's social networks. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

54
Total Citations
View Citations
712
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zineddine ABelfaik YSadqi Y(2024)A Deep Dive Into Cybersecurity Risk Assessment and Countermeasures in Online Social NetworksRisk Assessment and Countermeasures for Cybersecurity10.4018/979-8-3693-2691-6.ch001(1-19)Online publication date: 31-May-2024
https://doi.org/10.4018/979-8-3693-2691-6.ch001
He PZhang XLin CWang TJi S(2024)Towards understanding bogus traffic service in online social networks在线社交网络中的虚假流量服务挖掘Frontiers of Information Technology & Electronic Engineering10.1631/FITEE.230006825:3(415-431)Online publication date: 23-Mar-2024
https://doi.org/10.1631/FITEE.2300068
Fausak A(2024)Malicious Intent Detection Framework for Social Networksundefined10.12794/metadc2332602Online publication date: May-2024
https://doi.org/10.12794/metadc2332602
Deng LWu CLian DWu YChen E(2023)Markov-Driven Graph Convolutional Networks for Social Spammer DetectionIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2022.315066935:12(12310-12322)Online publication date: 1-Dec-2023
https://doi.org/10.1109/TKDE.2022.3150669
Ma ZGuan Z(2023)A Lightweight Privileged Account Management System for Develpoment and Operation2023 IEEE 8th International Conference on Smart Cloud (SmartCloud)10.1109/SmartCloud58862.2023.00041(194-199)Online publication date: 16-Sep-2023
https://doi.org/10.1109/SmartCloud58862.2023.00041
Liu EAkiwate GJonker MMirian AHo GVoelker GSavage S(2023)Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00030(373-391)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00030
Cola GMazza MTesconi M(2023)Twitter Newcomers: Uncovering the Behavior and Fate of New Accounts Through Early Detection and MonitoringIEEE Access10.1109/ACCESS.2023.328258011(55223-55232)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3282580
Gao YXu GLi LLuo XWang CSui YRoychoudhury ACadar CKim M(2022)Demystifying the underground ecosystem of account registration botsProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549090(897-909)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549090
Wang CChai SZhu HJiang C(2022)CAeSaR: An Online Payment Anti-Fraud Integration System With Decision ExplainabilityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3186733(1-14)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3186733
Woods DWalter L(2022)Reviewing Estimates of Cybercrime Victimisation and Cyber Risk Likelihood2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW55150.2022.00021(150-162)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSPW55150.2022.00021
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten