Friend-in-the-Middle (FiTM) Attacks

Exploiting Social Networking Sites for Spam

Abstract. In this work we present our friend-in-the-middle attacks on SNSs and how it can be used to harvest

social data in an automated fashion. This social data can then be exploited for large-scale attacks such as

context-aware spam and social-phishing. We prove the feasibility of our attack exemplary on Facebook

and estimate the impact based upon a simulation on a regional network of Facebook. Alarmingly, all

major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.


Martin Mulazzani and Markus Huber and Edgar R. Weippl and Gerhard Kitzler and Sigrun Goluch,
"Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam",
 IEEE Internet Computing: Special Issue on Security and Privacy in Social Networks, 2011.

@article{huber2011friend,
author = {Markus Huber and Martin Mulazzani and Gerhard Kitzler and Sigrun Goluch and Edgar Weippl},
title = {Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam},
journal ={IEEE Internet Computing},
volume = {15},
issn = {1089-7801},
year = {2011},
pages = {28-34},
doi = {http://doi.ieeecomputersociety.org/10.1109/MIC.2011.24},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
url = {http://dl.dropbox.com/u/571550/preprints/FITM_InternetComputing_preprint.pdf}
}

Exploiting social networking sites for spam

Markus Huber, Martin Mulazzani, Edgar Weippl, Gerhard Kitzler, Sigrun Goluch
CCS '10 Proceedings of the 17th ACM conference on Computer and communications security, 2010