Sciweavers

SP
2010
IEEE

A Practical Attack to De-anonymize Social Network Users

14 years 4 months ago
A Practical Attack to De-anonymize Social Network Users
—Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data. In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors. The implications of our attack a...
Gilbert Wondracek, Thorsten Holz, Engin Kirda, Chr
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SP
Authors Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel
Comments (0)