TY - GEN
T1 - The Chameleon Attack
T2 - 29th International World Wide Web Conference, WWW 2020
AU - Elyashar, Aviad
AU - Uziel, Sagi
AU - Paradise, Abigail
AU - Puzis, Rami
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/4/20
Y1 - 2020/4/20
N2 - Online social networks (OSNs) are ubiquitous attracting millions of users all over the world. Being a popular communication media OSNs are exploited in a variety of cyber-attacks. In this article, we discuss the chameleon attack technique, a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Using this technique, adversaries can, for example, avoid censorship by concealing true content when it is about to be inspected; acquire social capital to promote new content while piggybacking a trending one; cause embarrassment and serious reputation damage by tricking a victim to like, retweet, or comment a message that he wouldn't normally do without any indication for the trickery within the OSN. An experiment performed with closed Facebook groups of sports fans shows that (1) chameleon pages can pass by the moderation filters by changing the way their posts are displayed and (2) moderators do not distinguish between regular and chameleon pages. We list the OSN weaknesses that facilitate the chameleon attack and propose a set of mitigation guidelines.
AB - Online social networks (OSNs) are ubiquitous attracting millions of users all over the world. Being a popular communication media OSNs are exploited in a variety of cyber-attacks. In this article, we discuss the chameleon attack technique, a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Using this technique, adversaries can, for example, avoid censorship by concealing true content when it is about to be inspected; acquire social capital to promote new content while piggybacking a trending one; cause embarrassment and serious reputation damage by tricking a victim to like, retweet, or comment a message that he wouldn't normally do without any indication for the trickery within the OSN. An experiment performed with closed Facebook groups of sports fans shows that (1) chameleon pages can pass by the moderation filters by changing the way their posts are displayed and (2) moderators do not distinguish between regular and chameleon pages. We list the OSN weaknesses that facilitate the chameleon attack and propose a set of mitigation guidelines.
KW - Chameleon Attack
KW - Link Previews
KW - Online Social Networks
UR - http://www.scopus.com/inward/record.url?scp=85086569077&partnerID=8YFLogxK
U2 - 10.1145/3366423.3380165
DO - 10.1145/3366423.3380165
M3 - Conference contribution
AN - SCOPUS:85086569077
T3 - The Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020
SP - 848
EP - 859
BT - The Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020
PB - Association for Computing Machinery, Inc
Y2 - 20 April 2020 through 24 April 2020
ER -