Presented at
BSidesSF 2019,
March 3, 2019, 2:50 p.m.
(30 minutes).
Is this "real"? This is the story of how attackers today leverage a variety of tools and tricks to impact the influence landscape at scale. Many have heard of "fake news" and know that those "friends," "matches," or "followers" might not all be real; the information we consume is inflated with likes and ratings generated by coordinated attackers utilizing anything from users' browsers to IoT devices.
How are these fake accounts and likes and clicks created? To what extent are they "real"? This session will explore the fake account ecosystem, with specific focus on the lifecycle of a fake account and how specific tools and attacks are used to create likes and clicks; sometimes through automation and emulators, sometimes using real people through phone farms, mechanical turks, and sweatshops. We'll dissect the different main attack vectors and how they are being exploited:
Content: repurposed to fit a different context,
Access & Authentication: gained through Account Takeovers and credential cracking,
Fake Accounts: created strategically to build trust,
Usage: to emulate "real" users and not get caught
Together, we’ll workshop practical steps to building an army of influencers (on a budget) using off-the-shelf tools and show some more advanced techniques seen in attacks today.
Presenters:
-
Anna Westelius
Anna Westelius is a Scandinavian expat and Security Researcher, Analyst & hacking enthusiast turned technology strategist; currently solving fraud and abuse problems as Sr Director of Engineering for Arkose Labs. Originally of a network security background, she moved into the web security space to help shape the first commercial anti-scraping solution and has spent the past decade focusing on different aspects of combating distributed automation, botnets, and fraud at scale.
Links:
Similar Presentations: