Consequences of Connectivity: Characterizing Account Hijacking on Twitter

Abstract

In this study we expose the serious large-scale threat of criminal account hijacking and the resulting damage incurred by users and web services. We develop a system for detecting large-scale attacks on Twitter that identifies 14 million victims of compromise. We examine these accounts to track how attacks spread within social networks and to determine how criminals ultimately realize a profit from hijacked credentials. We find that compromise is a systemic threat, with victims spanning nascent, casual, and core users. Even brief compromises correlate with 21% of victims never returning to Twitter after the service wrests control of a victim's account from criminals. Infections are dominated by social contagions---phishing and malware campaigns that spread along the social graph. These contagions mirror information diffusion and biological diseases, growing in virulence with the number of neighboring infections. Based on the severity of our findings, we argue that early outbreak detection that stems the spread of compromise in 24 hours can spare 70% of victims.

DOI: 10.1145/2660267.2660282

Extracted Key Phrases

14 Figures and Tables

0102030201520162017
Citations per Year

Citation Velocity: 14

Averaging 14 citations per year over the last 3 years.

Learn more about how we calculate this metric in our FAQ.

Cite this paper

@inproceedings{Thomas2014ConsequencesOC, title={Consequences of Connectivity: Characterizing Account Hijacking on Twitter}, author={Kurt Thomas and Frank Li and Chris Grier and Vern Paxson}, booktitle={ACM Conference on Computer and Communications Security}, year={2014} }