Your Facebook deactivated friend or a cloaked spy

  title={Your Facebook deactivated friend or a cloaked spy},
  author={Shah Mahmood and Yvo Desmedt},
  journal={2012 IEEE International Conference on Pervasive Computing and Communications Workshops},
  • Shah MahmoodY. Desmedt
  • Published 18 March 2012
  • Computer Science
  • 2012 IEEE International Conference on Pervasive Computing and Communications Workshops
With over 750 million active users, Facebook is the most famous social networking website. One particular aspect of Facebook widely discussed in the news and heavily researched in academic circles is the privacy of its users. In this paper we introduce a zero day privacy loophole in Facebook. We call this the deactivated friend attack. The concept of the attack is very similar to cloaking in Star Trek while its seriousness could be estimated from the fact that once the attacker is a friend of… 

Figures and Tables from this paper

New Privacy Threats for Facebook and Twitter Users

  • Shah Mahmood
  • Computer Science
    2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing
  • 2012
Six new privacy leaks in Facebook and Twitter are introduced and it is shown how an attacker can map users email addresses to their real names using Facebook's account recovery service, which helps an attacker accumulate more information about the holder of an email address.

Analysis of Three Trusted Friends' Vulnerability in Facebook

  • A. NoorM. Razzaque
  • Computer Science
    2013 International Conference on Advanced Computer Science Applications and Technologies
  • 2013
The purpose of this paper is to introduce this new 3 trusted friend's vulnerability that could be exploited by a hacker to recover the password of a legitimate user and hack his account.

FakeBook: Detecting Fake Profiles in On-Line Social Networks

The investigation on the possible approach to mitigate the risk of not having a profile in the last fancy social network is reported, and the first ones to analyze social network graphs from a dynamic point of view within the context of privacy threats are noted.

Is Somebody Watching Your Facebook Newsfeed?

A novel continuous authentication approach that analyzes user browsing behavior to detect SNS usage stealing incidents using Facebook as a case study is proposed and results show that it is possible to detect such incidents by analyzing SNS browsing behavior.

Less is More: Exploiting Social Trust to Increase the Effectiveness of a Deception Attack

The results obtained show that participants are not prepared even for a well-known attack - company representative fraud, and a significant finding is that a smaller set of well-chosen strategies is better than a large `mess' of strategies.

Detecting In Situ Identity Fraud on Social Network Services: A Case Study With Facebook

This paper proposes to extend the use of continuous authentication to detect the in situ identity fraud incidents, which occurs when the attackers use the same accounts, the same devices, and IP addresses as the victims.

Framework - Better Privacy on Online Social Networks and Beyond

  • Shah Mahmood
  • Computer Science
    2019 IEEE International Conference on Big Data (Big Data)
  • 2019
This paper provides a framework, based on the anti-data-mining (ADM) principle, to enhance users’ privacy against adversaries including: online social networks; search engines; financial terminal providers; ad networks; eavesdropping governments; and other parties who can monitor Users’ content from the point where the content leaves users' computers to within the data centers of these information accumulators.

Friend in the Middle (FiM): Tackling de-anonymization in social networks

  • Filipe BeatoM. ContiB. Preneel
  • Computer Science
    2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)
  • 2013
This paper presents Friend in the Middle (FiM): a novel approach to make OSNs more resilient against de-anonymization techniques and evaluates and demonstrates throughout experimental results the feasibility and effectiveness of this proposal.


Most users’ personal data were open to the public, while they were of the belief that their data weren’t, and a majority of the users weren”t aware of the privacy concerns associated with the popular social networking website.

Online social networks: The overt and covert communication channels for terrorists and beyond

  • Shah Mahmood
  • Computer Science
    2012 IEEE Conference on Technologies for Homeland Security (HST)
  • 2012
This paper discusses how terrorists may be using online social networks not only to recruit new members to a terrorist organization but to maintain the loyalty of their existing sympathizers; plan attacks and share information about them; train recruits for specific attacks; raise funds for their causes; propagate fear amongst the enemy population.



All your contacts are belong to us: automated identity theft attacks on social networks

This paper investigates how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information.

Using social networks to harvest email addresses

This paper demonstrates and evaluates how names extracted from social networks can be used to harvest email addresses as a first step for personalized phishing campaigns, and shows that the approach is more scalable and efficient than the other techniques.

Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook

It is found that an individual's privacy concerns are only a weak predictor of his membership to the Facebook, and also privacy concerned individuals join the network and reveal great amounts of personal information.

Information revelation and privacy in online social networks

This paper analyzes the online behavior of more than 4,000 Carnegie Mellon University students who have joined a popular social networking site catered to colleges and evaluates the amount of information they disclose and study their usage of the site's privacy settings.

The socialbot network: when bots socialize for fame and money

This paper adopts a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion that is evaluated how vulnerable OSNs are to a large-scale infiltration by socialbots.

Prying Data out of a Social Network

This work examines the difficulty of collecting profile and graph information from the popular social networking website Facebook and describes several novel ways in which data can be extracted by third parties, and demonstrates the efficiency of these methods on crawled data.

Inferring private information using social network data

This paper explores how to launch inference attacks using released social networking data to predict undisclosed private information about individuals and the effectiveness of possible sanitization techniques that can be used to combat such inference attacks under different scenarios.

The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications

A model of surveillance based on social network theory, where observing one participant also leaks some information about third parties is presented, to provide important insights into the actual security of anonymous communication, and their ability to minimise surveillance and disruption in a social network.

Inferring privacy information via social relations

  • Wanhong XuXi ZhouLei Li
  • Computer Science
    2008 IEEE 24th International Conference on Data Engineering Workshop
  • 2008
This work presents an iterative algorithm, by combining a Bayesian label classification method and discriminative social relation choosing, for inferring personal information through mere social relations with high accuracy.

Detecting Spam in a Twitter Network

This article examines spam around a one-time Twitter meme—“robotpickuplines” and shows the existence of structural network differences between spam accounts and legitimate users, highlighting challenges in disambiguating spammers from legitimate users.