Israeli cyber-security researchers have shown how hackers can manipulate people’s social media accounts to portray them as having “liked” illegal or extremist posts.
An Online Social Network (OSN) or ‘Chameleon’ attack can be executed across seven online platforms using weaknesses in the posting management systems of Facebook, Twitter and LinkedIn, among others.
The account-holder does not know that they have been hacked, or that they are ‘liking’ these posts.
“Imagine ‘liking’ a cute cat video in your Facebook feed,” said Dr Rami Puzis from Ben-Gurion University in the Negev (BGU). “Then a friend calls to find out why you ‘liked’ a video of an ISIS execution.”
Puzis said the ramifications could impact employment, marriage and friendships, and involve government agencies, adding that it “can wreak havoc in just minutes”.
The attack involves maliciously changing the way content is displayed publicly without any indication whatsoever that it was changed until the account-holder logs back on and sees.
“Social network Chameleons can be used for shaming or incrimination, or even to create and manage fake profiles in social networks,” said Puzis. “They can also be used to evade censorship and monitoring, in which a disguised post reveals its true self after being approved by a moderator.
“Chameleon posts can also be used to unfairly collect social capital – posts, likes, links etc – by first disguising itself as popular content and then revealing its true self and retaining the collected interactions.”
The BGU team said it notified LinkedIn, Twitter and Facebook, but that the responses from all three social networks “were concerning, as far as protecting billions of platform users worldwide”.
Twitter said it had been alerted to such attacks before, saying: “We do not believe this poses more of a risk than the ability to tweet a URL of any kind since the content of any web page may also change without warning.”
Puzis said better methods for identifying social network misuse may come from advances in machine learning, but the threats were real and present. “On social media today, people make judgments in seconds,” he said. “So this is an issue that requires solving, especially before the upcoming US election.”