El concepto de Responsabilidad Social Corporativa

To understand these activities and the measures used to counter them, a definition of the key terms used in relation to social networks needs to be provided and the most common practices need to be explained. An explanation of how fake accounts are created and how accounts are compromised will be provided. Figure 2.1 [15] illustrates how fake accounts play a key role in spam content distribution and describes the main spamming elements.

Spreading Nodes: Every account in an OSN is considered as a node, and every node has a relationship with others [29]. The more nodes spammers have, the more spam content they can spread [30]. Therefore, spammers are one of the major causes of the increase in fake/compromised accounts in OSNs. Due to detection systems that OSNs have developed to prevent spam content spreading, many associated accounts are suspended every day [31]. The illicit industry of creating and selling accounts is still active to recover suspended accounts and help spammers to have enough active accounts for their spam campaigns [32]. As shown in Figure 2.1, compromised accounts also play a role in spreading spam content although they have originated in a different way. Compromised or infected accounts are legitimate; they are created by normal users, but somehow spammers have the ability to control them. In the spamming industry, infected accounts are more valuable than fake ones [32], as it is more difficult for OSNs’ detection systems to detect and suspend compromised accounts compared to fake ones. Therefore, spammers tend to focus their effort on infecting legitimate accounts with the aim of increasing the number of compromised accounts under their control.

Spammers often also use fake accounts, which are cheap to buy in online black markets, to conduct their spam campaigns. Several studies show that about 10 per cent of all OSN accounts are fake accounts [33]. Cybercriminals control these fake accounts using computer programs to perform automated operations using bots, which act as legitimate users. Bots employed in this way have become known as social bots. They are essentially programs which simulate the activity of a typical user on a social network [4], [7], [34]. For example, they are able to post, message, vote and share [35].

Malicious Activities: Spammers have various techniques and tricks to increase their audience in OSNs; one of the most commonly used techniques is known as hashtag hijacking [35]. Spammers exploit trending topics by posting/tweeting using these trending keywords or hashtags, giving them a wider audience who follow those trending topics [36]. Furthermore, many malicious activities could be conducted by spammers to lure users to click on their malicious URLs.

Spamming Goals: Deliver spam content to the targeted users is the primary task, which is done by redirecting the user to a suspicious source outside the OSN site. The URL usually used had been shortened once or several times. This link can refer to a phishing page, scam or drive-by download attacks.Recently, a study has shown that the high number of URLs that are spread by a Twitter account can often be under the control of a spambot [35],[37]. The high percentage of spam tweets that contain external links or URLs gives an indication that spreading URLs is a major task for spammers. Moreover, some OSN activities that can come under the classification of spam are fake likes, fake followers, and spam retweets. Some spammers also use spamming services to get more attention or to increse their followers number (fake fame) on OSNs or spread misinformation [38].

Spamming Results: The primary objective of spam campaigns is not only to let users see spam, but also to get them to click on the attached links. Encouraging users to click on those URLs requires several tricks by spammers to deceive them by luring them with pornography, celebrity scandals, free software, discounts codes or bargains deals [6]. These links may point to web pages that lead to drive-by download malware attacks to steal users’ information using fraud or phishing sites [37][2][39].

There are several method that spammers can use to create new URLs with no historical profile, such as:

 URL-shortening services: these are web services that after submitting a URL to the services, provide a new short URL that points to the same original URL [20]. These short URLs are mainly used in social networks with a limited content length such as Twitter. Currently, many shortening services, for example, bit.ly and tinyurl.com, are commonly used in OSNs [40].

 Cheap domain and hosting services [41]: creating new websites requires two main elements, which are a domain name and online space to host websites files. Domain names are cheap nowadays, and spammers can buy a domain name for less than £10 [42], [43].

The above services are responsible for a high percentage of the spam content distributed over social networks. Although Twitter uses blacklists, which are suitable for real-time detection, unwanted content still finds its way into the network [44].

2.3.1 Sybil attacks and fake accounts

Spam industry based on the number of accounts controlled by spammers, these account as stated could be either compromised or fake accounts [45]. The method that

attackers use to create fake accounts in OSNs using fake identities is called a Sybil attack. This type of attack is very common in OSNs, in which a single user can have thousands of fake accounts so they gains higher visibility by spreading more content in the network [46]. According to a previous study that focused on the Sybil accounts in Twitter, it was found that out of the total accounts monitored, around 2 million or 9 per cent get suspended as they are considered to be Sybil accounts [47]. This is close to the 10 per cent that Twitter officially announced as the spam percentage in the content [48].

2.3.2 Fake accounts and the black market

As discussed in the previous section, in general, the spamming industry relies entirely on the nodes (accounts) used to spread spammers’ content. As OSNs suspend accounts that are involved in spamming activities, the spamming industry needs to generate enough accounts for their spam campaign. Creating accounts and offering them for sale in the black market has reinforced the spam industry. Thomas [15] conducted a study on the impact of the black market and how it facilitated the process of spreading spam content using fake accounts.

The researcher studied the value of fake Twitter accounts and found that its market worth was between US$0.01 and US$0.20 [15] for one account. He also reported that it has become increasingly easy to purchase fake accounts in bulk (generally thousands) online. The continuity and availability of fake accounts have contributed to spamming activities in social networks. Figure 2.2 is a screenshot of Google search results using the term ‘buy Twitter accounts’ in April 2015, showing many web sites that promise to sell verified twitter fake accounts as a service.

2.3.3 What are spambots?

What makes the problem of the high percentage of Sybil/fake accounts in OSNs more complicated is the smart programs (bots) that control those fake accounts. In general, bots are computer programs that can automate actions and responses based on certain rules prespecified by the person who controls the bots, who is referred to as a ‘botmaster’. Bots are assigned to control the thousands (sometimes millions) of fake accounts that belong to the spammer who is the botmaster of those spambots. Bots are also used for different attacks such as botnet attacks by controlling infecting machines and deploying attacks such as distributed denial of service (DDoS) and or use them as email servers for spamming.

A spambot in Twitter is a computer program that is used to perform in a similar way to a normal OSN user to perform normal activities such as tweet, retweet, favourite, and follow/unfollow accounts. Automating these actions has helped many spammers to control their large number of fake accounts. Moreover, the near to normal behaviour that the current smart bots use to mimic normal users is making it difficult for them to get caught by the Twitter suspension system. Later in this chapter, some evading tricks

that spambots use to make it less likely that they will be detected by current detection methods will be discussed.