Posted February 6th, 2013
Last month, I had the chance to interview Professor Keith Ross about his paper describing a novel profiling attack against Facebook users. The attack’s goal is to determine the student makeup of a US high-school. I described the actual details of the paper’s hacking algorithm here. When I first read about Ross and his colleague’s work, it seemed to me that is was impossible for a Facebook stranger to learn that level of detail about teenagers who were not even FB-style friends.
But Professor Ross, NYU-Poly Professor of Computer Science, showed that it was not only possible but his experimental results prove this algorithm makes for a feasible and highly-productive attack. The attack’s success depends heavily on a pool of 10- to 12-year olds who initially lie about their age to gain entry into Facebook, leading a few years down the road to public Facebook profiles with lots of information, even though the students are still, say sophomores and juniors. It’s these “adult” high-schoolers that Ross exploits–by leveraging their friends lists–to discover the rest of the graduating class they belong.