A Model for Automating Persistent Identity Clone in Online Social Network

Online Social Network (OSN), such as Facebook, Linkedln, Twitter, is today´s one of the most popular platform on the internet where millions of users sign on daily to share personal information with friends and colleagues. On many of these services, users are able to share photos, videos, stories, send and receive messages, locations and play games. However, many OSNs have weak user to user authentication mechanism, mostly based on information such as displayed name, photo, and a set of common social links. This result in easy to exploit identity cloning attack to establish fake social link. In this paper, we develop a model to exploit OSN weak trust model and maintain authenticity of the fake online identity established by identity cloning attack to harvest more private information, and discuss how the attack can be thwarted and avoided by the users and developers of OSN. We develop an attack methodology to take advantage of a cloned fake profiles and carry authentic conversation between the exploited users. We also experiment with injecting various fake messages to harvest more information. Our experimental results show that the attack is feasible.