Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Create Social Engineering IRC Bot

Posted by Soulskill on from the eliza-plus-chatroulette dept.

An anonymous reader writes "Researchers at the Vienna University of Technology developed an IRC bot that acts as a 'man in the middle' between two unsuspecting users, modifies URLs passed between them, and also is capable of steering the conversation. Not only does this work surprisingly well on IRC — they found a 76.1% click rate for potentially malicious URLs — but four out of 10 people on Facebook Chat also clicked on links after the bot introduced complete strangers to each other. This would have worked even better if the bot were to clone existing friends' profiles and submit friend requests from those, say researchers."

19 of 66 comments (clear)

  1. In other words. by dreamchaser · · Score: 4, Insightful

    In other words, over 7 out of 10 IRC users and 4 out of 10 Facebook users are utter idiots.

    1. Re:In other words. by Culture20 · · Score: 2, Informative

      7 out of 10 IRC users [...] are utter idiots.

      Somehow I don't think that's true. I think it's more likely that 7/10 IRC "users" are other bots.

    2. Re:In other words. by hitmark · · Score: 3, Insightful

      even if one is not, a small unsuspecting moment is enough to get caught.

      --
      comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
    3. Re:In other words. by Anonymous Coward · · Score: 3, Insightful

      I'm not so certain about that. IRC users tend to be more technically competent than people that just use Facebook or e-mail. How many of these people had Firefox with NoScript, for example? Malicious links would've been virtually worthless in such a case.

      Merely clicking doesn't prove much without giving out more information, imo.

    4. Re:In other words. by imakemusic · · Score: 2, Interesting

      Not really. Unless I'm missing something you would effectively be having a conversation with a real person. The only difference is that it is being relayed through a bot which may or may not alter the text - and even if it does alter the text the general gist would still be the same. If you were having a conversation with a person would you click the links they send you? Or would you say "I can't click that link because I can't verify your identity and trustworthiness"? It's definitely devious but I don't think the results are that surprising.

      Also they are surprised that people clicked tinyurl links more than myspace links but... that just shows that people would rather look at anything than a myspace page.

      --
      Brain surgery - it's not rocket science!
    5. Re:In other words. by 0100010001010011 · · Score: 2, Funny

      I see you like utter idiots, concur. Watch this video your viewing pleasure.. Very wonderful.

    6. Re:In other words. by maxwell+demon · · Score: 2, Interesting

      Indeed, if you are having a conversation with someone you know, and at one point in conversation he says: "BTW a good covering of the subject can be found at http://tinyurl.com/foo" and the bot changes the text to "BTW a good covering of the subject can be found at http://tinyurl.com/bar" you have little chance to notice before you click on it that a bot-in-the-middle changed the link.

      Of course, I have preview enabled in tinyurl, so I'd see the real URL before I go there, and even if I couldn't recognize the real URL as obviously wrong, NoScript would likely protect me from any malware on that site (and the fact that I'm using Linux would protect me further, since the malware is most likely Windows specific anyway).

      --
      The Tao of math: The numbers you can count are not the real numbers.
    7. Re:In other words. by Zibri · · Score: 2, Funny

      noscript blocks all of the above (except for adobe, which is a company).

  2. hey bob whats new by Anonymous Coward · · Score: 2, Funny

    i think i'll let everyone know how we been doing some hacks with bots

    bots to scan for vulnerabilities
    bots to launch the exploit
    BOTS for file sharing
    bots to call home
    bots to eat my toast...HEY THAT'S MY TOAST

  3. Council is leading the witness... by garyisabusyguy · · Score: 4, Interesting

    Aside from all of the fun with malicious code and all, the potential to lead people down a mental path through 'conversation' seems to have the potential to expose a LOT of people to make self-incriminating statements

    It's like a photo-radar gun for thought crime, an investigator doesn't even have to be there to do it. Just set your bots out there to lead people into talking about laundering money, seducing teens, killing their neighbor and WHAMO an adventurous district attorney is pressing charges.

    Nah, what was I thinking, we live in way to free of a society for that to ever happen. What a relief

    --
    Wherever You Go, There You Are
  4. Re:The PSA campaign by $RANDOMLUSER · · Score: 2, Informative

    But the new Microsoft ad campaign says Internet Explorer blocks all those bad places. Who am I supposed to believe?

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  5. And what's new? by Dumnezeu · · Score: 5, Interesting

    I did something similar for a friend, helping him pick up women on IRC. The bot learned his usual questions and if they answered about 10 questions, it meant they were interested in him and the bot would forward the conversation to him and he continued it. Another time, I wrote an IRC bot for myself; it would act as a man-in-the-middle to pick up women by getting female nicknames and then forwarding the messages it got to other female-like nicknames it detected. If the conversation went long enough, it forwarded everything to me and I would pick up the chat from there.

    --
    Yes, it's sarcasm. Deal with it!
    1. Re:And what's new? by Anonymous Coward · · Score: 4, Funny

      That's not creepy AT ALL

  6. Interesting concept by Arancaytar · · Score: 2, Interesting

    I've seen this idea used for pranks before. People hanging out on IRC watching a bot that was hooking up unsuspecting AIM users to each other. Later on, this became a website called Omegle.

  7. Re:No by maxwell+demon · · Score: 3, Funny

    Can we get back to a world where a person said something after they gathered information on it?

    Well, he didn't write that. A bot changed it during submission. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  8. Re:The PSA campaign by maxwell+demon · · Score: 3, Funny

    Indeed, I only trust the zeroes, not the ones.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  9. I did something more interesting... by goruka · · Score: 5, Funny

    For the lulz, about 10 years ago, I created an IRC bot that connected to #sex and #cybersex in dalnet, and pretended to be a young girl awaiting for cyber..
    Then it would interconnect pairs of two who would talk to her and forward the message, but this didn't work for long because they'd soon figure out the opposite partner was of the same sex. So i added a functionality that would flip words, example penis vagina, boobs balls, and would intercept some messages (like if a peer requested a picture, or ASL request) and send a fake ASL or URL of a hot chick. After a few attempts, most of the pairs ended up having cyber anyway!
    Even though bizarre phrases happened (like "I want to insert my 8 inch vagina into your deep wet penis") most people amazingly didn't even find it strange, and even though it was probably left running all night and created more probably a hundred "encounters", no one even suspected a tiny little about what was going on, no one!

    1. Re:I did something more interesting... by noidentity · · Score: 3, Funny

      Even though bizarre phrases happened (like "I want to insert my 8 inch vagina into your deep wet penis") most people amazingly didn't even find it strange, and even though it was probably left running all night and created more probably a hundred "encounters", no one even suspected a tiny little about what was going on, no one!

      So you're the one who made me gay!!!!!!!

  10. Re:reminds me... by robinvanleeuwen · · Score: 2, Informative

    Offtopic: You mean this: http://www.youtube.com/watch?v=XDuOGx2_J8U

    --
    If you don't like my sig then don't read it.