Microsoft researchers developed a social graph for online service security to differentiate spammer email accounts from legitimate users' accounts. Do you believe in the theory that only good people have lots of social media friends, while “bad people” don’t have friends and don’t leave many traces of themselves online? According to recent Microsoft Research, a spammer email account can be identified by the lack of connectivity to other people.Microsoft researchers Yinglian Xie and Fang Yu are tackling the problem of how to differentiate spammer email accounts from legitimate users’ accounts. According to the researchers, attacker accounts don’t have friends. Malicious-user accounts do not use instant messaging; nor do they send and receive mail. In fact, after analyzing normal social connections between users, the researchers discovered that finding spammers is easy since attackers do not follow normal patterns of communication.The project was described as:Large-scale online services such as email and instant messaging are popular targets for attackers, who sign up for new accounts and compromise legitimate user accounts in order to propagate spam emails, phishing links, or malware. To counter such attacks, this project focuses on exploring social connections among users that are difficult for attackers to mimic. The research explores a wide range of graph properties to differentiate legitimate human users from tens of millions of maliciously created accounts and hijacked accounts.In an interview with told Microsoft Research, Xie said, “If we define connectivity as mutual email exchange, a normal user will talk to other people-send email and receive email. But attackers will mostly send malicious content. They do not receive messages back from legitimate users. Essentially, all the legitimate users are going to be connected in some way into communities. Attackers are more isolated users on the connectivity graph.” Xie and Yu examined anonymized data and then developed a social graph for online service security as seen in the sampled user email-connectivity graph below. The dots represent assigned or inferred IP addresses which were mined from Microsoft’s Hotmail servers. “The well-connected dots represent communities of normal users, while the outlying, minimally connected dots could indicate malicious users.”Xie also said with the use of cloud computing advances, they will have “more power to mine large-scale data.” In order to get the upper hand on spammers, the researchers do not only want to study malicious user accounts. Yu said their research is “focused on analyzing normal users. Those properties are more stable and more robust. You can see their communities. The normal users don’t evolve rapidly, don’t change rapidly, but attackers’ could. Focusing on normal users help us to better distinguish normal users, rather than chasing the others.”While I’d love to see all spam and phishing be burned with fire, and I’m all for spammer accounts crashing and burning, what about people who attempt to protect their privacy by not adding friends and therefore not using IM? It’s doubtful that would put a private person on the outside of the graph next to malicious users, simply because that person wouldn’t be sending out hundreds or thousands of emails like a spammer would. I also don’t think you would land on the outside of the graph even if you have dozens of email accounts that don’t interact with folks. I’m not so sure about email accounts that belong to beloved family members who are sweet but clueless, and pollute inboxes by forwarding hundreds of emails. It remains to be seen if more study along these lines will help Microsoft researchers identify and stop spam and phishing attacks.Like this? Here’s more posts: What happens if you catch a hacker and must deal with the FBI? Microsoft patent may ruin Skype, may make VoIP spy and pry easy for gov’t FBI Dumpster Diving Brigade Coming Soon to Snoop in a Trashcan Near You ‘Secret Law’ of Patriot Act: Geolocation Tracking & Domestic Spying on Steroids? Having private parts is not probable cause for TSA to grope or body scan you FaceNiff Android App Allows the Clueless to Hack Facebook in Seconds Over Wi-Fi Project PM Leaks Dirt on Romas/COIN Classified Intelligence Mass Surveillance Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens Microsoft’s automated Future Home, what can go wrong?EFF: Microsoft abusing DMCA to eradicate competing Xbox 360 accessories Follow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe