Online Social Networks (OSNs) such as Facebook have become ubiquitous in the past few years, counting hundreds of millions of people as members. OSNs allow users to form friendship relationships, join groups, communicate and share information with friends. The tremendous popularity of OSNs has naturally made them an appealing target for privacy compromising attacks. In this abstract we propose a novel attack against tightly knit OSN communities. Such (artificial) communities consist of users that know well each other and that are reluctant to accept other users as friends. Becoming a member of such a community may be only a first milestone for the attacker. Harvesting private information of members of such communities and following up with offline attacks may be the longer term benefit. In a naïve approach, the attacker sends random friend invitations to users in the target community "hoping" that some of them will accept the request. However, by definition bsuch communities are difficult to infiltrate using a direct invitation based approach. The attack we propose relies on a novel technique, which makes use of 3-cliques [1, 2] to find the most vulnerable member of a targeted community. The attacker then sends invitations to all the friends of this member. After befriending its friends, the attacker's chances of befriending the weakest community member increase. Then, the attacker not only gains initial access to the community, but also increases its chances of befriending other, less accessible members. Our experiments, performed on a real-world social network, show that our attack can be 75% more efficient than the naïve attack. Using real social network data, we also propose and evaluate a solution that mitigates the problem.
