All Your Access Tokens Are Belong to Us: Uncovering Large Facebook Collusion Networks Using Honeypots

Reputation fraud is prevalent in online social networks. Numerous services provide fake content, likes, and followers to artificially boost the popularity and trustworthiness of brands and celebrities. Such activities undermine the trusted nature of online social networks. In this paper, we uncover a thriving ecosystem of reputation manipulation services on Facebook that leverage the principle of collusion. These collusion networks retrieve access tokens from colluding members by exploiting vulnerable third-party Facebook applications. Using a large pool of these access tokens, collusion networks provide likes and comments to their members on behalf of the vulnerable applications. We identify more than a million colluding Facebook accounts by “milking” a sample of collusion networks using honeypots. Our investigation reveals that popular collusion networks are actively used by hundreds of thousands of Facebook accounts for reputation manipulation on a daily basis. Collusion network operators monetize their services by displaying advertisements on their websites and offering a variety of premium reputation manipulation plans. We discuss several countermeasures to disrupt the devious activities of collusion networks.