Researchers Can Pinpoint Identity by Analyzing Usernames

Tuesday, February 08, 2011



Daniele Perito and a team of researchers at the National Institute for Computing and Automation Research have devised a methodology that can determine which account usernames across different platforms may belong to the same person.

The researchers theorize that such a technique could be employed by cyber criminals to fine-tune phishing and spam attacks by developing more precise profiles of likely targets.

After cross-referencing nearly ten million usernames pulled from MySpace, Google and eBay accounts, the researchers produced a tool that uses statistical analysis to calculate the relative uniqueness of any given username.

The findings indicate that most people have a tendency to utilize a small set of similar usernames. The team can now distinguish a single user about half of the time by analyzing multiple usernames without using other key data such as location or date of birth.

"The tool can find linked usernames 50 per cent of the time with almost absolute accuracy. But users tend to choose and change their usernames in predictable ways, and they tend to have a small set of distinct usernames," explains Perito.

The tool is only foiled by individuals who tend to choose usernames that differ to a great degree.

"Usernames are like digital fingerprints – on a given service, they are the only pieces of information that have to be unique. It's interesting research. If these techniques were extended… then far more sophisticated profiles [than available at present] could be created," said Patrick Fitzgerald of Symantec.

Fitzgerald also notes that the bigger threat comes from all of the other information users tend to supply freely, and warns that people should use caution when revealing intimate details of their lives on the Internet.

You can test the uniqueness of your usernames with the tool HERE.


Possibly Related Articles:
Phishing SPAM Social Engineering Digital Identity Tools Headlines username
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.